BGP Flowspec has been a useful tool for permitting operators to mitigate DDoS attacks. However, as much as it's been a good tool, it's also been a sharp source of pain. Protocol bugs, line card bugs, odd limitations in platform support have made this useful tool a challenge to deploy.
This talk is a brief review of why flowspec has been challenging both to operators and to implementors, and highlight upcoming work in IETF to address some of the issues while attempting to create the ability to deploy next-generation features.
Speaker: Jeffrey Haas