D/DoS mitigation hardware/software needed.

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 05, 2010, Stefan Fouant wrote:

> Almost all of the scalable DDoS mitigation architectures deployed in
> carriers or other large enterprises employ the use of an offramp method.
> These devices perform a lot better when you can forward just the subset of
> the traffic through as opposed to all.  It just a simple matter of using
> static routing / RTBH techniques / etc. to automate the offramp.

Has anyone deployed a DDoS distributed enough to inject ETOOMANY routes into
the hardware forwarding tables of routers?

I mean, I assume that there's checks and balances in place to limit
then number of routes being injected into the network so one doesn't
overload the tables, but what's the behaviour if/when this limit is
reached? Does mitigation cease being as effective?




Adrian

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]