powerpixel's comments

powerpixel · 2025-12-05T09:31:55 1764927115

Having this kind of outage on a friday after what happened last month though is not a good thing... Props to them for getting back up so quickly but come on, these kinds of outages were not a thing a while back.

powerpixel · 2025-11-18T14:06:05 1763474765

Maintainance cost is the main issue for on-prem infra, nowadays add things like DDOS protection and/or scraping protection, which can require dedicated team or for your company to rely on some library or open source project that is not guaranteed to be maintained forever (unless you give them support, which i believe in)... Yeah I can understand why companies shift off of on-prem nowadays

powerpixel · 2025-11-18T14:03:23 1763474603

> here is no network protocol for a host to control traffic filtering on upstream providers (deny traffic from certain subnets or countries).

There is no network protocol per se, but there is commercial solutions like fortinet that can block countries iirc, but to note that it's only ip range based so it's not worth a lot

mrktf · 2025-11-18T14:14:52 1763475292

I think parent means: there no network protocol which can propagate blocking in sane manner between providers (something like bgp for firewalls)

edit: yes, you can you bgp to blockhole subnet traffic - the standard doesn't play well if you want blackhole unrelated subnets from upstream network

wbl · 2025-11-18T14:09:31 1763474971

Unless you filter at the far end of the bottleneck you still go offline.

jabart · 2025-11-18T14:12:35 1763475155

I'm pretty sure BGP magic will let you blackhole a whole subnet.