nanog mailing list archives

RE: [EXTERNAL] Re: FlowSpec

From: Nikos Leontsinis <Nikos.Leontsinis () eu equinix com>
Date: Fri, 24 Apr 2020 06:59:14 +0000

If you can impose a limit on the amount of flowspec rules the customer can send you (I assume you are the Service 
provider) where is the problem
 with offering  flowspec services? Seems more of a vendor challenge.

The tcam issue is relatively addressed with proper dimensioning (throw money to the problem)
 and you have created a service revenue opportunity so it is a win win for both
 customer, provider and the entire community.
We cannot go very far with blackholing as a community.


-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Denys Fedoryshchenko
Sent: 23 April 2020 16:58
To: Colton Conor <colton.conor () gmail com>
Cc: NANOG <nanog () nanog org>
Subject: [EXTERNAL] Re: FlowSpec

On 2020-04-23 18:13, Colton Conor wrote:

Do any of the large transit providers support FlowSpec to transit
customers / other carriers, or is that not a thing since they want to
sell DDoS protection services? FlowSpec sounds much better than RTBH
(remotely triggered blackhole), but I am not sure if  FlowSpec is
widely implemented. I see the large router manufacturers support it.


RETN

They have extended blackholing, and FlowSpec, sure its all have costs.
I'm using both services from them and quite satisfied.

In general operators don't like flowspec, because it is not easy to implement it right, there is bugs and most 
important its "eating" TCAM.
For example:
https://urldefense.com/v3/__https://blog.cloudflare.com/todays-outage-post-mortem-82515/__;!!PcPv50trKLWG!jJCV6iVdjh9kx3oiFfxOwO6BdJfkVq6eY8iqqerUChY1t8qUVWITa00EAx1J1zloDMvF1WX9$
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has 
been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the 
use of the intended recipient and may be legally privileged. If you have received this email in error, please notify 
the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, 
The Netherlands. Registered in The Netherlands No. 57577889.

Current thread:

FlowSpec Colton Conor (Apr 23)
- Re: FlowSpec Compton, Rich A (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
  - Re: FlowSpec Roland Dobbins (Apr 23)
    - Re: FlowSpec Denys Fedoryshchenko (Apr 23)
  - RE: [EXTERNAL] Re: FlowSpec Nikos Leontsinis (Apr 23)