On 2020-04-23 18:13, Colton Conor wrote:
Do any of the large transit providers support FlowSpec to transit
customers / other carriers, or is that not a thing since they want to
sell DDoS protection services? FlowSpec sounds much better than RTBH
(remotely triggered blackhole), but I am not sure if FlowSpec is
widely implemented. I see the large router manufacturers support it.
RETN
They have extended blackholing, and FlowSpec, sure its all have costs.
I'm using both services from them and quite satisfied.
In general operators don't like flowspec, because it is not easy to
implement it right,
there is bugs and most important its "eating" TCAM.
For example:
https://blog.cloudflare.com/todays-outage-post-mortem-82515/
