[c-nsp] BGP flowspec S/RTBH for large DDoS
Gert Doering
gert at greenie.muc.de
Mon May 16 05:00:19 EDT 2016
Hi,
On Mon, May 16, 2016 at 06:43:59AM +0700, Roland Dobbins wrote:
> I personally don't know of any operator allowing customers to use
> flowspec on PE devices.
Not having the hardware to do flowspec across our network yet, I haven't
investigated this closely. But I do wonder what sort of filtering options
exist in typical gear - like "standard BGP" prefix filters, I could imagine
something like "flowspec entries learned from customers need to have a
destination in <prefix list>, and are subject to <maxpfx 500>" or such...
Is that doable on anything?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160516/440b2f5f/attachment.sig>
More information about the cisco-nsp
mailing list