[121124] in North American Network Operators' Group
Re: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Jan 11 02:06:16 2010
In-Reply-To: <4B4AB68F.1050501@yahoo.fr>
Date: Mon, 11 Jan 2010 02:05:17 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: jul <jul_bsd@yahoo.fr>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 11, 2010 at 12:26 AM, jul <jul_bsd@yahoo.fr> wrote:
> Martin Hannigan wrote on 05/01/10 16:50:
>>> I see two possible solutions:
>>> - Netflow/sFlow/***Flow =A0feeding a BGP RTBH
>>> - Inline device
>>>
>>>
>>
>> =A0 =A0 =A0- Outsource to service provider
>
> I want to add some stuff on this as I didn't see them with a quick check
> on the thread.
> Local solution always have a limit as bandwith will be exhausted before
> goin into your solution/network.
>
> Outsourced services have higher cost than Arbor but can handled more.
Do they? VerizonBusiness's solution was $3250US/month so ~$90USk over
2yrs. Arbor, I think, for a TMS + collectors was +100k.
There are decent outsourced solutions, that move the problem out of
your network, scrub traffic as requested, give you the ability to send
traffic there on-demand (without calling the provider) and actually do
work. All at a cost that's more than reasonable if your business
depends upon the Internets.
-chris
