On 01/08/2013 04:47 PM, Darius Jahandarie wrote:
> On Tue, Jan 8, 2013 at 3:30 PM, Richard A Steenbergen
> wrote:
>> I did warn Terry about this issue before he gave that presentation, but
>> note that their performance requirements are MUCH lower than mine. The
>> graphs in this presentation s
On Tue, Jan 8, 2013 at 3:30 PM, Richard A Steenbergen wrote:
> I did warn Terry about this issue before he gave that presentation, but
> note that their performance requirements are MUCH lower than mine. The
> graphs in this presentation show 100-1000Mbps attacks and 45kpps
> attacks, which doesn'
On Mon, Jan 07, 2013 at 08:10:45PM -0800, Eric Cables wrote:
> It's interesting that Flowspec was one of the presentations at the Bay Area
> Juniper User's Group in October, and heavily used by CloudFlare.
>
> http://www.slideshare.net/junipernetworks/flowspec-bay-area-juniper-user-group-bajug
I
On 01/08/2013 04:43 AM, Christian wrote:
> I confirm Alcatel has also implemented flowspec on their device.
> On our side we also use it moderately on our backbone ; it is very easy
> to implement and much more powerful than rtbh.
^just
never is there o
I confirm Alcatel has also implemented flowspec on their device.
On our side we also use it moderately on our backbone ; it is very easy
to implement and much more powerful than rtbh.
Christian
Le 08/01/2013 05:10, Eric Cables a écrit :
It's interesting that Flowspec was one of the presentati
It's interesting that Flowspec was one of the presentations at the Bay Area
Juniper User's Group in October, and heavily used by CloudFlare.
http://www.slideshare.net/junipernetworks/flowspec-bay-area-juniper-user-group-bajug
-- Eric Cables
On Mon, Jan 7, 2013 at 12:41 PM, Darius Jahandarie wro
On Mon, Jan 7, 2013 at 2:48 PM, Richard A Steenbergen wrote:
> On Mon, Jan 07, 2013 at 05:41:06AM +, Dobbins, Roland wrote:
>>
>> On Jan 6, 2013, at 11:14 PM, Richard Gross wrote:
>>
>> > I am seeking advise. If you wanted to block 800K /32's from your inbound
>> > pipes, how would you do it
On Mon, Jan 07, 2013 at 05:41:06AM +, Dobbins, Roland wrote:
>
> On Jan 6, 2013, at 11:14 PM, Richard Gross wrote:
>
> > I am seeking advise. If you wanted to block 800K /32's from your inbound
> > pipes, how would you do it?
>
> You don't need nor want to do this. Flowspec and S/RTBH are
OK - with 'inbound' I thought you meant from the Internet.
bt@ipad
Den 7. jan. 2013 kl. 08:05 skrev joel jaeggli :
> On 1/6/13 10:51 PM, Bjørn Tore wrote:
>> Why would you accept any /32s in the first place?
> From myself? I accept all sorts of prefix lengths internally that I would
> never acc
On 1/6/13 10:51 PM, Bjørn Tore wrote:
Why would you accept any /32s in the first place?
From myself? I accept all sorts of prefix lengths internally that I
would never accept from the internet.
I accept quite a few pretty long prefixes from my arbor TMS for
example, more in the context of RT
Why would you accept any /32s in the first place?
Bjørn Tore @ mobil
Den 7. jan. 2013 kl. 06:22 skrev Joel jaeggli :
> On 1/6/13 20:14 , Richard Gross wrote:
>> Dear List,
>>
>> I am seeking advise. If you wanted to block 800K /32's from your inbound
>> pipes, how would you do it?
>>
>> Would
On 1/6/13 20:14 , Richard Gross wrote:
> Dear List,
>
> I am seeking advise. If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?
>
> Would you null route? Put up multiple stanza firewall filters? Which
> way has the least amount of hit on router resources?
so I
On Jan 6, 2013, at 11:14 PM, Richard Gross wrote:
> I am seeking advise. If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?
You don't need nor want to do this. Flowspec and S/RTBH are very useful tools
for blocking, as Chris indicated, but nobody needs to block
On 01/06/2013 11:14 PM, Richard Gross wrote:
> Dear List,
>
> I am seeking advise. If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?
you might be able to do this with routes... but, ouch... depending on
the RE you'll be straining the limits :(
> Would you null
Dear List,
I am seeking advise. If you wanted to block 800K /32's from your inbound
pipes, how would you do it?
Would you null route? Put up multiple stanza firewall filters? Which
way has the least amount of hit on router resources?
If you would prefer to reply off-list, that would be supe
15 matches
Mail list logo
