[120852] in North American Network Operators' Group
Re: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Rick Ernst)
Tue Jan 5 10:55:49 2010
In-Reply-To: <d99aaed41001050750w752a3535u69320beb9cf08e7e@mail.gmail.com>
Date: Tue, 5 Jan 2010 07:55:03 -0800
From: Rick Ernst <nanog@shreddedmail.com>
To: Martin Hannigan <martin@theicelandguy.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I looked at one of the suggested out-sourced providers. Based on a sample
size of 1, the mitigating mechanisms are DNS redirection and BGP/tunneling.
While both of these solutions may be useful for an end-user (even large
ones), I don't see them fitting in an SP environment.
"If something goes wrong, I want my own, local, big-red button."
Rick
On Tue, Jan 5, 2010 at 7:50 AM, Martin Hannigan <martin@theicelandguy.com>wrote:
>
>
> On Mon, Jan 4, 2010 at 4:19 PM, Rick Ernst <nanog@shreddedmail.com> wrote:
>
>> Looking for D/DoS mitigation solutions. I've seen Arbor Networks
>> mentioned
>> several times but they haven't been responsive to literature requests
>> (hint,
>> if anybody from Arbor is looking...). Our current upstream is 3x GigE
>> from
>> 3 different providers, each landing on their own BGP endpoint feeding a
>> route-reflector core.
>>
>> I see two possible solutions:
>> - Netflow/sFlow/***Flow feeding a BGP RTBH
>> - Inline device
>>
>>
>
> - Outsource to service provider
>
>
> Netflow can lag a bit in detection. I'd be concerned that inline devices
>> add an additional point of failure. I'm worried about both failing-open
>> (e.g. network outage) and false-positives.
>>
>
> How often are you getting DDoS'd?
>
> The financials of using a managed service provider vs.
> buy-all-your-own-grrovy-stuff can be fairly compelling especially if the
> amount of DDoS you experience is almost nil.
>
> Re: Arbor. I don't have any recent experience, but they've been around for
> a long time, have a very experienced team that understands ISP and
> enterprise and the product is mature. Hard to go wrong if you can justify
> the costs. YMMV.
>
> Best,
>
> -M<
>
>
> --
> Martin Hannigan martin@theicelandguy.com
> p: +16178216079
> Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
>
>
