[144529] in North American Network Operators' Group
Re: vyatta for bgp
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 13 10:24:32 2011
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: Your message of "Mon, 12 Sep 2011 22:38:57 BST."
<4E6E7BF1.2050903@foobar.org>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 13 Sep 2011 10:21:22 -0400
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1315923682_79123P
Content-Type: text/plain; charset=us-ascii
On Mon, 12 Sep 2011 22:38:57 BST, Nick Hilliard said:
> Let's throw some figures around (ridiculously simplified): a company has a
> choice between a pair of $10k software routers or something like a pair of
> MX80s for $25k each. So, one solution costs $20k; the other $50k. $30k
> cost difference works out as $625 per month depreciation (4 year). I.e.
> not going to affect the bottom line in any meaningful way.
>
> Now say that this company has a DoS attack for 24h, and the company
> effectively loses one day of revenue. On the basis that there are 260
> office working days per year, the point at which spending an extra $30k for
> a hardware router would be of net benefit to the company would be 260*30k =
> $7.8m. I.e. if your annual revenue is higher than that, and if spending
> that cash would mitigate against your DoS problems, then it would be worth
> your while in terms of direct loss mitigation.
>
> Of course, this analysis is quite simplistic and excludes things like
> damage to reputation, online stores, the likelihood of DoS attacks
> happening in the first place, the cost of transit and many other points of
> reality.
One important thing it overlooks is what percent of DDoS attackqs are simple
"flood the pipe" attacks directed at a target behind the router. If you got a
100M or 1G pipe to the outside world and you're getting hammered by multiple G
worth of packets, things are going to suck no matter what the router is. And
let's face it, kicking that pipe to 10G is gonna cost a bit....
--==_Exmh_1315923682_79123P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFOb2bicC3lWbTT17ARAgamAJ0fTwFMw8EM86uuatsqZaI3bF8xgwCghiaR
1ZlhReynQ9z1PZpF3vh9UXY=
=rBQr
-----END PGP SIGNATURE-----
--==_Exmh_1315923682_79123P--
