[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Colton,
It is fairly common to use flowspec internally at an ISP for mitigation of DDoS attacks.  eBGP flowspec is not very common though.  I know of only a couple of ISPs that allow flowspec rules to be advertised by their customers.  The biggest issue with this is that other providers are very hesitant to allow an external party to reach into their routers and modify the configuration (add a flowspec rule).  I (with others at my company) had attempted to work on this to provide a validation mechanism that would be performed on the advertised rules before adding them to the router.  We didnâ??t see much interest at that time on this.  https://www.youtube.com/watch?v=rKEz8mXcC7o