Re: TWC (AS11351) blocking all NTP?

["Dobbins, Roland" <rdobbins () arbor net>]

On Feb 4, 2014, at 12:42 AM, Peter Phaal <peter.phaal () gmail com> wrote:

> Real-time analytics based on measurements from switches/routers (sFlow/PSAMP/IPFIX) can identify large UDP flows and 
> integrated hybrid
> OpenFlow, I2RS, REST, NETCONF APIs, etc. can be used to program the switches/routers to selectively filter traffic 
> based on UDP port and
> IP source / destination. By deploying a DDoS mitigation SDN application,  providers can use their existing 
> infrastructure to
> protect their own and their customers networks from flood attacks, and generate additional revenue by delivering 
> flood protection as a value
> added service.

This is certainly a general capability set towards which many operators are evolving (and it's always amusing how you 
leave out NetFlow, which many operators use, but include sFlow, which very few operators use, heh), but it's going to 
be quite some time before this sort of thing is practical and widely-deployale.

Believe me, I've been working towards this vision for many years.  It isn't going to happen overnight.

> Specifically looking at sFlow, large flood attacks can be detected within a second.

And with NetFlow, and with IPFIX - the first of which is widely deployed today, and the second of which will be widely 
deployed in future.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton