BGP FlowSpec support on provider networks
Hi folks, I am trying to compile data on which providers are currently supporting BGP Flowspec at their edge, if there are any at all. The few providers I've reached out to have indicated they do not support this and have no intention of supporting this any time in the near future. I'm also curious why something so useful as to have the ability to advertise flow specification information in NLRI and distribute filtering information is taking so long to gain a foothold in the industry... Sorry for the repost but wanted to make sure this got it's own thread. Thanks, Stefan Fouant: NeuStar, Inc. Principal Network Engineer 46000 Center Oak Plaza Sterling, VA 20166 [ T ] +1 571 434 5656 [ M ] +1 202 210 2075 [ E ] stefan.fouant@neustar.biz [ W ] www.neustar.biz
On Apr 10, 2009, at 4:27 PM, "Fouant, Stefan" <Stefan.Fouant@neustar.biz> wrote:
Hi folks,
I am trying to compile data on which providers are currently supporting BGP Flowspec at their edge, if there are any at all. The few providers I've reached out to have indicated they do not support this and have no intention of supporting this any time in the near future. I'm also curious why something so useful as to have the ability to advertise flow specification information in NLRI and distribute filtering information is taking so long to gain a foothold in the industry...
Can you name 3 major vendors who support it? I suspect more providers would offer it if there was vendor support. Last I checked, at least one vendor was fighting mad over the thought of supporting it.
On Fri, Apr 10, 2009 at 6:38 PM, John Payne <john@sackheads.org> wrote:
On Apr 10, 2009, at 4:27 PM, "Fouant, Stefan" <Stefan.Fouant@neustar.biz> wrote:
Hi folks,
I am trying to compile data on which providers are currently supporting BGP Flowspec at their edge, if there are any at all. The few providers I've reached out to have indicated they do not support this and have no intention of supporting this any time in the near future. I'm also curious why something so useful as to have the ability to advertise flow specification information in NLRI and distribute filtering information is taking so long to gain a foothold in the industry...
Can you name 3 major vendors who support it? I suspect more providers would
juniper... and when they dropped the IPR stuff other vendors basically walked away :(
offer it if there was vendor support. Last I checked, at least one vendor was fighting mad over the thought of supporting it.
yes :( weee! poilitics!
On Apr 11, 2009, at 12:54 AM, Christopher Morrow wrote:
On Fri, Apr 10, 2009 at 6:38 PM, John Payne <john@sackheads.org> wrote:
On Apr 10, 2009, at 4:27 PM, "Fouant, Stefan" <Stefan.Fouant@neustar.biz
wrote:
Hi folks,
I am trying to compile data on which providers are currently supporting BGP Flowspec at their edge, if there are any at all. The few providers I've reached out to have indicated they do not support this and have no intention of supporting this any time in the near future. I'm also curious why something so useful as to have the ability to advertise flow specification information in NLRI and distribute filtering information is taking so long to gain a foothold in the industry...
Can you name 3 major vendors who support it? I suspect more providers would
juniper... and when they dropped the IPR stuff other vendors basically walked away :(
Causing consultations with lawyers by others involved with the draft. Life is interesting. IPR, Politics and techie communication skills. The path to failure. - Jared
-----Original Message----- From: Jared Mauch [mailto:jared@puck.nether.net]
Can you name 3 major vendors who support it? I suspect more providers would
juniper... and when they dropped the IPR stuff other vendors basically walked away :(
Causing consultations with lawyers by others involved with the draft. Life is interesting.
IPR, Politics and techie communication skills. The path to failure.
I am familiar with the situation with the IPR and I have to say it's a very disappointing turn of events. I've long held Juniper in high regard as a leader in innovation, but in this instance I feel their actions are doing quite the opposite. That aside, it's 2009 and we're still left with a situation where methodologies which have been used for roughly a decade now (i.e. BGP triggered destination-based filtering) is still considered the norm. Now I realize that FlowSpec isn't a panacea, but it certainly meets some of the requirements that many customers have today, and it gives us a lot more flexibility over simply destination based filtering. Whether it's FlowSpec or something else, what's it going to take to get the vendors and the providers to start moving forward on technologies that are way overdue given the current trend of worms, botnets, and other Internet nastiness? Stefan Fouant: NeuStar, Inc. Principal Network Engineer 46000 Center Oak Plaza Sterling, VA 20166 [ T ] +1 571 434 5656 [ M ] +1 202 210 2075 [ E ] stefan.fouant@neustar.biz [ W ] www.neustar.biz
Now I realize that FlowSpec isn't a panacea, but it certainly meets some of the requirements that many customers have today, and it gives us a lot more flexibility over simply destination based filtering. Whether it's FlowSpec or something else, what's it going to take to get the vendors and the providers to start moving forward on technologies that are way overdue given the current trend of worms, botnets, and other Internet nastiness?
Well, pretty clearly it's going to have to be multivendor, and not IPR encumbered. Aside from that, of course, the usual advice is to talk to your SE and vote with your wallet.
From our point of view, BGP triggered destination-based filtering is still one of our most important tools. We have thought about FlowSpec but haven't felt the need sufficiently strongly. Due to M&A we are now moving to a mixed Cisco/Juniper network - and FlowSpec is no longer all that interesting since Cisco doesn't implement it.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
participants (5)
-
Christopher Morrow
-
Fouant, Stefan
-
Jared Mauch
-
John Payne
-
sthaug@nethelp.no