nanog mailing list archives
Re: FlowSpec
From: "Roland Dobbins" <roland.dobbins () netscout com>
Date: Thu, 23 Apr 2020 23:12:07 +0700
On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:
In general operators don't like flowspec
Its increasing popularity tens to belie this assertion.Yes, you're right that avoiding overflowing the TCAM is very important. But as Rich notes, a growing number of operators are in fact using flowspec within their own networks, when it's appropriate.
Smart network operators tend to do quite a bit of lab testing, prototyping, PoCs, et. al. against the very specific combinations of platforms/linecards/ASICs/OSes/trains/revisions before generally deploying new features and functionality; this helps ameliorate many concerns.
Also, don't forget about S/RTBH. It's generally confined to within an operator's own span of administrative control for some of the same reasons as flowspec (not generally TCAM, per se, but concerns about giving Customer A the ability to interfere with Customer B's traffic, and the difficulty of implementing such constraints). It can be an option worth exploring, in many circumstances.
-------------------------------------------- Roland Dobbins <roland.dobbins () netscout com>
Current thread:
- FlowSpec Colton Conor (Apr 23)
- Re: FlowSpec Compton, Rich A (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- RE: [EXTERNAL] Re: FlowSpec Nikos Leontsinis (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)