Re: DDOS, IDS, RTBH, and Rate limiting

[Brian Rak <brak () gameservers com>]

On 11/22/2014 11:18 AM, Denys Fedoryshchenko wrote:
> On 2014-11-22 18:00, freedman () freedman net wrote:
> > We see a lot of Brocade for switching in hosting providers, which makes
> > sFlow easy, of course.
> Oh, Brocade, recent experience with ServerIron taught me new lesson, 
> that i can't
> do bonding on ports as i want, it has limitations about even/odd port 
> numbers and
> etc.
> Most amazing part i just forgot, that i have this ServerIron, and it 
> is a place where
> i run DDoS protection (but it works perfectly over "tap" way). Thanks 
> for reminding
> about this vendor :)

I just hope you're not talking FCX's.... if you upgrade those to 8.x 
firmware, you'll lose sflow on the 10gb ports.  Once you upgrade, they 
send a corrupted sflow packet, and at *far* less then the rate that you 
configure.  Even if you adjust your parser to compensate for the corrupt 
packet, they're still dropping the large majority of samples, making 
sflow pretty much useless.

It's been several months since we reported this, and we're still waiting 
on a fix.