Hi Colton,
It is fairly common to use flowspec internally at an ISP for mitigation of DDoS attacks. eBGP flowspec is not very common though. I know of only a couple of ISPs that allow flowspec rules to be advertised
by their customers. The biggest issue with this is that other providers are very hesitant to allow an external party to reach into their routers and modify the configuration (add a flowspec rule). I (with others at my company) had attempted to work on this
to provide a validation mechanism that would be performed on the advertised rules before adding them to the router. We didn’t see much interest at that time on this.
https://www.youtube.com/watch?v=rKEz8mXcC7o
From conversations I have had with a couple of large ISPs recently it seems like there is an increased interest in this topic.
Here is a document on flowspec best practices that I worked on for M3AAWG that may be of interest:
https://www.m3aawg.org/sites/default/files/m3aawg-flowspec-bp-2019-02.pdf
-Rich
From: NANOG Email List <nanog-bounces@nanog.org> on behalf of Colton Conor <colton.conor@gmail.com>
Date: Thursday, April 23, 2020 at 9:15 AM
To: NANOG list <nanog@nanog.org>
Subject: FlowSpec
Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole),
but I am not sure if FlowSpec is widely implemented. I see the large router manufacturers support it.