[j-nsp] DDOS and MX-240's

Christian cdebalorre at neotelecoms.com
Tue Jan 8 04:43:03 EST 2013


I confirm Alcatel has also implemented flowspec on their device.
On our side we also use it moderately on our backbone ; it is very easy 
to implement and much more powerful than rtbh.

Christian

Le 08/01/2013 05:10, Eric Cables a écrit :
> It's interesting that Flowspec was one of the presentations at the Bay Area
> Juniper User's Group in October, and heavily used by CloudFlare.
>
> http://www.slideshare.net/junipernetworks/flowspec-bay-area-juniper-user-group-bajug
>
> -- Eric Cables
>
>
> On Mon, Jan 7, 2013 at 12:41 PM, Darius Jahandarie <djahandarie at gmail.com>wrote:
>
>> On Mon, Jan 7, 2013 at 2:48 PM, Richard A Steenbergen <ras at e-gerbil.net>
>> wrote:
>>> On Mon, Jan 07, 2013 at 05:41:06AM +0000, Dobbins, Roland wrote:
>>>> On Jan 6, 2013, at 11:14 PM, Richard Gross wrote:
>>>>
>>>>> I am seeking advise.  If you wanted to block 800K /32's from your
>> inbound pipes, how would you do it?
>>>> You don't need nor want to do this.  Flowspec and S/RTBH are very
>>>> useful tools for blocking, as Chris indicated, but nobody needs to
>>>> block 800K /32s.
>>> http://mailman.nanog.org/pipermail/nanog/2011-January/030051.html
>>>
>>> Still has the same issue. Juniper has basically let Flowspec bit-rot
>>> into complete uselessness since Pedro left.
>> It really sucks to hear that the performance didn't improve on Trio.
>> Flowspec is /the/ way to make DoS mitigation possible for companies
>> not big enough to buy a boatload of edge capacity, it's too bad that
>> it's not implemented by anyone but Juniper, and Juniper is letting it
>> rot. (It's also too bad that, AFAIK, nLayer is the only transit
>> provider that actually offers it to customers.)
>>
>> I think this is one of the things that the people building on top of
>> OpenFlow can use to wipe the floor with classical vendors (a good
>> MPLS-TE implementation being the other thing).
>>
>> --
>> Darius Jahandarie
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list