[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Over a decade of DDOS--any progress yet?
- Subject: Over a decade of DDOS--any progress yet?
- From: thomas.mangin at exa-networks.co.uk (Thomas Mangin)
- Date: Wed, 8 Dec 2010 15:36:42 +0000
- In-reply-to: <[email protected]>
- References: <23035485.1291815970840.JavaMail.tomcat@fe-ps03> <[email protected]> <[email protected]>
On 8 Dec 2010, at 15:12, Dobbins, Roland wrote:
>
> On Dec 8, 2010, at 10:10 PM, Thomas Mangin wrote:
>
>> Until this is sorted I believe flowspec will be a marginal solution.
>
> We're seeing a significant uptick in flowspec interest, actually, and S/RTBH has been around for ages.
Great to hear :)
But my point is still valid, Flowspec is great if you are are a backbone and are performing the filtering, or if you want to filter outgoing traffic. If you are a smaller network, you need the filtering to be performed by your transit provider, as your uplink will otherwise be congested. So I will stand by my comment that flowspec would see a bigger uptake if T1 could accept the flowspec routes, which they will only do once they can filter them (to insure correctness and resource protection).
Thomas
PS : Someone need to add IPv6 support to the RFC :p