Experience on Wanguard for 'anti' DDOS solutions

• Previous message (by thread): Experience on Wanguard for 'anti' DDOS solutions
• Next message (by thread): Experience on Wanguard for 'anti' DDOS solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Some base numbers as it stands now:

Total Anomalies: ~8000
Total Prefixes in BGP: ~400

We don't mitigate _everthing_ - if our transit can handle the inbound then
it doesn't do anything - just alert and take a pcap dump for further
tuning. If we see congestion, it moves prefixes around to a scrubbing
center to clean the traffic before returning back to us.

This is also just domestic AU, international traffic is on another system
that gets scrubbed 24x7.

We have close to 20 policys & threshold templates for all different
scenarios.

Though I was talking about the stability of the software, whilst dealing
with around 20Gbit raw data.

I've only seen one issue (thinking about it now, I need to raise a Feature
Request for this) - which is the ability to use the number of source IPs as
a metric to compliment pkt/s and bits/s thresholds. Would be nice to
trigger a rule if "total num src IPs" >= 100 + 600M of TCP then start
moving, but if only 600M TCP and 1 SRC IP, then leave it as it is.

Regards,
Nick

• Previous message (by thread): Experience on Wanguard for 'anti' DDOS solutions
• Next message (by thread): Experience on Wanguard for 'anti' DDOS solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]