nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FlowSpec

From: Denys Fedoryshchenko <nuclearcat () nuclearcat com>
Date: Thu, 23 Apr 2020 19:31:24 +0300
On 2020-04-23 19:12, Roland Dobbins wrote:

On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:


In general operators don't like flowspec


Its increasing popularity tens to belie this assertion.

Yes, you're right that avoiding overflowing the TCAM is very
important.  But as Rich notes, a growing number of operators are in
fact using flowspec within their own networks, when it's appropriate.

One of operators told me why they dont provide flowspec anymore:
customers are installing rules by scripts, stacking them,
and not removing then when they dont need them anymore.
RETN solved that by limiting number of rules customer can install.



Smart network operators tend to do quite a bit of lab testing,
prototyping, PoCs, et. al. against the very specific combinations of
platforms/linecards/ASICs/OSes/trains/revisions before generally
deploying new features and functionality; this helps ameliorate many
concerns.
Definitely, and i know some hosting operators who provide Flowspec functionality different way - over their own web interface/API. This way they can do unit tests, 
and do additional verifications.
But if there is direct BGP, things like https://dyn.com/blog/longer-is-not-better/ might happen, if customer is using some exotic, "nightly-build" BGP implementation.
Previous By Date Next
Previous By Thread Next

Current thread: