I am trying to compile data on which providers are currently supporting
BGP Flowspec at their edge, if there are any at all. The few providers
I've reached out to have indicated they do not support this and have no
intention of supporting this any time in the near future. I'm also
curious why something so useful as to have the ability to advertise flow
specification information in NLRI and distribute filtering information
is taking so long to gain a foothold in the industry...
Sorry for the repost but wanted to make sure this got it's own thread.
Thanks,
Stefan Fouant: NeuStar, Inc.
Principal Network Engineer
46000 Center Oak Plaza Sterling, VA 20166
[ T ] +1 571 434 5656 [ M ] +1 202 210 2075
[ E ] stefan.fouant@neustar.biz [ W ] www.neustar.biz
Can you name 3 major vendors who support it? I suspect more providers would offer it if there was vendor support.
Last I checked, at least one vendor was fighting mad over the thought of supporting it.
I am trying to compile data on which providers are currently supporting
BGP Flowspec at their edge, if there are any at all. The few providers
I've reached out to have indicated they do not support this and have no
intention of supporting this any time in the near future. I'm also
curious why something so useful as to have the ability to advertise flow
specification information in NLRI and distribute filtering information
is taking so long to gain a foothold in the industry...
Can you name 3 major vendors who support it? I suspect more providers would
juniper... and when they dropped the IPR stuff other vendors basically
walked away
offer it if there was vendor support.
Last I checked, at least one vendor was fighting mad over the thought of
supporting it.
I am familiar with the situation with the IPR and I have to say it's a
very disappointing turn of events. I've long held Juniper in high
regard as a leader in innovation, but in this instance I feel their
actions are doing quite the opposite.
That aside, it's 2009 and we're still left with a situation where
methodologies which have been used for roughly a decade now (i.e. BGP
triggered destination-based filtering) is still considered the norm.
Now I realize that FlowSpec isn't a panacea, but it certainly meets some
of the requirements that many customers have today, and it gives us a
lot more flexibility over simply destination based filtering. Whether
it's FlowSpec or something else, what's it going to take to get the
vendors and the providers to start moving forward on technologies that
are way overdue given the current trend of worms, botnets, and other
Internet nastiness?
Stefan Fouant: NeuStar, Inc.
Principal Network Engineer
46000 Center Oak Plaza Sterling, VA 20166
[ T ] +1 571 434 5656 [ M ] +1 202 210 2075
[ E ] stefan.fouant@neustar.biz [ W ] www.neustar.biz
Now I realize that FlowSpec isn't a panacea, but it certainly meets some
of the requirements that many customers have today, and it gives us a
lot more flexibility over simply destination based filtering. Whether
it's FlowSpec or something else, what's it going to take to get the
vendors and the providers to start moving forward on technologies that
are way overdue given the current trend of worms, botnets, and other
Internet nastiness?
Well, pretty clearly it's going to have to be multivendor, and not IPR
encumbered. Aside from that, of course, the usual advice is to talk to
your SE and vote with your wallet.
From our point of view, BGP triggered destination-based filtering is
still one of our most important tools. We have thought about FlowSpec
but haven't felt the need sufficiently strongly. Due to M&A we are now
moving to a mixed Cisco/Juniper network - and FlowSpec is no longer
all that interesting since Cisco doesn't implement it.
