[133296] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Thomas Mangin)
Wed Dec 8 10:36:46 2010
From: Thomas Mangin <thomas.mangin@exa-networks.co.uk>
In-Reply-To: <5220B68C-9C8C-460E-B64E-2646BDE2A398@arbor.net>
Date: Wed, 8 Dec 2010 15:36:42 +0000
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 8 Dec 2010, at 15:12, Dobbins, Roland wrote:
>=20
> On Dec 8, 2010, at 10:10 PM, Thomas Mangin wrote:
>=20
>> Until this is sorted I believe flowspec will be a marginal solution.
>=20
> We're seeing a significant uptick in flowspec interest, actually, and =
S/RTBH has been around for ages.
Great to hear :)
But my point is still valid, Flowspec is great if you are are a backbone =
and are performing the filtering, or if you want to filter outgoing =
traffic. If you are a smaller network, you need the filtering to be =
performed by your transit provider, as your uplink will otherwise be =
congested. So I will stand by my comment that flowspec would see a =
bigger uptake if T1 could accept the flowspec routes, which they will =
only do once they can filter them (to insure correctness and resource =
protection).
Thomas
PS : Someone need to add IPv6 support to the RFC :p
