Re: GRE performance over the Internet - DDoS cloud mitigation

Kenneth McRae kenneth.mcrae at me.com
Wed Jul 1 16:15:04 UTC 2015


How stable can GRE transports and BGP sessions be when under load?
 
I typically protect the BGP session by policing all traffic being delivered to the remote end except for BGP.  Using this posture, my BGP session over GRE are stable; even under attack.

Kenneth 

On Jun 30, 2015, at 01:37 PM, Dennis B <infinityape at gmail.com> wrote:

Roland,

Agreed, Ramy's scenario was not truly spot on, but his question still
remains. Perf implications when cloud security providers time to
detect/mitigate is X minutes. How stable can GRE transports and BGP
sessions be when under load?

In my technical opinion, this is a valid argument, which deems wide
opinion. Specifically, use-cases about how to apply defense in depth
logically in the DC vs Hybrid vs Pure Cloud.

Good topic, already some back-chatter personal opinions from Nanog lurkers!

Regards,

Dennis B.


On Tue, Jun 30, 2015 at 2:45 PM, Roland Dobbins <rdobbins at arbor.net> wrote:


On 1 Jul 2015, at 1:37, Dennis B wrote:

Would you like to learn more? lol


I'm quite conversant with all these considerations, thanks.

OP asserted that BGP sessions for diversion into any cloud DDoS mitigation
service ran from the endpoint network through GRE tunnels to the
cloud-based mitigation provider. I was explaining that in most cloud
mitigation scenarios, GRE tunnels are used for re-injection of 'clean'
traffic to the endpoint networks.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>




More information about the NANOG mailing list