Recommended DDoS mitigation appliance?
Alexander Lyamin
la at qrator.net
Thu Dec 5 09:31:30 UTC 2019
FastNetMon is awesome, but its a detection tool with no mitigation capacity
whatsoever.
On Wed, Dec 4, 2019 at 7:16 PM Rabbi Rob Thomas <robt at cymru.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello, NANOG!
>
> My thanks again to all who responded with suggestions, tips, and
> further considerations. I appreciate it very much!
>
> As promised, here is my pithy summary of your detailed suggestions.
> I've included URLs for those who may wish to conduct further research.
> We've not made our selection yet, and likely won't until early 2020.
> At present I'm busy building out our new backbone, and thus can't yet
> offer up my own recommendation. Who needs sleep? :D
>
> Several folks shared their architecture and deployment
> recommendations, which were quite insightful. Placement of these
> devices, and in particular a centralized monitoring solution for
> distributed deployments, were keys to success.
>
> There were no support concerns for any of these suggestions.
>
> Folks have used open source and freeware, but generally recommended
> commercial offerings. These required less manual intervention.
>
> It was aces to see so many folks employing techniques such as flowspec
> and RTBH.
>
> DDoS appliance recommendations:
>
> . Anycast and fat pipes
> - Multiple votes
>
> . Massive peering
> - Multiple votes
> - Be ready for peering requests from me :)
>
> . Arbor Netscout
> - Multiple votes
> - Consistently labeled as "expensive"
> - https://www.netscout.com/arbor-ddos
>
> . RioRey
> - Multiple votes
> - http://www.riorey.com/
>
> . Juniper routers MX240 or MX480
> -
> https://www.juniper.net/us/en/products-services/routing/mx-series/mx240/
> -
> https://www.juniper.net/us/en/products-services/routing/mx-series/mx480/
>
> . NFOCUS ADS
> - ADS 8000 is the scrubbing box
> - ADS-m is the monitoring box
> - NTS is the box which uses Netflow to find unwanted traffic
> - https://nsfocusglobal.com/anti-ddos-system-ads/
>
> . Wanguard+Wanfilter
> - https://www.andrisoft.com/software/wanguard
> - https://www.andrisoft.com/software/wanguard/ddos-mitigation-protecti
> on
>
> . A10 Thunder ADC
> - https://a10networks.optrics.com/products/application-delivery.aspx
>
> . FastNetMon
> - Free or inexpensive
> - https://fastnetmon.com/
>
> Thank you!
> Rob, the routing rabbi.
> - --
> Rabbi Rob Thomas Team Cymru
> "It is easy to believe in freedom of speech for those with whom we
> agree." - Leo McKern
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3n97AACgkQQ+hhYvqF
> 8o1zdA//aSCm5pVs2O6g88cqTMkOP9RMHndPv0HMSSbaGTKvLEgfO+Vb3uC//GrU
> GqOVPdq2DqMk0iYnplRFqXIGD1wPT6q6m141FCm0srh6Wza4Q4+9uRoOMoNFDGu4
> +PWjKTlThUyu2GzpTEDehMU1ruN0cXtKSNa3Pz9CXTNLcDDf5d1L+Jdfci6I7kKp
> 6flJG6IIuxDXKMhByywmYW2pEGfMqqgKK6maqyICwtvA4rL/rB54cwvNjE8fnhuY
> qboqkYXQDFO0+8+lVeWQXVCh5NGD8HfD+pZ7h4sLEp6/6WMivQ7WBZdno7wMW73U
> vexICCPq5zSfcir7ME4BIBfSRpDZZODBAe6T2EQ9X/ehy+iJEnnQV7NZ96nHLOZc
> dCTY29XC4Un1kAWN0HfNP7be8SuXmFt4VcuuOVzlUuwoBIDzUX9+eDgoZN2uRYvd
> ev27CL3dr1RAuWLRzauOz6nJGiKqZ2Hh1JhEaqAxC4V+zJfeGMuNiqazJ1SjDVkG
> lAufVLdjsIy7AoCjkJI7diVQ6QuBR70w0p9l8rFaJ5rc/Ef9OzLR8Po4QlJHstLD
> IaD9IKCoqnlucxFQmHA45Zp+h+EZvo32lg4Cy3rDv4NweoFhzgxpq6ER1IvS3k4T
> zhiAsZxKPwitwxNdRUg0Qb1wFq3gwa9nDUv3Z0cy6+CE/zSg0KU=
> =hYKB
> -----END PGP SIGNATURE-----
>
--
Alexander Lyamin, VP & Founder
Qrator <http://qrator.net/>* Labs CZ *
office: +420 602 558 144 <++420+602+558+144>
mob: +420 774 303 807 <++420+774+303+807>
skype: melanor9
mailto: la at qrator.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191205/1616dc09/attachment.html>
More information about the NANOG
mailing list