DDoS mitigation recommendations

Jeffrey Lyon jeffrey.lyon at blacklotus.net
Tue Jan 26 15:12:44 UTC 2010

The RioRey per prefix issue is fixed although the patch they released to us
had a lot of bugs. Were still waiting on a working appliance with the new

IntruGuard fits the bill and is probably 1/5th the cost of Arbor pound for
pound. We use both RR and IG, each having their pros and cons.


On Jan 26, 2010 9:39 AM, "Stefan Fouant" <sfouant at shortestpathfirst.net>

There was an interesting thread on this topic a few weeks back.  I really
liked the Guards, it's too bad Cisco decided to pull this from the
marketplace - it was as close to a panacea as it gets.

As alternatives, I've worked with the Riorey boxes as well as Arbor gear.
 They are both very good boxes, but as your requirements state that you
require Multi-tenancy that only really leaves the Arbor.  Unfortunately, the
Riorey boxes only support a one-size fits all approach as they do not allow
unique filtering parameters on a per-prefix basis.  Arbor on the other hand
supports a full range of Managed Objects and Mitigation Templates which can
be applied to individual prefixes, etc.

Sorry for the top post, I'm on my Blackberry.

Stefan Fouant

------Original Message------ From: Korten, Sean To: nanog at nanog.org To:
tsands at rackspace.com Subject...
Sent from my Verizon Wireless BlackBerry

More information about the NANOG mailing list