nanog mailing list archives
Re: DDOS, IDS, RTBH, and Rate limiting
From: Brian Rak <brak () gameservers com>
Date: Sat, 22 Nov 2014 18:53:09 -0500
On 11/22/2014 11:18 AM, Denys Fedoryshchenko wrote:
On 2014-11-22 18:00, freedman () freedman net wrote:Oh, Brocade, recent experience with ServerIron taught me new lesson, that i can't do bonding on ports as i want, it has limitations about even/odd port numbers andWe see a lot of Brocade for switching in hosting providers, which makes sFlow easy, of course.etc.Most amazing part i just forgot, that i have this ServerIron, and it is a place where i run DDoS protection (but it works perfectly over "tap" way). Thanks for remindingabout this vendor :)
I just hope you're not talking FCX's.... if you upgrade those to 8.x firmware, you'll lose sflow on the 10gb ports. Once you upgrade, they send a corrupted sflow packet, and at *far* less then the rate that you configure. Even if you adjust your parser to compensate for the corrupt packet, they're still dropping the large majority of samples, making sflow pretty much useless.
It's been several months since we reported this, and we're still waiting on a fix.
Current thread:
- Re: DDOS, IDS, RTBH, and Rate limiting, (continued)
- Re: DDOS, IDS, RTBH, and Rate limiting Data Zone (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Avi Freedman (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Peter Phaal (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Tim Jackson (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 21)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 22)
- Re: DDOS, IDS, RTBH, and Rate limiting Brian Rak (Nov 22)