Flowspec (Custom)

🚧Prior to creating a Flowspec plugin, you will need to configure at least 1 device with a unicast BGP neighbor.

Flowspec (Custom) differs from Flowspec in that it allows for a custom rule to be added. Rules are written in the flowspec token language, e.g. match destination DSTIP then discard

Prerequisites

Different vendors and products may have their unique documentation and prerequisites for this setup. Below are example links to configure devices with a unicast BGP neighbor:

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Flowspec (Custom)

Configuration

The following fields are specific to the Custom Flowspec integration.

Field

Required

Description

Examples

Neighbors

yes

IPv4/v6 unicast BGP neighbors configured in the Netography Portal.

Local Preference

yes

Used to choose the exit path for an autonomous system. Default 100

100

Rule

yes

Custom flowspec token language

match destination DSTIP then discard

Factors

yes

srcip

Expiration

Number of seconds the blocklist will remain active

3600

Max

Limit on number of blocks

1000

Allow List

One or many Allow Lists configured in the Netography Portal, or a List of IP or IP/CIDR addresses

Aggregate

Aggregate IP addresses by mask length

PreviousFlowspec NextMicrosoft Teams

Last updated 8 hours ago

Good evening

Prerequisites

Netography Portal Steps

Configuration