nanog mailing list archives
Re: FlowSpec
From: Denys Fedoryshchenko <nuclearcat () nuclearcat com>
Date: Thu, 23 Apr 2020 18:57:54 +0300
On 2020-04-23 18:13, Colton Conor wrote:
Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure if FlowSpec is widely implemented. I see the large router manufacturers support it.
RETN They have extended blackholing, and FlowSpec, sure its all have costs. I'm using both services from them and quite satisfied.In general operators don't like flowspec, because it is not easy to implement it right,
there is bugs and most important its "eating" TCAM.For example: https://blog.cloudflare.com/todays-outage-post-mortem-82515/
Current thread:
- FlowSpec Colton Conor (Apr 23)
- Re: FlowSpec Compton, Rich A (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- RE: [EXTERNAL] Re: FlowSpec Nikos Leontsinis (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)