D/DoS mitigation hardware/software needed.

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 5, 2010, at 12:39 PM, Adrian Chadd wrote:

> I mean, I assume that there's checks and balances in place to limit
> then number of routes being injected into the network so one doesn't
> overload the tables, but what's the behaviour if/when this limit is
> reached? Does mitigation cease being as effective?

For IDMS 'scrubbing' solutions, one merely injects the route of the attack targets into one's iBGP, in order to draw all traffic towards that specific target into the scrubbing center.

For S/RTBH and flow-spec, modern edge routers can scale to millions of routes; also note one isn't limited to /32s.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]