[EXTERNAL] Re: FlowSpec
Nikos.Leontsinis at eu.equinix.com
Fri Apr 24 06:59:14 UTC 2020
If you can impose a limit on the amount of flowspec rules the customer can send you (I assume you are the Service provider) where is the problem
with offering flowspec services? Seems more of a vendor challenge.
The tcam issue is relatively addressed with proper dimensioning (throw money to the problem)
and you have created a service revenue opportunity so it is a win win for both
customer, provider and the entire community.
We cannot go very far with blackholing as a community.
From: NANOG <nanog-bounces at nanog.org> On Behalf Of Denys Fedoryshchenko
Sent: 23 April 2020 16:58
To: Colton Conor <colton.conor at gmail.com>
Cc: NANOG <nanog at nanog.org>
Subject: [EXTERNAL] Re: FlowSpec
On 2020-04-23 18:13, Colton Conor wrote:
> Do any of the large transit providers support FlowSpec to transit
> customers / other carriers, or is that not a thing since they want to
> sell DDoS protection services? FlowSpec sounds much better than RTBH
> (remotely triggered blackhole), but I am not sure if FlowSpec is
> widely implemented. I see the large router manufacturers support it.
They have extended blackholing, and FlowSpec, sure its all have costs.
I'm using both services from them and quite satisfied.
In general operators don't like flowspec, because it is not easy to implement it right, there is bugs and most important its "eating" TCAM.
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
More information about the NANOG