Routing

  • 1.  Question on BGP Flowspec

     
    Posted 02-21-2021 14:31

    Hi all.

    Section 5.1 of the BGP Flowspec RFC 5575, describes the criteria to select which of several dynamically installed Flowspec firewall filters will act on traffic that matches all of them.

    At one point the RFC says:

    "For IP prefix values (IP destination and source prefix) precedence is given to the lowest IP value of the common prefix length".

    Can someone kindly provide an example that would demonstrate the above sentence i.e. an example of say the source address of data traffic matching the source address criteria of two firewall filters, but with the source address criteria of both those filters containing different values in the common prefix length?

    Thanks,
    Deepak