[120832] in North American Network Operators' Group
RE: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Stefan Fouant)
Tue Jan 5 01:17:34 2010
From: "Stefan Fouant" <sfouant@shortestpathfirst.net>
To: "'Hank Nussbacher'" <hank@efes.iucc.ac.il>
In-Reply-To: <alpine.LRH.2.00.1001050800450.28327@efes.iucc.ac.il>
Date: Tue, 5 Jan 2010 01:16:39 -0500
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Hank Nussbacher [mailto:hank@efes.iucc.ac.il]
> Sent: Tuesday, January 05, 2010 1:02 AM
>
> On Tue, 5 Jan 2010, Stefan Fouant wrote:
>
> > Almost all of the scalable DDoS mitigation architectures deployed in
> > carriers or other large enterprises employ the use of an offramp
> method.
> > These devices perform a lot better when you can forward just the
> subset of
> > the traffic through as opposed to all. It just a simple matter of
> using
> > static routing / RTBH techniques / etc. to automate the offramp.
>
> That said, what are all those ISPs doing now that Cisco has stopped
> developing the Guard?
Well of course, moving to Arbor haha... eased in part by a little Cisco
initiative called Clean Pipes 2.0 :)
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
