[120827] in North American Network Operators' Group
Re: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Tue Jan 5 00:48:42 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Tue, 5 Jan 2010 05:43:16 +0000
In-Reply-To: <20100105053904.GB7227@skywalker.creative.net.au>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 5, 2010, at 12:39 PM, Adrian Chadd wrote:
> I mean, I assume that there's checks and balances in place to limit
> then number of routes being injected into the network so one doesn't
> overload the tables, but what's the behaviour if/when this limit is
> reached? Does mitigation cease being as effective?
For IDMS 'scrubbing' solutions, one merely injects the route of the attack =
targets into one's iBGP, in order to draw all traffic towards that specific=
target into the scrubbing center.
For S/RTBH and flow-spec, modern edge routers can scale to millions of rout=
es; also note one isn't limited to /32s.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
