D/DoS mitigation hardware/software needed.
adrian at creative.net.au
Tue Jan 5 05:39:04 UTC 2010
On Tue, Jan 05, 2010, Stefan Fouant wrote:
> Almost all of the scalable DDoS mitigation architectures deployed in
> carriers or other large enterprises employ the use of an offramp method.
> These devices perform a lot better when you can forward just the subset of
> the traffic through as opposed to all. It just a simple matter of using
> static routing / RTBH techniques / etc. to automate the offramp.
Has anyone deployed a DDoS distributed enough to inject ETOOMANY routes into
the hardware forwarding tables of routers?
I mean, I assume that there's checks and balances in place to limit
then number of routes being injected into the network so one doesn't
overload the tables, but what's the behaviour if/when this limit is
reached? Does mitigation cease being as effective?
More information about the NANOG