nanog mailing list archives
Re: DDoS mitigation for ISPs
From: Mike <mike-nanog () tiedyenetworks com>
Date: Thu, 29 Oct 2015 11:36:56 -0700
On 10/29/2015 08:54 AM, Hugo Slabbert wrote:
Actually I did the google thing first and followed up with several of the top results, and not once did I see anyone offering a bgp tunnel + scrub which is why I asked. I did get some good off list responses however, thanks all.On Thu 2015-Oct-29 08:42:31 -0700, Mike <mike-nanog () tiedyenetworks com> wrote:Hello,Is there any DDoS mitigation service provider that can scrub traffic for an ISP network? I have an ASN and BGP and my own netblocks, and I have a 1gbps pipe. I was thinking the scenario would be during attack, we could bring up a tunnel and run bgp over it and advertise some portion of our ip space thru it. I realise getting it setup while attack is taking place would be a little hard and that we likely could expect at least some down time. What we have seen so far has been reflection attacks (dns and ssdp) and we have been able to do rate limiting on these and other protocols to sane values. This has worked well, although the primary risk is once the traffic flow exceeds the link capacity such limiting won't have any net effect. But if we could farm this out during times of trouble to a mitigation services provider, they could advertise our block(s) and rate limit and scrub for us and send us the result, it would be a far better than what we have now (which is effectively nothing). I asked cloudflare this and they stated they are focused on web traffic. My upstream can't help me, doesn't support RTBH and won't install filters anyways unless it's impacting THEIR network. Just wondering if anyone has any other ideas (short of ditching my provider, which I also can't do due at this time due to lack of competitive choice).Mike-In no particular order: - Prolexic (Akamai) - Arbor Networks - Staminus - Black Lotus - Incapsula - Radware This is not an endorsement for any of the above. Alternatively: http://lmgtfy.com/?q=ddos+protection
Mike-
Current thread:
- DDoS mitigation for ISPs Mike (Oct 29)
- Re: DDoS mitigation for ISPs Job Snijders (Oct 29)
- Re: DDoS mitigation for ISPs Hugo Slabbert (Oct 29)
- Re: DDoS mitigation for ISPs Mike (Oct 29)
- Re: DDoS mitigation for ISPs Hugo Slabbert (Oct 29)
- Re: DDoS mitigation for ISPs Pavel Odintsov (Oct 29)
- Re: DDoS mitigation for ISPs Mike (Oct 29)