Re: anti-ddos test solutions ?

[Nathan Ward <nanog () daork net>]

Hire/buy what I know as a router tester. People call them different things.
It's a device that generates packets, and can normally simulate TCP etc. all the way up to HTTP etc. or higher. BGP, 
OSPF, MPLS, etc. etc. etc.
Tell it to generate packets that look like they come from many many hosts (you can normally simulate some kind of 
network topology with hosts in different places and hence different TTLs etc.), and viola.
They normally let you generate background noise traffic, or you could record 24 hours of packet headers from somewhere 
in your network and play it back through your test network. This needs a lot of disk of course.

I used to work for an anti-ddos vendor (Esphion, now owned by Allot) and built their first test rig. First we did it 
with a bank of PCs with custom Linux kernel code to generate packets because we were a startup doing things on the 
cheap and I was a bit masochistic. Then we got a router tester and did exactly the same thing, but in a whole lot less 
space with a whole lot less effort.

Both worked great, naturally I recommend a router tester.

--
Nathan Ward