nanog mailing list archives
Re: DDOS solution recommendation
From: Dave Bell <me () geordish org>
Date: Sun, 11 Jan 2015 15:08:25 +0000
Maybe try the Cisco CSR1000v. In the trial mode it won't give you a decent throughput, but should have all features enabled. On 11 January 2015 at 15:02, Ammar Zuberi <ammar () fastreturn net> wrote:
I’m stuck trying to find a virtual router environment that I can play with flowspec on. We do have some Juniper routers, but they are in production and I don’t think I want to touch flowspec on them just yet. Does anyone have any experience or any ideas here? Even openbgpd?On Jan 11, 2015, at 6:58 PM, Roland Dobbins <rdobbins () arbor net> wrote: On 11 Jan 2015, at 20:52, Ca By wrote:1. BCP38 protects your neighbor, do it.It's to protect yourself, as well. You should do it all the way down to the transit customer aggregation edge, all the way down to the IDC access layer, etc.2. Protect yourself by having your upstream police Police UDP to some baseline you are comfortable with.This will come back to haunt you, when the programmatically-generated attack traffic 'crowds out' the legitimate traffic and everything breaks. You can only really do this for ntp.3. Have RTBH ready for some special case.S/RTBH and/or flowspec are better (S/RTBH does D/RTBH, too). ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: DDOS solution recommendation, (continued)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 12)
- Re: DDOS solution recommendation Owen DeLong (Jan 12)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Joel Maslak (Jan 11)
- RE: DDOS solution recommendation David Hofstee (Jan 12)
- Re: DDOS solution recommendation Colin Johnston (Jan 12)
- Re: DDOS solution recommendation Ca By (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Ammar Zuberi (Jan 11)
- Re: DDOS solution recommendation Dave Bell (Jan 11)
- Re: DDOS solution recommendation Paul S. (Jan 11)
- Re: DDOS solution recommendation Job Snijders (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Ca By (Jan 11)
- Re: DDOS solution recommendation Tore Anderson (Jan 12)
- Re: DDOS solution recommendation Roland Dobbins (Jan 12)
- Re: DDOS solution recommendation Tore Anderson (Jan 12)
- Re: DDOS solution recommendation Pavel Odintsov (Jan 11)
- Re: DDOS solution recommendation Stephen Fulton (Jan 11)