vyatta for bgp
nick at foobar.org
Mon Sep 12 21:38:57 UTC 2011
On 12/09/2011 20:45, Owen DeLong wrote:
> In your typical enterprise environment, a 1G DoS will zorch the link long
> before it zorches the router at the enterprise side.
It sure will, unless you have multiple 1G links into your router, in which
case the ddos will effectively trash all the links.
> I agree that software-based routers are not a good choice for a backbone
> provider, but, for an enterprise that is dealing with <1gbps links coming
> in from ≤3 providers, the difference in cost makes a software router an
> attractive option in many cases.
> Of course it is important to understand the limitations of the solution you
> choose, but, in such an environment, a USD100,000+ ASIC based router
> may be like trying to kill a mosquito with a sledge hammer.
Indeed - as you implicitly point out, it's a cost / benefit thing. So then
the question becomes this: for the set of organisations which are large
enough to warrant multiple 1G upstreams, how long an outage can they
sustain before the price difference becomes worth it?
Let's throw some figures around (ridiculously simplified): a company has a
choice between a pair of $10k software routers or something like a pair of
MX80s for $25k each. So, one solution costs $20k; the other $50k. $30k
cost difference works out as $625 per month depreciation (4 year). I.e.
not going to affect the bottom line in any meaningful way.
Now say that this company has a DoS attack for 24h, and the company
effectively loses one day of revenue. On the basis that there are 260
office working days per year, the point at which spending an extra $30k for
a hardware router would be of net benefit to the company would be 260*30k =
$7.8m. I.e. if your annual revenue is higher than that, and if spending
that cash would mitigate against your DoS problems, then it would be worth
your while in terms of direct loss mitigation.
Of course, this analysis is quite simplistic and excludes things like
damage to reputation, online stores, the likelihood of DoS attacks
happening in the first place, the cost of transit and many other points of
reality. However, the point is that the break-even point for getting
serious horsepower for your transit requirements is surprisingly low once
you take into account the relationship between functional corporate
internet connectivity and either or both of corporate revenue and corporate
It's extraordinary how much attention senior management starts paying when
everyone in the office starts twiddling their thumbs because connectivity
has been down for the day.
More information about the NANOG