[c-nsp] BGP flowspec S/RTBH for large DDoS

Thu May 19 07:56:30 EDT 2016

> From: chip [mailto:chip.gwyn at gmail.com]
> Sent: Thursday, May 19, 2016 12:43 PM
>
> Some folks at Juniper have recently commented that work is ongoing to
> devise a method of configuring "groups" of interfaces and an extra field in
> the flowspec rule be tied to the group.  In this manner some rules may be
> tied a group of interfaces while other rules can be tied to other interfaces.
> No idea when it will be implemented however.
>
Yes that's exactly what I had on mind, based on community associated with the route -the resulting term would be applied only to filters on interfaces represented by the community.
However that would mean to redo the whole thing from vrf filters to interface filters.
-which btw would be great as with per interface filters and specified direction of filtering the PFEs handling traffic in opposite direction would not need to do the extra work.
-since as it is right now PFEs handling traffic (doing lookup) in opposite direction, than one for which the filter was actually intended for, have to churn through the filter for every lookup  -so these PFEs are burning cycles unnecessarily.

adam

        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.