[174548] in North American Network Operators' Group
Re: upstream support for flowspec
daemon@ATHENA.MIT.EDU (Youssef Bengelloun-Zahr)
Thu Sep 18 14:32:38 2014
X-Original-To: nanog@nanog.org
From: Youssef Bengelloun-Zahr <youssef@720.fr>
In-Reply-To: <ygfbnqcbyrz.fsf@corbe.net>
Date: Thu, 18 Sep 2014 20:32:29 +0200
To: Daniel Corbe <corbe@corbe.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Envoy=C3=A9 de mon iPhone
> Le 18 sept. 2014 =C3=A0 19:53, Daniel Corbe <corbe@corbe.net> a =C3=A9crit=
:
>=20
>=20
> I was perusing RFC5575 after reading a presentation that ALU did
> (presumably during some previous NANOG conference). Reference:
> https://www.nanog.org/sites/default/files/wed.general.trafficdiversion.ser=
odio.10.pdf
>=20
> This seems like it would be a godsend for small operators like myself who d=
on't have
> access to unlimited bandwidth and are put off by off-site scrubbing
> services. =20
>=20
> As far as I can tell though the only platforms that offer support are
> the 7750-SR and platforms made by Juniper.
>=20
> Is there anything in the air about widening the adoption base? Cisco?
> Brocade?
Hi,
I've submitted a request through my Brocade SE to support this, but it seems=
they are not interested about it.
They claim their strategy is to achieve the same using SDN capabilities via O=
PENFLOW support.
In the mean time, we are sitting ducks with our traditional technics.
I read in an old NANOG thread (IIRC) that cisco was about to support this re=
ally soon on IOS-XR, but I am not 100% sur.
Best regards.
>=20
> And once that happens, what are the chances of services providers
> adopting this for their customers to make use of on as wide of a scale
> as (for example) blackhole community strings.
>=20
> I'd certainly *love* to have a way to mitigate an attack that doesn't
> involve me sacrificing one service on my network to save the rest.
>=20
> Best,
> Daniel
