nanog mailing list archives
Re: Experience on Wanguard for 'anti' DDOS solutions
From: Nick Pratley <nick.pratley () serversaustralia com au>
Date: Tue, 11 Aug 2015 11:48:48 +1000
Some base numbers as it stands now: Total Anomalies: ~8000 Total Prefixes in BGP: ~400 We don't mitigate _everthing_ - if our transit can handle the inbound then it doesn't do anything - just alert and take a pcap dump for further tuning. If we see congestion, it moves prefixes around to a scrubbing center to clean the traffic before returning back to us. This is also just domestic AU, international traffic is on another system that gets scrubbed 24x7. We have close to 20 policys & threshold templates for all different scenarios. Though I was talking about the stability of the software, whilst dealing with around 20Gbit raw data. I've only seen one issue (thinking about it now, I need to raise a Feature Request for this) - which is the ability to use the number of source IPs as a metric to compliment pkt/s and bits/s thresholds. Would be nice to trigger a rule if "total num src IPs" >= 100 + 600M of TCP then start moving, but if only 600M TCP and 1 SRC IP, then leave it as it is. Regards, Nick
Current thread:
- Experience on Wanguard for 'anti' DDOS solutions Marcel Duregards (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Pavel Odintsov (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Job Snijders (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Matt Perkins (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Nick Pratley (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Matt Taylor (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Valdis . Kletnieks (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Paul Ferguson (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Nick Pratley (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Nick Rose (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Aaron (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Matt Taylor (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Job Snijders (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Pavel Odintsov (Aug 10)
- <Possible follow-ups>
- Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 12)
- Re: Experience on Wanguard for 'anti' DDOS solutions Fabien Delmotte (Aug 12)
- Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 12)
- Re: Experience on Wanguard for 'anti' DDOS solutions Fabien Delmotte (Aug 12)