> Am 03.05.2016 um 00:06 schrieb Roland Dobbins <rdobb...@arbor.net>:
>
> On 3 May 2016, at 4:51, jim deleskie wrote:
>
>> I was going to avoid this thread because I've never been a huge fan of
>> Flowspec for my own reasons.
>
> Flowspec is an extremely useful tool, IMHO - not only for direct,
> layer-4-granular mitigation leveraging linecard ASICs, but for more granular
> and selective diversion into mitigation centers, as well. And its value is
> growing with increased platform support. It isn't perfect (nothing is), and
> operators must be aware of its performance/scalability envelope on a given
> platform, but it's a great tool to have in the toolbox.
+1
>
>> I can say I, nor any of my peers ( in any sense of that word) that I have
>> known, have wanted to keep "bad " traffic on our networks so we can bill for
>> it.
>
> +1!
>
> I ran into this situation precisely twice early in the 'oughts ("Let the
> packets come!" was the quote which stood out in my mind); those espousing it
> pretty quickly changed their tunes once their networks had been knocked flat
> a couple of times.
Let the packets come is not the message. But an upstream ISP can either drop
the traffic to reduce the impact on the own network and the customers which are
not attacked directly or remark and/or rate-limit the particular flows with
nearly, of course not for the customer under attack, the same result. And
please don’t get me wrong. I am not a fan of implementing it that way.
I also want to add something to keeping bad traffic: Well, nobody wants to keep
bad traffic. But that does not imply that all upstream ISPs are filtering out
attacks by default for customers which are not paying for that. This is at
least my interpretation from reading the various available DDoS reports and
research papers.
>
> ;>
>
> -----------------------------------
> Roland Dobbins <rdobb...@arbor.net>
