On 10/11/14, 11:30 AM, "Russ White" <[email protected]> wrote:
> >> OSPF is a good choice for quickly disseminating the same piece of >information >> to multiple OSPF routers using the same policy and I believe that the >> transport instance http://www.ietf.org/id/draft-ietf-ospf-transport- >> instance-11.txt >> facilitates this. However, I see flow-spec distribution in the general >controller >> case as being peer specific or even peer interface specific. Do you >disagree? > >> The use case in question is mitigating attacks closer to the compromised >> system by pushing the flow-spec to the customer sites using OSPF as a >PE-CE >> protocol (RFC 4577). Are there any other instances where we¹d want to >>push >> the same flow-spec to the routers in an IGP domain using OSPF or ISIS? > >Why isn't this use case extendable to all edge OSPF routers, and not just >CE's? I would think the same reasoning would apply... > >So -- if we are going to do this, we should specifically design it more >like >a type 5, perhaps, or something with a very limited flooding scope to >solve >the specific use case in hand, rather than in a way that encourages >general >use... > >Does this make sense? It depends whether you want to send the flow-spec to every PE under your administrative domain of only those PE close to the source of the attack. If it is the latter, the current BGP mechanism Is better suited to the task. Thanks, Acee > >:-) > >Russ > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
