[168705] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Feb 3 14:20:29 2014
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 3 Feb 2014 19:19:55 +0000
In-Reply-To: <CAB8g2zxphPnRWyoGHCww8MrJhan0cizk3Ru6ajXQi2sB-fDM9w@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 4, 2014, at 12:42 AM, Peter Phaal <peter.phaal@gmail.com> wrote:
> Real-time analytics based on measurements from switches/routers (sFlow/PS=
AMP/IPFIX) can identify large UDP flows and integrated hybrid
> OpenFlow, I2RS, REST, NETCONF APIs, etc. can be used to program the switc=
hes/routers to selectively filter traffic based on UDP port and
> IP source / destination. By deploying a DDoS mitigation SDN application, =
providers can use their existing infrastructure to
> protect their own and their customers networks from flood attacks, and ge=
nerate additional revenue by delivering flood protection as a value
> added service.
This is certainly a general capability set towards which many operators are=
evolving (and it's always amusing how you leave out NetFlow, which many op=
erators use, but include sFlow, which very few operators use, heh), but it'=
s going to be quite some time before this sort of thing is practical and wi=
dely-deployale.
Believe me, I've been working towards this vision for many years. It isn't=
going to happen overnight.
> Specifically looking at sFlow, large flood attacks can be detected within=
a second.
And with NetFlow, and with IPFIX - the first of which is widely deployed to=
day, and the second of which will be widely deployed in future.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
