GRE performance over the Internet - DDoS cloud mitigation

• Previous message (by thread): GRE performance over the Internet - DDoS cloud mitigation
• Next message (by thread): most accurate geo-IP source to build country-based access lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roland,

Agreed, Ramy's scenario was not truly spot on, but his question still
remains. Perf implications when cloud security providers time to
detect/mitigate is X minutes. How stable can GRE transports and BGP
sessions be when under load?

In my technical opinion, this is a valid argument, which deems wide
opinion. Specifically, use-cases about how to apply defense in depth
logically in the DC vs Hybrid vs Pure Cloud.

Good topic, already some back-chatter personal opinions from Nanog lurkers!

Regards,

Dennis B.


On Tue, Jun 30, 2015 at 2:45 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

>
> On 1 Jul 2015, at 1:37, Dennis B wrote:
>
>  Would you like to learn more? lol
>>
>
> I'm quite conversant with all these considerations, thanks.
>
> OP asserted that BGP sessions for diversion into any cloud DDoS mitigation
> service ran from the endpoint network through GRE tunnels to the
> cloud-based mitigation provider.  I was explaining that in most cloud
> mitigation scenarios, GRE tunnels are used for re-injection of 'clean'
> traffic to the endpoint networks.
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
>

• Previous message (by thread): GRE performance over the Internet - DDoS cloud mitigation
• Next message (by thread): most accurate geo-IP source to build country-based access lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]