Flowspec (Custom)
Traffic Type Response Integration
Prior to creating a Flowspec plugin, you will need to configure at least 1 device with a unicast BGP neighbor.
Flowspec (Custom) differs from Flowspec in that it allows for a custom rule to be added. Rules are written in the flowspec token language, e.g. match destination DSTIP then discard
Prerequisites
Different vendors and products may have their unique documentation and prerequisites for this setup. Below are example links to configure devices with a unicast BGP neighbor:
Netography Portal Steps
In Settings > Response Integrations, click Add Integration. Select Flowspec (Custom)
Configuration
The following fields are specific to the Custom Flowspec integration.
| Field | Required | Description | Examples |
|---|---|---|---|
Neighbors | yes | IPv4/v6 unicast BGP neighbors configured in the Netography Portal. | |
Local Preference | yes | Used to choose the exit path for an autonomous system. Default 100 | 100 |
Rule | yes | Custom flowspec token language | match destination DSTIP then discard |
Factors | yes | srcip | |
Expiration | Number of seconds the blocklist will remain active | 3600 | |
Max | Limit on number of blocks | 1000 | |
Allow List | One or many Allow Lists configured in the Netography Portal, or a List of IP or IP/CIDR addresses | ||
Aggregate | Aggregate IP addresses by mask length |
Updated about 1 month ago