GRE performance over the Internet - DDoS cloud mitigation

[Ramy Hashish <ramy.ihashish () gmail com>]

Good day All,

I just want to raise the issue that has not been addressed so far by the
DDoS cloud mitigation providers, either in the always-ON solution or the
on-demand solution, a BGP session has to be established over a GRE tunnel
over the internet between the ISP/NSP/DC and the cloud scrubbing center,
the BGP/GRE are used for two main purposes; advertising the victim /24
subnet during the attack, and sending the traffic back to from the
scrubbing center to the provider.

The question is how can we guarantee the GRE/BGP performance (control
traffic) during the time between detection and mitigation?

Experts from Arbor, Prolexic(AKAMAI), Radware, Incapsula, Defense.net (F5),
Verisign, nexus guard, neustar ......etc are most welcomed to give opinions.

Thanks,

Ramy

"Only the best is good enough"