DDOS, IDS, RTBH, and Rate limiting

Roland Dobbins rdobbins at arbor.net
Sun Nov 9 02:28:10 UTC 2014


On 9 Nov 2014, at 8:59, Frank Bulk wrote:

> I've written it before: if there was a software feature in routers 
> where I
> could specify the maximum rate any prefix size (up to /32) could 
> receive,
> that would be very helpful.

QoS generally isn't a suitable mechanism for DDoS mitigation, as the 
programmatically-generated attack traffic ends up 'crowding out' 
legitimate traffic.

S/RTBH, flowspec, and other methods tend to produce better results.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list