upstream support for flowspec

joel jaeggli joelja at
Thu Sep 18 20:35:17 UTC 2014

On 9/18/14 1:19 PM, Job Snijders wrote:
> On Thu, Sep 18, 2014 at 03:12:29PM -0400, Daniel Corbe wrote:
>>> a) you're paying less, as you're not receiving the traffic
>> This ventures into the realm of an operator doing something responsible
>> to protect me vs routing me unwanted traffic and going "lol, bill."
>> If you want to start playing that game, I'm happy to pay more per mbit
>> of traffic if you're happy to guarantee me that you won't route me
>> traffic that I'm expressly uninterested in.
> Would you be willing to pay for the traffic _not_ delivered to you
> because of customer-pushed ACLs? If so, that would take the argument
> away "because we filter we can't bill". Would you be willing to pay a
> premium to be able to do so? Is it worth a premium to insert ACLs in
> real time in the upstream's network or is a 2 hour delay acceptable?
> what about 5 minute delay? 

It's not really a question we have to ask. Managed firewall services
have way higher margins then pure IP transit. By extension dropping
packets can be substantially more profitable especially on a per packet
or byte basis then delivering them. Not everyone wants that service however.

> Aside from practical issues with flowspec as Ytti mentioned already, I
> don't think the market has yet figured out how stuff like this should
> work and become cost-effective.

Ah cost effective is a consideration, yeah that is a bit of a bummer.

> Kind regards,
> Job

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list