Now I realize that FlowSpec isn't a panacea, but it certainly meets some of the requirements that many customers have today, and it gives us a lot more flexibility over simply destination based filtering. Whether it's FlowSpec or something else, what's it going to take to get the vendors and the providers to start moving forward on technologies that are way overdue given the current trend of worms, botnets, and other Internet nastiness?
Well, pretty clearly it's going to have to be multivendor, and not IPR encumbered. Aside from that, of course, the usual advice is to talk to your SE and vote with your wallet.
From our point of view, BGP triggered destination-based filtering is still one of our most important tools. We have thought about FlowSpec but haven't felt the need sufficiently strongly. Due to M&A we are now moving to a mixed Cisco/Juniper network - and FlowSpec is no longer all that interesting since Cisco doesn't implement it.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no