TWC (AS11351) blocking all NTP?

Dobbins, Roland rdobbins at
Mon Feb 3 19:19:55 UTC 2014

On Feb 4, 2014, at 12:42 AM, Peter Phaal <peter.phaal at> wrote:

> Real-time analytics based on measurements from switches/routers (sFlow/PSAMP/IPFIX) can identify large UDP flows and integrated hybrid
> OpenFlow, I2RS, REST, NETCONF APIs, etc. can be used to program the switches/routers to selectively filter traffic based on UDP port and
> IP source / destination. By deploying a DDoS mitigation SDN application,  providers can use their existing infrastructure to
> protect their own and their customers networks from flood attacks, and generate additional revenue by delivering flood protection as a value
> added service.

This is certainly a general capability set towards which many operators are evolving (and it's always amusing how you leave out NetFlow, which many operators use, but include sFlow, which very few operators use, heh), but it's going to be quite some time before this sort of thing is practical and widely-deployale.

Believe me, I've been working towards this vision for many years.  It isn't going to happen overnight.

> Specifically looking at sFlow, large flood attacks can be detected within a second.

And with NetFlow, and with IPFIX - the first of which is widely deployed today, and the second of which will be widely deployed in future.

Roland Dobbins <rdobbins at> // <>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list