D/DoS mitigation hardware/software needed.
martin at theicelandguy.com
Tue Jan 5 15:50:56 UTC 2010
On Mon, Jan 4, 2010 at 4:19 PM, Rick Ernst <nanog at shreddedmail.com> wrote:
> Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned
> several times but they haven't been responsive to literature requests
> if anybody from Arbor is looking...). Our current upstream is 3x GigE from
> 3 different providers, each landing on their own BGP endpoint feeding a
> route-reflector core.
> I see two possible solutions:
> - Netflow/sFlow/***Flow feeding a BGP RTBH
> - Inline device
- Outsource to service provider
Netflow can lag a bit in detection. I'd be concerned that inline devices
> add an additional point of failure. I'm worried about both failing-open
> (e.g. network outage) and false-positives.
How often are you getting DDoS'd?
The financials of using a managed service provider vs.
buy-all-your-own-grrovy-stuff can be fairly compelling especially if the
amount of DDoS you experience is almost nil.
Re: Arbor. I don't have any recent experience, but they've been around for a
long time, have a very experienced team that understands ISP and enterprise
and the product is mature. Hard to go wrong if you can justify the costs.
Martin Hannigan martin at theicelandguy.com
Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
More information about the NANOG