I don't need no stinking firewall!
gbonser at seven.com
Tue Jan 5 23:03:51 CST 2010
> -----Original Message-----
> From: Dobbins, Roland [mailto:rdobbins at arbor.net]
> Sent: Tuesday, January 05, 2010 8:53 PM
> To: NANOG list
> Subject: Re: I don't need no stinking firewall!
> On Jan 6, 2010, at 11:43 AM, George Bonser wrote:
> > Yes, you have to take some of the things that were done in one spot
> and do
> > them in different locations now, but the results are an amazing
> > in service capacity per dollar spent on infrastructure.
> I strongly agree with the majority of your comments, with the caveat
> that I've seen many, many load-balancers fall over due to state-
> exhaustion, too; load-balancers need northbound protection from DDoS
> (S/RTBH, flow-spec, IDMS, et. al.), as well.
Yes, I have seen load balancers fall over, too. I have some interesting
stories of how those problems have been solved. Sometimes it relies on
using a feature of one vendor to leverage a feature of another vendor.
But I generally agree with you. There is a lot that can be done ahead
of the load balancers.
More information about the NANOG