DDOS solution recommendation

Damian Menscher damian at google.com
Sun Jan 11 03:48:26 UTC 2015


On Thu, Jan 8, 2015 at 9:01 AM, Manuel Marín <mmg at transtelco.net> wrote:

> I was wondering what are are using for DDOS protection in your networks. We
> are currently evaluating different options (Arbor, Radware, NSFocus,
> RioRey) and I would like to know if someone is using the cloud based
> solutions/scrubbing centers like Imperva, Prolexic, etc and what are the
> advantages/disadvantages of using a cloud base vs an on-premise solution.
> It would be great if you can share your experience on this matter.
>

On-premise solutions are limited by your own bandwidth.  Attacks have been
publicly reported at 400Gbps, and are rumored to be even larger.  If you
don't have that much network to spare, then packet loss will occur upstream
of your mitigation.  Having a good relationship with your network
provider(s) can help here, of course.

If you go with a cloud-based solution, be wary of their SLA.  I've seen
some claim 100% uptime (not believable) but of course no refund/credits for
downtime.  Another provider only provides 20Gbps protection, then will
null-route the victim.

On Sat, Jan 10, 2015 at 4:19 PM, Charles N Wyble <charles at thefnf.org> wrote:

> Also how are folks testing ddos protection? What lab gear,tools,methods
> are you using to determine effectiveness of the mitigation.


Live-fire is the cheapest approach (just requires some creative trolling)
but if you want to control the "off" button, cloud VMs can be tailored to
your needs.  There are also legitimate companies that do network stress
testing.

Keep in mind that you need to test against a variety of attacks, against
all components in the critical path.  Attackers aren't particularly
methodical, but will still randomly discover any weaknesses you've
overlooked.

Damian



More information about the NANOG mailing list