D/DoS mitigation hardware/software needed.

Jeffrey Lyon jeffrey.lyon at blacklotus.net
Tue Jan 5 08:59:29 CST 2010


My somewhat educated opinion on the matter is that appliance developers want
to sit on the edge and see all your traffic merely to protect their own
interests and market share.

NS-5000s have been good to us for bulk filtering and we rely on appliances
for more intelligent inspection. Dollar for dollar NS is substantially more
robust in my experience.

Best regards, Jeff

On Jan 5, 2010 9:46 AM, "Rob Shakir" <rjs at eng.gxn.net> wrote:

(Resent, sorry for multiple copies -- I messed up from From: address)

On 5 Jan 2010, at 06:16, Stefan Fouant wrote: >> >> That said, what are all
those ISPs doing now th...
Is this really true? I've seen the white paper,  I've been told that the
this is the best way forward from the Guard, but I must say that I'm not yet
totally convinced. The Guard product was something that can be separated
from the Cisco Detection approach, i.e. one can activate the Guard via a
means that did not necessarily involve the Detectors being the source of the
activation, this doesn't seem to be true for the Arbor alternative (I
believe that the TMS requires registering against the rest of the PeakFlow
platform).

The other thing that we noted relating to the platform is that there's
nothing really "new" in the TMS (other than of course, much increased
scrubbing rates!) compared to the Guard. There doesn't appear to be any
direct comparison to the 'strong' scrubbing mode that the Cisco Guard
implemented - whereby the device would proxy a bunch of traffic.

If you're an SP who has some existing NetFlow solution, and don't really
justify a spend for traffic intelligence within your network (or have
something home-grown), is there an alternative scrubber that one might be
able to use in a more standalone deployment that can approach the filtering
levels of the Arbor kit?

I should probably point out that we only really started our conversation
with Arbor within the last month or so, so there are perhaps details
relating to this that I've missed. I'd be happy to be corrected!

Kind regards,
Rob

--
Rob Shakir                      <rjs at eng.gxn.net>
Network Development Engineer    GX Networks/Vialtus Solutions
ddi: +44208 587 6077            mob: +44797 155 4098
pgp: 0xc07e6deb                 nic-hdl: RJS-RIPE

This email is subject to: http://www.vialtus.com/disclaimer.html



More information about the NANOG mailing list