I’m stuck trying to find a virtual router environment that I can play with flowspec on. We do have some Juniper routers, but they are in production and I don’t think I want to touch flowspec on them just yet.
Does anyone have any experience or any ideas here? Even openbgpd? > On Jan 11, 2015, at 6:58 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > > > On 11 Jan 2015, at 20:52, Ca By wrote: > >> 1. BCP38 protects your neighbor, do it. > > It's to protect yourself, as well. You should do it all the way down to the > transit customer aggregation edge, all the way down to the IDC access layer, > etc. > >> 2. Protect yourself by having your upstream police Police UDP to some >> baseline you are comfortable with. > > This will come back to haunt you, when the programmatically-generated attack > traffic 'crowds out' the legitimate traffic and everything breaks. > > You can only really do this for ntp. > >> 3. Have RTBH ready for some special case. > > S/RTBH and/or flowspec are better (S/RTBH does D/RTBH, too). > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net>
