[185601] in North American Network Operators' Group
Re: DDoS mitigation for ISPs
daemon@ATHENA.MIT.EDU (Job Snijders)
Thu Oct 29 12:01:22 2015
X-Original-To: nanog@nanog.org
Date: Thu, 29 Oct 2015 16:53:55 +0100
From: Job Snijders <job@instituut.net>
To: Mike <mike-nanog@tiedyenetworks.com>
In-Reply-To: <56323E67.8010304@tiedyenetworks.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Oct 29, 2015 at 08:42:31AM -0700, Mike wrote:
> Is there any DDoS mitigation service provider that can scrub traffic
> for an ISP network?
Yeah, plenty. A non-exhaustive list: Prolexic, Incapsula, Staminus or
Nexusguard. There is no lack of choice.
> I have an ASN and BGP and my own netblocks, and I have a 1gbps pipe. I
> was thinking the scenario would be during attack, we could bring up a
> tunnel and run bgp over it and advertise some portion of our ip space
> thru it. I realise getting it setup while attack is taking place would
> be a little hard and that we likely could expect at least some down
> time.
It is more common to set up the GRE tunnel before hand, and just send
out the BGP announcement of the /24 when an IP within that /24 is under
attack.
Kind regards,
Job
