D/DoS mitigation hardware/software needed.

Dobbins, Roland rdobbins at arbor.net
Tue Jan 5 05:43:16 UTC 2010

On Jan 5, 2010, at 12:39 PM, Adrian Chadd wrote:

> I mean, I assume that there's checks and balances in place to limit
> then number of routes being injected into the network so one doesn't
> overload the tables, but what's the behaviour if/when this limit is
> reached? Does mitigation cease being as effective?

For IDMS 'scrubbing' solutions, one merely injects the route of the attack targets into one's iBGP, in order to draw all traffic towards that specific target into the scrubbing center.

For S/RTBH and flow-spec, modern edge routers can scale to millions of routes; also note one isn't limited to /32s.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

More information about the NANOG mailing list