FlowSpec
Denys Fedoryshchenko
nuclearcat at nuclearcat.com
Thu Apr 23 15:57:54 UTC 2020
On 2020-04-23 18:13, Colton Conor wrote:
> Do any of the large transit providers support FlowSpec to transit
> customers / other carriers, or is that not a thing since they want to
> sell DDoS protection services? FlowSpec sounds much better than RTBH
> (remotely triggered blackhole), but I am not sure if FlowSpec is
> widely implemented. I see the large router manufacturers support it.
RETN
They have extended blackholing, and FlowSpec, sure its all have costs.
I'm using both services from them and quite satisfied.
In general operators don't like flowspec, because it is not easy to
implement it right,
there is bugs and most important its "eating" TCAM.
For example:
https://blog.cloudflare.com/todays-outage-post-mortem-82515/
More information about the NANOG
mailing list