RE: [EXTERNAL] Re: FlowSpec

If you can impose a limit on the amount of flowspec rules the customer can send you (I assume you are the Service provider) where is the problem with offering flowspec services? Seems more of a vendor challenge. The tcam issue is relatively addressed with proper dimensioning (throw money to

RE: [EXTERNAL] RE: DDoS attack

You can get the bogon prefixes from Cymru and defend your network using them in combination with rpf The key with the attacks dos or ddos is to have proper telemetry (streaming telemetry not polling telemetry) and baselines without this information you run the danger of blocking good traffic.

Re: Best ways to ensure redundancy with no terrestrial ISPs

Agree > On 4 Aug 2019, at 18:50, Fred Baker wrote: > > Between overlaid ads and the thing trying to force an account, i’d Describe > it as a waste of time. Now, a page that delivered the data advertised... > > Sent using a machine that autocorrects in interesting ways... > >> On Aug 3,

RE: [EXTERNAL] Re: RTBH no_export

I heard that before... -Original Message- From: Vincent Bernat Sent: Monday, February 4, 2019 9:48 AM To: i3D.net - Martijn Schmidt Cc: Nikos Leontsinis ; Paul S. ; nanog@nanog.org Subject: Re: [EXTERNAL] Re: RTBH no_export ❦ 4 février 2019 09:01 +00, i3D.net - Martijn Schmidt

RE: [EXTERNAL] Re: RTBH no_export

This is a 20+ year old solution. Ugly because you will block good traffic and on your effort to protect your network you will block legitimate traffic too (satisfying the attacker) but most upstream providers will give you a community to use (Cogent is a notable exception) and tag the prefix

RE: [EXTERNAL] Re: JunOS Fusion Provider Edge

There is a fundamental product limitation. CoS on Cascade port for MX is not officially supported as well QFX acting as AD. I agree with those who perceive all these approaches as proprietary lock-in (disguised as cheap). From: NANOG On Behalf Of Vincentz Petzholtz Sent: Wednesday, December

RE: Attacks on BGP Routing Ranges

You are not supposed to announce that range anyway as you shouldn't be announcing your infrastructure range for your protection. Ask your upstream providers not to expose that range too. There are many ways around that selective redistribution or they can just protect that range. How they do

Re: [NANOG]

of RPKI. > > > > Rich Compton | Principal Eng | 314.596.2828 > 14810 Grasslands Dr,Englewood, CO80112 > > > > > > > On 5/2/17, 6:27 AM, "NANOG on behalf of Job Snijders" > <nanog-boun...@nanog.org on behalf of j...@ntt.net> wrote: >

Re: Financial services BGP hijack last week?

it only proves the need for wider RPKI adoption On 2 May 2017 at 06:49, wrote: > I didn't see any mention of this here. Any comments? > > "On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, > and more than two dozen other financial