nanog mailing list archives
Re: Getting hit hard by CHINANET
From: Ca By <cb.list6 () gmail com>
Date: Mon, 23 Mar 2015 07:55:31 -0700
On Sun, Mar 23, 2014 at 3:43 AM, Justin M. Streiner <streiner () cluebyfour org
wrote:
On Mon, 23 Mar 2015, Ca By wrote: Having your upstream apply a permanent udp bw policer, say 5 or 10x busyhour baseline, works well for this.Many upstreams will not do that, particularly on a permanent basis. They might do something temporarily to deal with an incident, but many of the bigger carriers probably wouldn't want to leave that in place permanently. jms
Mine Tier 1 up-streams are fine with it permanent. YMMV. I did have to get my account team involved, but from a technical perspective, a one line policer (all UDP rate-limit to 10% of link speed) is not a technical challenge, and the one-off config element is not overly burdensome. Again, YMMV. And, your frequency and impact of IPv4 UDP based attacks will dictate your needs. CB
Current thread:
- Re: Getting hit hard by CHINANET, (continued)
- Re: Getting hit hard by CHINANET Roland Dobbins (Mar 18)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 18)
- Re: Getting hit hard by CHINANET Roland Dobbins (Mar 18)
- Re: Getting hit hard by CHINANET Roland Dobbins (Mar 18)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 18)
- RE: Getting hit hard by CHINANET Eric Rogers (Mar 18)
- Re: Getting hit hard by CHINANET Ray Soucy (Mar 23)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 23)
- Re: Getting hit hard by CHINANET Ca By (Mar 23)
- Re: Getting hit hard by CHINANET Justin M. Streiner (Mar 23)
- Re: Getting hit hard by CHINANET Ca By (Mar 23)
- Re: Getting hit hard by CHINANET Paul S. (Mar 23)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 18)
- Re: Getting hit hard by CHINANET Mike Hale (Mar 17)
- Re: Getting hit hard by CHINANET Roland Dobbins (Mar 18)