Recommended DDoS mitigation appliance?

• Previous message (by thread): Software Defined Networks
• Next message (by thread): Recommended DDoS mitigation appliance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, NANOG!

My thanks again to all who responded with suggestions, tips, and
further considerations.  I appreciate it very much!

As promised, here is my pithy summary of your detailed suggestions.
I've included URLs for those who may wish to conduct further research.
 We've not made our selection yet, and likely won't until early 2020.
 At present I'm busy building out our new backbone, and thus can't yet
offer up my own recommendation.  Who needs sleep?  :D

Several folks shared their architecture and deployment
recommendations, which were quite insightful.  Placement of these
devices, and in particular a centralized monitoring solution for
distributed deployments, were keys to success.

There were no support concerns for any of these suggestions.

Folks have used open source and freeware, but generally recommended
commercial offerings.  These required less manual intervention.

It was aces to see so many folks employing techniques such as flowspec
and RTBH.

DDoS appliance recommendations:

. Anycast and fat pipes
  - Multiple votes

. Massive peering
  - Multiple votes
  - Be ready for peering requests from me  :)

. Arbor Netscout
  - Multiple votes
  - Consistently labeled as "expensive"
  - https://www.netscout.com/arbor-ddos

. RioRey
  - Multiple votes
  - http://www.riorey.com/

. Juniper routers MX240 or MX480
  -
https://www.juniper.net/us/en/products-services/routing/mx-series/mx240/
  -
https://www.juniper.net/us/en/products-services/routing/mx-series/mx480/

. NFOCUS ADS
  - ADS 8000 is the scrubbing box
  - ADS-m is the monitoring box
  - NTS is the box which uses Netflow to find unwanted traffic
  - https://nsfocusglobal.com/anti-ddos-system-ads/

. Wanguard+Wanfilter
  - https://www.andrisoft.com/software/wanguard
  - https://www.andrisoft.com/software/wanguard/ddos-mitigation-protecti
on

. A10 Thunder ADC
  - https://a10networks.optrics.com/products/application-delivery.aspx

. FastNetMon
  - Free or inexpensive
  - https://fastnetmon.com/

Thank you!
Rob, the routing rabbi.
- -- 
Rabbi Rob Thomas                                           Team Cymru
   "It is easy to believe in freedom of speech for those with whom we
    agree." - Leo McKern
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3n97AACgkQQ+hhYvqF
8o1zdA//aSCm5pVs2O6g88cqTMkOP9RMHndPv0HMSSbaGTKvLEgfO+Vb3uC//GrU
GqOVPdq2DqMk0iYnplRFqXIGD1wPT6q6m141FCm0srh6Wza4Q4+9uRoOMoNFDGu4
+PWjKTlThUyu2GzpTEDehMU1ruN0cXtKSNa3Pz9CXTNLcDDf5d1L+Jdfci6I7kKp
6flJG6IIuxDXKMhByywmYW2pEGfMqqgKK6maqyICwtvA4rL/rB54cwvNjE8fnhuY
qboqkYXQDFO0+8+lVeWQXVCh5NGD8HfD+pZ7h4sLEp6/6WMivQ7WBZdno7wMW73U
vexICCPq5zSfcir7ME4BIBfSRpDZZODBAe6T2EQ9X/ehy+iJEnnQV7NZ96nHLOZc
dCTY29XC4Un1kAWN0HfNP7be8SuXmFt4VcuuOVzlUuwoBIDzUX9+eDgoZN2uRYvd
ev27CL3dr1RAuWLRzauOz6nJGiKqZ2Hh1JhEaqAxC4V+zJfeGMuNiqazJ1SjDVkG
lAufVLdjsIy7AoCjkJI7diVQ6QuBR70w0p9l8rFaJ5rc/Ef9OzLR8Po4QlJHstLD
IaD9IKCoqnlucxFQmHA45Zp+h+EZvo32lg4Cy3rDv4NweoFhzgxpq6ER1IvS3k4T
zhiAsZxKPwitwxNdRUg0Qb1wFq3gwa9nDUv3Z0cy6+CE/zSg0KU=
=hYKB
-----END PGP SIGNATURE-----

• Previous message (by thread): Software Defined Networks
• Next message (by thread): Recommended DDoS mitigation appliance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]