vyatta for bgp

Tue Sep 13 14:21:22 UTC 2011

On Mon, 12 Sep 2011 22:38:57 BST, Nick Hilliard said:

> Let's throw some figures around (ridiculously simplified):  a company has a
> choice between a pair of $10k software routers or something like a pair of
> MX80s for $25k each.  So, one solution costs $20k; the other $50k.  $30k
> cost difference works out as $625 per month depreciation (4 year).  I.e.
> not going to affect the bottom line in any meaningful way.
> 
> Now say that this company has a DoS attack for 24h, and the company
> effectively loses one day of revenue.  On the basis that there are 260
> office working days per year, the point at which spending an extra $30k for
> a hardware router would be of net benefit to the company would be 260*30k =
> $7.8m.  I.e. if your annual revenue is higher than that, and if spending
> that cash would mitigate against your DoS problems, then it would be worth
> your while in terms of direct loss mitigation.
> 
> Of course, this analysis is quite simplistic and excludes things like
> damage to reputation, online stores, the likelihood of DoS attacks
> happening in the first place, the cost of transit and many other points of
> reality.

One important thing it overlooks is what percent of DDoS attackqs are simple
"flood the pipe" attacks directed at a target behind the router.  If you got a
100M or  1G pipe to the outside world and you're getting hammered by multiple G
worth of packets, things are going to suck no matter what the router is.  And
let's face it, kicking that pipe to 10G is gonna cost a bit....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110913/e7e22d1b/attachment.sig>