Re: [OSPF] New Version Notification for draft-liang-ospf-flowspec-extensions-01.txt

"Acee Lindem (acee)" <> Sat, 11 October 2014 15:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1E7311A3BA4 for <>; Sat, 11 Oct 2014 08:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.287
X-Spam-Status: No, score=-15.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gQtT2b6XqvxG for <>; Sat, 11 Oct 2014 08:04:37 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EF25E1A212D for <>; Sat, 11 Oct 2014 08:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1588; q=dns/txt; s=iport; t=1413039877; x=1414249477; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=4iPlqpshpF7m62w2jCuphG3bOIHooPyb38fNVCn8aEc=; b=ZdoZlbMRkL86GrCtwVxq4zr32D4YobZXNE0OAzInuhFtcU6MVE8wfp2Y YKvK9EeBkG192vXayWOZfys8leDNxT56i03B4OMfXjLSWUshu76T6SZCt c8lnWhgOhRuMifRnxz4ag8yFX76tzBGtq3r7Rf3/tnwEwm30kI6gdnxiE A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.04,698,1406592000"; d="scan'208";a="86090715"
Received: from ([]) by with ESMTP; 11 Oct 2014 15:04:36 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s9BF4aFE010548 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 11 Oct 2014 15:04:36 GMT
Received: from ([]) by ([]) with mapi id 14.03.0195.001; Sat, 11 Oct 2014 10:04:35 -0500
From: "Acee Lindem (acee)" <>
To: Russ White <>, "'Osborne, Eric'" <>, "'Youjianjie'" <>, "'Hannes Gredler'" <>
Thread-Topic: [OSPF] New Version Notification for draft-liang-ospf-flowspec-extensions-01.txt
Thread-Index: AQHP2sRacNlB1LfkPUCKV4l1MfxdD5wX3ddwgA2jYQCAAOUi0P//fhsAgAGjdgCAADkxoIAAKSoAgANtcgD//8zaAA==
Date: Sat, 11 Oct 2014 15:04:35 +0000
Message-ID: <>
References: <> <> <20141008155350.GB34437@hannes-mba.local> <> <> <> <054c01cfe55c$b9075090$2b15f1b0$>
In-Reply-To: <054c01cfe55c$b9075090$2b15f1b0$>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [OSPF] New Version Notification for draft-liang-ospf-flowspec-extensions-01.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 11 Oct 2014 15:04:39 -0000

Hey Russ, 

On 10/11/14, 10:07 AM, "Russ White" <> wrote:

>> As I stated in my last E-mail, the IGPs aren't really a good tool for
>> flow-spec distribution. Other than perhaps DDoS mitigation, I don't see
>> use case for flooding the same flow-spec to everyone in the routing
>> or, even worse, flooding everybody's flow-specs everywhere.
>Agreed. It always looks more and more like we need a "generic transport
>protocol" for flooding various bits of information through a domain. We
>to consistently reject the idea, and then we consistently have ideas
>around about how to do this very same thing in some existing protocol...

OSPF is a good choice for quickly disseminating the same piece of
information to multiple OSPF routers using the same policy and I believe
that the transport instance
facilitates this. However, I see flow-spec distribution in the general
controller case as being peer specific or even peer interface specific. Do
you disagree? 

The use case in question is mitigating attacks closer to the compromised
system by pushing the flow-spec to the customer sites using OSPF as a
PE-CE protocol (RFC 4577). Are there any other instances where we¹d want
to push the same flow-spec to the routers in an IGP domain using OSPF or


>Let's just add another AFI to BGP. :-)
>Anyway, OSPF isn't the right place for this sort of thing.