nanog mailing list archives

Re: VLANs

From: Rodney Joffe <rjoffe () centergate com>
Date: Wed, 14 Nov 2007 13:30:38 -0700



On Nov 13, 2007, at 11:16 AM, Christopher Morrow wrote:


On 11/13/07, Rodney Joffe <rjoffe () centergate com> wrote:


Are any of you operators utilizing VLANs to/with your transit
providers in order to isolate traffic types or services, and/or to
assist in traffic shaping before it hits your transit connections
(isolating the effects of DDoS's)?


There was once a customer at a past job that used a sacrificial T1 to
do this... They'd just announce/next-hop the attacked thing to the T1
interface, apparently remembering that there was BHR community
available (and config'd for them) was hard to do.

Are you looking to save the traffic for a reason or would just junking
it down a tiny pipe work? (send me only x bps don't squeeze out all of
my pipe in the process, unless your vlan config also included
bandwidth limits?)

I have too many services to just want to use a T1 or two assacrificial pipes. and I don't want to be messing around manually.

I need to be able to have the transit providers effectively provideisolation for each subnet, so my idea is to advertise each service upa separate rate-limited VLAN. So if one service is DDoS'd, and its100mb vlan is hosed, the other 9 services still cope easily with eachof their 100mb vlans.


Seems simple and logical to me, but I wasn't sure what I was missing.



-Chris

Current thread:

VLANs Rodney Joffe (Nov 13)
- Re: VLANs Christopher Morrow (Nov 13)
  - Re: VLANs Bill Woodcock (Nov 13)
  - Re: VLANs Rodney Joffe (Nov 14)
    - Re: VLANs Sean Donelan (Nov 14)
    - Re: VLANs Deepak Jain (Nov 19)
    - Re: VLANs Joe Greco (Nov 14)