Pros and Cons of Cloud Computing in dealing with DDoS

Stefan Fouant sfouant at
Thu Nov 5 19:11:35 UTC 2009

> -----Original Message-----
> From: jeffrey.lyon at [mailto:jeffrey.lyon at] On Behalf
> Of Jeffrey Lyon
> Sent: Thursday, November 05, 2009 1:20 PM
> To: Stefan Fouant
> Cc: NANOG list
> Subject: Re: Pros and Cons of Cloud Computing in dealing with DDoS
> DDoS is a threat to the cloud just as DDoS is a threat to any other
> service when you fail to implement protection. Our company recently
> put out a DDoS mitigated cloud product specifically for high risk
> clients.
> Best regards, Jeff

Obviously the cloud is no different than any other infrastructure insofar as
implementing protection mechanisms.  Ample bandwidth (typically more so than
in the enterprise) should make it easier to absorb larger amounts of the bad
stuff.  What I'm really wondering is what steps cloud providers are taking
to be able to differentiate between the legitimate vs. targeted resource
consumption, what are their motivations if the main thing driving revenue is
expansion of resource utilization, or do most cloud providers simply think
this is a non-issue if they can just overengineer compute, storage, and
network resources such that they can sustain even the heaviest loads,
legitimate or not.

I'd also like to get perspectives from some of the heavy hitters (ahem...
Danny, Roland, etc.) and understand why they think DDoS is the single
biggest threat to the cloud computing model, again this is counter to a lot
of evidence which points to the corollary - think DNS Root Servers and
you'll have an idea what I'm talking about...

BTW - the BlackLotus offering using RioRey is pretty cool (those are good
boxes and I've used them before for specific point applications), but I'm
really trying to discuss the relevance to cloud based services, not hosted
services (I don't generally group them into the same category).  

Stefan Fouant
GPG Key ID: 0xB5E3803D

More information about the NANOG mailing list