[120822] in North American Network Operators' Group
RE: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Stefan Fouant)
Tue Jan 5 00:35:27 2010
From: "Stefan Fouant" <sfouant@shortestpathfirst.net>
To: "'Rick Ernst'" <nanog@shreddedmail.com>,
"'Dobbins, Roland'" <rdobbins@arbor.net>
In-Reply-To: <d066472f1001042119y2467638bt88c650f785d4a7f0@mail.gmail.com>
Date: Tue, 5 Jan 2010 00:34:34 -0500
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Rick Ernst [mailto:nanog@shreddedmail.com]
> Sent: Tuesday, January 05, 2010 12:19 AM
>
> I'd argue just the opposite. If your monitoring/mitigation system
> changes
> dependent on the situation (normal vs under attack), you are adding
> complexity to the system. "What mode is the system in right now? Is
> this
> customer having connectivity issues because of a state change in the
> network? etc."
Almost all of the scalable DDoS mitigation architectures deployed in
carriers or other large enterprises employ the use of an offramp method.
These devices perform a lot better when you can forward just the subset of
the traffic through as opposed to all. It just a simple matter of using
static routing / RTBH techniques / etc. to automate the offramp.
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
