Extreme Networks

MK24 · 2 weeks ago

Hello,

Could you provide information on how to exclude Flowspec on an interface in SLX-OS 20.6.1 (SLX9740-40C) for returning traffic from the scrubber to prevent looping?

We don't see such an option in the interface options, and our route-map configurations do not seem to have any effect on this.

MK24 · a week ago

Sorry for pinging the topic, but this functionality/option is critical for us in relation to flowspec.
I would be very grateful for any help and guidance.

robert154 · 2 weeks ago

@MK24 wrote:
Hello,
Could you provide information on how to exclude Flowspec on an interface in SLX-OS 20.6.1 (SLX9740-40C) for returning traffic from the scrubber to prevent looping?
We don't see such an option in the interface options, and our route-map configurations do not seem to have any effect on this.

To prevent Flowspec looping on an interface connected to a scrubbing appliance in SLX-OS 20.6.1, use the command interface <interface-name> ipv4 flowspec disable. This disables Flowspec processing on the specified interface, preventing rules from being applied to returning traffic and avoiding routing loops.

Tell The Bell

MK24 · 2 weeks ago

Thank you for your help and response.
I would really like such a command to exist, but I don’t see it available anywhere on our side. The manual also does not mention it.
At which level should I execute it?

I get a syntax error with the command:
(config)# interface Ethernet 0/29 ipv4 flowspec disable
stating "unknown argument". for ipv4/ip

When I try:
(conf-if-eth-0/29)# ipv4 flowspec disable
I get "% Invalid input detected at '^' marker".

However, when entering:
(conf-if-eth-0/29)# ip flowspec disable
I get a syntax error with "unknown argument" for disable

This suggests that "ip flowspec," even though not visible, is being processed but with an incorrect argument.

Extreme Networks

BGP flowspec exclude interface

BGP flowspec exclude interface