DDOS solution recommendation

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe try the Cisco CSR1000v. In the trial mode it won't give you a
decent throughput, but should have all features enabled.

On 11 January 2015 at 15:02, Ammar Zuberi <ammar at fastreturn.net> wrote:
> I’m stuck trying to find a virtual router environment that I can play with flowspec on. We do have some Juniper routers, but they are in production and I don’t think I want to touch flowspec on them just yet.
>
> Does anyone have any experience or any ideas here? Even openbgpd?
>
>> On Jan 11, 2015, at 6:58 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
>>
>>
>> On 11 Jan 2015, at 20:52, Ca By wrote:
>>
>>> 1. BCP38 protects your neighbor, do it.
>>
>> It's to protect yourself, as well.  You should do it all the way down to the transit customer aggregation edge, all the way down to the IDC access layer, etc.
>>
>>> 2.  Protect yourself by having your upstream police Police UDP to some
>>> baseline you are comfortable with.
>>
>> This will come back to haunt you, when the programmatically-generated attack traffic 'crowds out' the legitimate traffic and everything breaks.
>>
>> You can only really do this for ntp.
>>
>>> 3.  Have RTBH ready for some special case.
>>
>> S/RTBH and/or flowspec are better (S/RTBH does D/RTBH, too).
>>
>> -----------------------------------
>> Roland Dobbins <rdobbins at arbor.net>
>

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]