nanog mailing list archives

Re: FlowSpec

From: "Compton, Rich A" <Rich.Compton () charter com>
Date: Thu, 23 Apr 2020 15:46:09 +0000

Hi Colton,
It is fairly common to use flowspec internally at an ISP for mitigation of DDoS attacks.  eBGP flowspec is not very 
common though.  I know of only a couple of ISPs that allow flowspec rules to be advertised by their customers.  The 
biggest issue with this is that other providers are very hesitant to allow an external party to reach into their 
routers and modify the configuration (add a flowspec rule).  I (with others at my company) had attempted to work on 
this to provide a validation mechanism that would be performed on the advertised rules before adding them to the 
router.  We didn’t see much interest at that time on this.  https://www.youtube.com/watch?v=rKEz8mXcC7o
From conversations I have had with a couple of large ISPs recently it seems like there is an increased interest in this 
topic.
Here is a document on flowspec best practices that I worked on for M3AAWG that may be of interest: 
https://www.m3aawg.org/sites/default/files/m3aawg-flowspec-bp-2019-02.pdf

-Rich

From: NANOG Email List <nanog-bounces () nanog org> on behalf of Colton Conor <colton.conor () gmail com>
Date: Thursday, April 23, 2020 at 9:15 AM
To: NANOG list <nanog () nanog org>
Subject: FlowSpec

Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing 
since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), 
but I am not sure if  FlowSpec is widely implemented. I see the large router manufacturers support it.





E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain 
confidential and/or legally privileged information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this 
message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly prohibited.

Current thread:

FlowSpec Colton Conor (Apr 23)
- Re: FlowSpec Compton, Rich A (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
  - Re: FlowSpec Roland Dobbins (Apr 23)
    - Re: FlowSpec Denys Fedoryshchenko (Apr 23)
  - RE: [EXTERNAL] Re: FlowSpec Nikos Leontsinis (Apr 23)