[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FlowSpec
On 2020-04-23 19:12, Roland Dobbins wrote:
> On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:
>
>> In general operators don't like flowspec
>
> Its increasing popularity tens to belie this assertion.
>
> Yes, you're right that avoiding overflowing the TCAM is very
> important. But as Rich notes, a growing number of operators are in
> fact using flowspec within their own networks, when it's appropriate.
One of operators told me why they dont provide flowspec anymore:
customers are installing rules by scripts, stacking them,
and not removing then when they dont need them anymore.
RETN solved that by limiting number of rules customer can install.
>
> Smart network operators tend to do quite a bit of lab testing,
> prototyping, PoCs, et. al. against the very specific combinations of
> platforms/linecards/ASICs/OSes/trains/revisions before generally
> deploying new features and functionality; this helps ameliorate many
> concerns.
Definitely, and i know some hosting operators who provide Flowspec
functionality
different way - over their own web interface/API. This way they can do
unit tests,
and do additional verifications.
But if there is direct BGP, things like
https://dyn.com/blog/longer-is-not-better/
might happen, if customer is using some exotic, "nightly-build" BGP
implementation.
- References:
- FlowSpec
- From: colton.conor at gmail.com (Colton Conor)
- FlowSpec
- From: nuclearcat at nuclearcat.com (Denys Fedoryshchenko)
- FlowSpec
- From: roland.dobbins at netscout.com (Roland Dobbins)