[181733] in North American Network Operators' Group
=?utf-8?B?UmU6IEdSRSBwZXJmb3JtYW5jZSBvdmVyIHRoZSBJbnRlcm5ldCAtIEREb1Mg?=
daemon@ATHENA.MIT.EDU (Kenneth McRae)
Wed Jul 1 12:15:08 2015
X-Original-To: nanog@nanog.org
To: Dennis B <infinityape@gmail.com>
From: Kenneth McRae <kenneth.mcrae@me.com>
Date: Wed, 01 Jul 2015 16:15:04 +0000 (GMT)
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
How stable can GRE transports and BGP=C2=A0sessions be when under load?=0A=
=C2=A0=0AI typically protect the BGP session by policing all traffic being=
delivered to the remote end except for BGP. =C2=A0Using this posture, my =
BGP session over GRE are stable; even under attack.=0A=0AKenneth=C2=A0=0A=0A=
On Jun 30, 2015, at 01:37 PM, Dennis B <infinityape@gmail.com> wrote:=0A=0A=
Roland,=0A=0AAgreed, Ramy's scenario was not truly spot on, but his questi=
on still=0Aremains. Perf implications when cloud security providers time t=
o=0Adetect/mitigate is X minutes. How stable can GRE transports and BGP=0A=
sessions be when under load?=0A=0AIn my technical opinion, this is a valid=
argument, which deems wide=0Aopinion. Specifically, use-cases about how t=
o apply defense in depth=0Alogically in the DC vs Hybrid vs Pure Cloud.=0A=
=0AGood topic, already some back-chatter personal opinions from Nanog lurk=
ers!=0A=0ARegards,=0A=0ADennis B.=0A=0A=0AOn Tue, Jun 30, 2015 at 2:45 PM,=
Roland Dobbins <rdobbins@arbor.net> wrote:=0A=0A=0AOn 1 Jul 2015, at 1:37=
, Dennis B wrote:=0A=0AWould you like to learn more? lol=0A=0A=0AI'm quite=
conversant with all these considerations, thanks.=0A=0AOP asserted that B=
GP sessions for diversion into any cloud DDoS mitigation=0Aservice ran fro=
m the endpoint network through GRE tunnels to the=0Acloud-based mitigation=
provider. I was explaining that in most cloud=0Amitigation scenarios, GRE=
tunnels are used for re-injection of 'clean'=0Atraffic to the endpoint ne=
tworks.=0A=0A-----------------------------------=0ARoland Dobbins <rdobbin=
s@arbor.net>=0A=0A=
