If you can impose a limit on the amount of flowspec rules the customer can send you (I assume you are the Service provider) where is the problem with offering flowspec services? Seems more of a vendor challenge. The tcam issue is relatively addressed with proper dimensioning (throw money to the problem) and you have created a service revenue opportunity so it is a win win for both customer, provider and the entire community. We cannot go very far with blackholing as a community. -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of Denys Fedoryshchenko Sent: 23 April 2020 16:58 To: Colton Conor <colton.conor@gmail.com> Cc: NANOG <nanog@nanog.org> Subject: [EXTERNAL] Re: FlowSpec On 2020-04-23 18:13, Colton Conor wrote:
Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure if FlowSpec is widely implemented. I see the large router manufacturers support it.
RETN They have extended blackholing, and FlowSpec, sure its all have costs. I'm using both services from them and quite satisfied. In general operators don't like flowspec, because it is not easy to implement it right, there is bugs and most important its "eating" TCAM. For example: https://urldefense.com/v3/__https://blog.cloudflare.com/todays-outage-post-m... This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.