nanog mailing list archives
Re: FlowSpec
From: Denys Fedoryshchenko <nuclearcat () nuclearcat com>
Date: Thu, 23 Apr 2020 19:31:24 +0300
On 2020-04-23 19:12, Roland Dobbins wrote:
On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:In general operators don't like flowspecIts increasing popularity tens to belie this assertion. Yes, you're right that avoiding overflowing the TCAM is very important. But as Rich notes, a growing number of operators are in fact using flowspec within their own networks, when it's appropriate.
One of operators told me why they dont provide flowspec anymore: customers are installing rules by scripts, stacking them, and not removing then when they dont need them anymore. RETN solved that by limiting number of rules customer can install.
Definitely, and i know some hosting operators who provide Flowspec functionality different way - over their own web interface/API. This way they can do unit tests,Smart network operators tend to do quite a bit of lab testing, prototyping, PoCs, et. al. against the very specific combinations of platforms/linecards/ASICs/OSes/trains/revisions before generally deploying new features and functionality; this helps ameliorate many concerns.
and do additional verifications.But if there is direct BGP, things like https://dyn.com/blog/longer-is-not-better/ might happen, if customer is using some exotic, "nightly-build" BGP implementation.
Current thread:
- FlowSpec Colton Conor (Apr 23)
- Re: FlowSpec Compton, Rich A (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)
- Re: FlowSpec Denys Fedoryshchenko (Apr 23)
- RE: [EXTERNAL] Re: FlowSpec Nikos Leontsinis (Apr 23)
- Re: FlowSpec Roland Dobbins (Apr 23)