<div dir="ltr">FastNetMon is awesome, but its a detection tool with no mitigation capacity whatsoever.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 4, 2019 at 7:16 PM Rabbi Rob Thomas <<a href="mailto:robt@cymru.com">robt@cymru.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hello, NANOG!<br>
<br>
My thanks again to all who responded with suggestions, tips, and<br>
further considerations. I appreciate it very much!<br>
<br>
As promised, here is my pithy summary of your detailed suggestions.<br>
I've included URLs for those who may wish to conduct further research.<br>
We've not made our selection yet, and likely won't until early 2020.<br>
At present I'm busy building out our new backbone, and thus can't yet<br>
offer up my own recommendation. Who needs sleep? :D<br>
<br>
Several folks shared their architecture and deployment<br>
recommendations, which were quite insightful. Placement of these<br>
devices, and in particular a centralized monitoring solution for<br>
distributed deployments, were keys to success.<br>
<br>
There were no support concerns for any of these suggestions.<br>
<br>
Folks have used open source and freeware, but generally recommended<br>
commercial offerings. These required less manual intervention.<br>
<br>
It was aces to see so many folks employing techniques such as flowspec<br>
and RTBH.<br>
<br>
DDoS appliance recommendations:<br>
<br>
. Anycast and fat pipes<br>
- Multiple votes<br>
<br>
. Massive peering<br>
- Multiple votes<br>
- Be ready for peering requests from me :)<br>
<br>
. Arbor Netscout<br>
- Multiple votes<br>
- Consistently labeled as "expensive"<br>
- <a href="https://www.netscout.com/arbor-ddos" rel="noreferrer" target="_blank">https://www.netscout.com/arbor-ddos</a><br>
<br>
. RioRey<br>
- Multiple votes<br>
- <a href="http://www.riorey.com/" rel="noreferrer" target="_blank">http://www.riorey.com/</a><br>
<br>
. Juniper routers MX240 or MX480<br>
-<br>
<a href="https://www.juniper.net/us/en/products-services/routing/mx-series/mx240/" rel="noreferrer" target="_blank">https://www.juniper.net/us/en/products-services/routing/mx-series/mx240/</a><br>
-<br>
<a href="https://www.juniper.net/us/en/products-services/routing/mx-series/mx480/" rel="noreferrer" target="_blank">https://www.juniper.net/us/en/products-services/routing/mx-series/mx480/</a><br>
<br>
. NFOCUS ADS<br>
- ADS 8000 is the scrubbing box<br>
- ADS-m is the monitoring box<br>
- NTS is the box which uses Netflow to find unwanted traffic<br>
- <a href="https://nsfocusglobal.com/anti-ddos-system-ads/" rel="noreferrer" target="_blank">https://nsfocusglobal.com/anti-ddos-system-ads/</a><br>
<br>
. Wanguard+Wanfilter<br>
- <a href="https://www.andrisoft.com/software/wanguard" rel="noreferrer" target="_blank">https://www.andrisoft.com/software/wanguard</a><br>
- <a href="https://www.andrisoft.com/software/wanguard/ddos-mitigation-protecti" rel="noreferrer" target="_blank">https://www.andrisoft.com/software/wanguard/ddos-mitigation-protecti</a><br>
on<br>
<br>
. A10 Thunder ADC<br>
- <a href="https://a10networks.optrics.com/products/application-delivery.aspx" rel="noreferrer" target="_blank">https://a10networks.optrics.com/products/application-delivery.aspx</a><br>
<br>
. FastNetMon<br>
- Free or inexpensive<br>
- <a href="https://fastnetmon.com/" rel="noreferrer" target="_blank">https://fastnetmon.com/</a><br>
<br>
Thank you!<br>
Rob, the routing rabbi.<br>
- -- <br>
Rabbi Rob Thomas Team Cymru<br>
"It is easy to believe in freedom of speech for those with whom we<br>
agree." - Leo McKern<br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3n97AACgkQQ+hhYvqF<br>
8o1zdA//aSCm5pVs2O6g88cqTMkOP9RMHndPv0HMSSbaGTKvLEgfO+Vb3uC//GrU<br>
GqOVPdq2DqMk0iYnplRFqXIGD1wPT6q6m141FCm0srh6Wza4Q4+9uRoOMoNFDGu4<br>
+PWjKTlThUyu2GzpTEDehMU1ruN0cXtKSNa3Pz9CXTNLcDDf5d1L+Jdfci6I7kKp<br>
6flJG6IIuxDXKMhByywmYW2pEGfMqqgKK6maqyICwtvA4rL/rB54cwvNjE8fnhuY<br>
qboqkYXQDFO0+8+lVeWQXVCh5NGD8HfD+pZ7h4sLEp6/6WMivQ7WBZdno7wMW73U<br>
vexICCPq5zSfcir7ME4BIBfSRpDZZODBAe6T2EQ9X/ehy+iJEnnQV7NZ96nHLOZc<br>
dCTY29XC4Un1kAWN0HfNP7be8SuXmFt4VcuuOVzlUuwoBIDzUX9+eDgoZN2uRYvd<br>
ev27CL3dr1RAuWLRzauOz6nJGiKqZ2Hh1JhEaqAxC4V+zJfeGMuNiqazJ1SjDVkG<br>
lAufVLdjsIy7AoCjkJI7diVQ6QuBR70w0p9l8rFaJ5rc/Ef9OzLR8Po4QlJHstLD<br>
IaD9IKCoqnlucxFQmHA45Zp+h+EZvo32lg4Cy3rDv4NweoFhzgxpq6ER1IvS3k4T<br>
zhiAsZxKPwitwxNdRUg0Qb1wFq3gwa9nDUv3Z0cy6+CE/zSg0KU=<br>
=hYKB<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US" style="font-size:10pt">Alexander Lyamin, VP & Founder</span></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US" style="font-size:10pt"> </span><a href="http://qrator.net/" style="color:rgb(17,85,204)" target="_blank"><span lang="EN-US" style="font-size:10pt;color:blue">Qrator</span></a><u><span lang="EN-US" style="font-size:10pt;color:blue"> Labs CZ </span></u></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US" style="font-size:10pt">office: <a href="tel:++420+602+558+144" target="_blank">+420 602 558 144</a></span></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US" style="font-size:10pt">mob: <a href="tel:++420+774+303+807" target="_blank">+420 774 303 807</a><br></span><span style="font-size:10pt">skype: melanor9</span></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US" style="font-size:10pt">mailto: <font color="#0000ff"> <a href="mailto:la@qrator.net" target="_blank">la@qrator.net</a></font></span></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><img src="http://static.qrator.net/fixed/qlabslogo.png"><br><br></p></div></div></div></div></div></div></div></div></div></div>