FlowSpec for DDoS

(aka UTRS v2.0 - almost)

We tend to not announce new features until we’re ready to announce a new version.  But 2020 throws the old rules out the window!

 

The Institute for Security and Technology (IST) reached out to me recently to talk about BGP FlowSpec. The topic? Is this a viable tool to help networks defend themselves?

 

Yes, it is.

 

And no, it isn’t.

 

To be clear, I fully agree with IST’s blog post that BGP FlowSpec is very promising (see https://securityandtechnology.org/blog/the-global-potential-of-bgp-flowspec/ for their blog post). BGP FlowSpec offers tremendous promise. But it isn’t the complete solution. Enter Team Cymru.

 

One of Team Cymru’s most popular community services is our Unwanted Traffic Removal Service (UTRS). This is a no-cost solution allowing network operators (AS owners that speak BGP) a last line of defense for DDoS mitigation. It is live and operational today, with more than 900 connected networks.

 

Today, UTRS enables network operators to share (advertise) an IP address to us, and through us to those 900+ other networks. This isn’t a typical advertisement, though. This advertisement is a request, a distress signal of sorts, where the advertising network is requesting other operators block traffic to that address. For the more technical audience, it functions much like Remote Triggered Black Holes (RTBH), but sends those advertisements to all 900+ connected networks.

 

In 2021, we plan to introduce UTRS version 2.0. The new features came from us listening to you, the network operators of the world, to identify the changing possibilities and emerging needs. We’re looking forward to introducing FlowSpec as one of the key features of UTRS version 2.0.

 

We don’t have a firm date for release quite yet. Current UTRS participants will be the first to hear of the planned release. For those not yet using the UTRS service, sign up today to leverage the strong utility of UTRS v1.0 and be first to try UTRS v2.0 when available!