FlowSpec

• Previous message (by thread): FlowSpec
• Next message (by thread): [EXTERNAL] Re: FlowSpec
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020-04-23 19:12, Roland Dobbins wrote:
> On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:
> 
>> In general operators don't like flowspec
> 
> Its increasing popularity tens to belie this assertion.
> 
> Yes, you're right that avoiding overflowing the TCAM is very
> important.  But as Rich notes, a growing number of operators are in
> fact using flowspec within their own networks, when it's appropriate.
One of operators told me why they dont provide flowspec anymore:
customers are installing rules by scripts, stacking them,
and not removing then when they dont need them anymore.
RETN solved that by limiting number of rules customer can install.

> 
> Smart network operators tend to do quite a bit of lab testing,
> prototyping, PoCs, et. al. against the very specific combinations of
> platforms/linecards/ASICs/OSes/trains/revisions before generally
> deploying new features and functionality; this helps ameliorate many
> concerns.
Definitely, and i know some hosting operators who provide Flowspec 
functionality
different way - over their own web interface/API. This way they can do 
unit tests,
and do additional verifications.

But if there is direct BGP, things like 
https://dyn.com/blog/longer-is-not-better/
might happen, if customer is using some exotic, "nightly-build" BGP 
implementation.

• Previous message (by thread): FlowSpec
• Next message (by thread): [EXTERNAL] Re: FlowSpec
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]