25.01.2022 · 1 minutes read

Here is a quick way to test Your Juniper BGP FlowSpec support with just few commands.

FlowSpec Router Support:

  • Cisco IOS-XR (ASR9K, NCS5K), IOS-XE
  • Juniper MX/PTX
  • Alcatel/Nokia 7x50
  • Huawei NE
  • 6Wind
  • Arista

Juniper MX BGP FlowSpec Configuration Example

edit
set routing-options flow route TestFlowSpec match protocol icmp
set routing-options flow route TestFlowSpec match destination 22.22.22.22/32
set routing-options flow route TestFlowSpec then discard
set routing-options flow term-order standard
commit check
commit

Or do a "commit confirmed 10" and it will revert this change in 10 minutes, should be enough to just issue ping command and see if counters are incrementing and traffic is blocked.
Remember to change 22.22.22.22 prefix to match Your IP that You can test.

show route table inetflow.0
show route table inetflow.0
show route table inetflow.0 extensive
show route table inetflow.0 extensive
show route table inetflow.0 extensive
show route table inetflow.0 extensive