Getting hit hard by CHINANET

Paul S. contact at winterei.se
Mon Mar 23 15:14:12 UTC 2015


+1, I've had good luck with this as well.

My experiences pretty much mirror yours, NOC says no, had to ask my SE 
to take care of it.

Didn't have any issues after.

On 3/23/2015 午後 11:55, Ca By wrote:
> On Sun, Mar 23, 2014 at 3:43 AM, Justin M. Streiner <streiner at cluebyfour.org
>> wrote:
>> On Mon, 23 Mar 2015, Ca By wrote:
>>
>>   Having your upstream apply a permanent udp bw policer, say 5 or 10x busy
>>> hour baseline, works well for this.
>>>
>> Many upstreams will not do that, particularly on a permanent basis.  They
>> might do something temporarily to deal with an incident, but many of the
>> bigger carriers probably wouldn't want to leave that in place permanently.
>>
>> jms
>>
> Mine Tier 1 up-streams are fine with it permanent. YMMV.  I did have to get
> my account team involved, but from a technical perspective, a one line
> policer (all UDP rate-limit to 10% of link speed) is not a technical
> challenge, and the one-off config element is not overly burdensome.
>
> Again, YMMV.  And, your frequency and impact of IPv4 UDP based attacks will
> dictate your needs.
>
> CB



More information about the NANOG mailing list