anti-ddos test solutions ?

Nathan Ward nanog at daork.net
Wed Mar 17 12:16:41 UTC 2010


Hire/buy what I know as a router tester. People call them different things.
It's a device that generates packets, and can normally simulate TCP etc. all the way up to HTTP etc. or higher. BGP, OSPF, MPLS, etc. etc. etc.
Tell it to generate packets that look like they come from many many hosts (you can normally simulate some kind of network topology with hosts in different places and hence different TTLs etc.), and viola.
They normally let you generate background noise traffic, or you could record 24 hours of packet headers from somewhere in your network and play it back through your test network. This needs a lot of disk of course.

I used to work for an anti-ddos vendor (Esphion, now owned by Allot) and built their first test rig. First we did it with a bank of PCs with custom Linux kernel code to generate packets because we were a startup doing things on the cheap and I was a bit masochistic. Then we got a router tester and did exactly the same thing, but in a whole lot less space with a whole lot less effort.

Both worked great, naturally I recommend a router tester.

--
Nathan Ward



More information about the NANOG mailing list