[176277] in North American Network Operators' Group
Re: DDOS, IDS, RTBH, and Rate limiting
daemon@ATHENA.MIT.EDU (Brian Rak)
Sat Nov 22 18:53:18 2014
X-Original-To: nanog@nanog.org
Date: Sat, 22 Nov 2014 18:53:09 -0500
From: Brian Rak <brak@gameservers.com>
To: Denys Fedoryshchenko <denys@visp.net.lb>, freedman@freedman.net
In-Reply-To: <d6bd1df145c10beb7d569103255030e0@visp.net.lb>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 11/22/2014 11:18 AM, Denys Fedoryshchenko wrote:
> On 2014-11-22 18:00, freedman@freedman.net wrote:
>> We see a lot of Brocade for switching in hosting providers, which makes
>> sFlow easy, of course.
> Oh, Brocade, recent experience with ServerIron taught me new lesson,
> that i can't
> do bonding on ports as i want, it has limitations about even/odd port
> numbers and
> etc.
> Most amazing part i just forgot, that i have this ServerIron, and it
> is a place where
> i run DDoS protection (but it works perfectly over "tap" way). Thanks
> for reminding
> about this vendor :)
I just hope you're not talking FCX's.... if you upgrade those to 8.x
firmware, you'll lose sflow on the 10gb ports. Once you upgrade, they
send a corrupted sflow packet, and at *far* less then the rate that you
configure. Even if you adjust your parser to compensate for the corrupt
packet, they're still dropping the large majority of samples, making
sflow pretty much useless.
It's been several months since we reported this, and we're still waiting
on a fix.
