Re: Flowspec IPv6

Turns out the apply-group isn't working for v6 rules. ATAC made me replicate the same rule directly under routing-options and inet6flow.0 appeared and I can see my rule populated now. FYI I'm running vRR 20.4R1-S1.2 On Sun, May 23, 2021 at 4:55 AM Zbyněk Pospíchal wrote: > Hi Eric, > > with

Re: Flowspec IPv6

Hi, I just configured this a few days ago on a mx960 running 18.4R3. This was traffic redirection into a routing-instances so i do not know if it matches your setup. But i can confirm that it is working in my setup. Regards Trond Hello, I've been fiddling with JunOS to enable Flowspec

Re: Flowspec IPv6

Hi Eric, with no v6 fs rules, the table inet6flow.0 stay hidden. Try to make any. -- S pozdravem/Best Regards, Zbyněk Dne 21.05.21 v 20:10 Eric Dugas via NANOG napsal(a): > Hello, > > I've been fiddling with JunOS to enable Flowspec IPv6. According to the > docs, it was implemented in 16.x.

RE: [EXTERNAL] Re: FlowSpec

To: Colton Conor Cc: NANOG Subject: [EXTERNAL] Re: FlowSpec On 2020-04-23 18:13, Colton Conor wrote: > Do any of the large transit providers support FlowSpec to transit > customers / other carriers, or is that not a thing since they want to > sell DDoS protection services? FlowSpec sounds mu

Re: FlowSpec

On 2020-04-23 19:12, Roland Dobbins wrote: On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote: In general operators don't like flowspec Its increasing popularity tens to belie this assertion. Yes, you're right that avoiding overflowing the TCAM is very important. But as Rich notes, a

Re: FlowSpec

On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote: In general operators don't like flowspec Its increasing popularity tens to belie this assertion. Yes, you're right that avoiding overflowing the TCAM is very important. But as Rich notes, a growing number of operators are in fact

Re: FlowSpec

On 2020-04-23 18:13, Colton Conor wrote: Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure

Re: FlowSpec

On 2020-04-23 18:13, Colton Conor wrote: Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure

Re: FlowSpec

Hi Colton, It is fairly common to use flowspec internally at an ISP for mitigation of DDoS attacks. eBGP flowspec is not very common though. I know of only a couple of ISPs that allow flowspec rules to be advertised by their customers. The biggest issue with this is that other providers are

Re: FlowSpec Support

-IX http://www.midwest-ix.com - Original Message - From: "Josh Reynolds" <j...@kyneticwifi.com> To: "Mike Hammett" <na...@ics-il.net> Cc: "NANOG" <nanog@nanog.org> Sent: Saturday, May 28, 2016 5:41:38 PM Subject: Re: FlowSpec Sup

Re: FlowSpec Support

There was just a recent discussion about this. None of the big upstreams support it because they are all too busy selling their own DDoS mitigation services :) On May 28, 2016 5:38 PM, "Mike Hammett" wrote: > I know support (from customers) is limited among networks. I know it