nanog mailing list archives
RE: Switch with high ACL capacity
From: Mike Hammett <nanog () ics-il net>
Date: Tue, 6 Nov 2018 14:38:01 -0600 (CST)
If the DDoS exceeds capacity, I simply resort to the RTBH. Until then, if I can handle it more delicately, then great. If I can handle it by adjusting routing policy (shy of blackholing) or by dropping traffic selectively until then, I deliver a better experience. Eyeball networks can handle DDoSes a bit differently than content guys because most of our traffic is on just a handful of ASNs on a few ports. -----Mike HammettIntelligent Computing SolutionsMidwest Internet ExchangeThe Brothers WISP ----- Original Message ----- From: Ryan Hamel <Ryan.Hamel () quadranet com> To: Mike Hammett <nanog () ics-il net>, Lotia, Pratik M <Pratik.Lotia () charter com> Cc: 'nanog list' <nanog () nanog org> Sent: Tue, 06 Nov 2018 13:52:38 -0600 (CST) Subject: RE: Switch with high ACL capacity Mike, Are you sure you have enough inbound capacity to setup such a thing? Do you have RTBH setup for the final means of killing the attack? If you could get another set of circuits to feed this switch from your same providers, and they accept more specific announcements, you could use this to swing /32's or /128's to said dedicated links so it won't affect your clients traffic. -- Ryan Hamel Network Administrator ryan.hamel () quadranet com | +1 (888) 578-2372 QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud -----Original Message----- From: NANOG <nanog-bounces+ryan.hamel=quadranet.com () nanog org> On Behalf Of Mike Hammett Sent: Tuesday, November 06, 2018 11:47 AM To: Lotia, Pratik M <Pratik.Lotia () charter com> Cc: 'nanog list' <nanog () nanog org> Subject: Re: Switch with high ACL capacity The intent is to see if I can construct a poor man's DDOS scrubber. There are low cost systems out there for the detection, but they just trigger something else to do the work. Obviously there is black hole routing, but I'm looking for something with a bit more finesse. If I need to get a switch anyway, might as well try to take advantage of it for other uses. -----Mike HammettIntelligent Computing SolutionsMidwest Internet ExchangeThe Brothers WISP ----- Original Message ----- From: Lotia, Pratik M <Pratik.Lotia () charter com> To: Mike Hammett <nanog () ics-il net>, 'nanog list' <nanog () nanog org> Sent: Tue, 06 Nov 2018 12:29:15 -0600 (CST) Subject: Re: Switch with high ACL capacity Mike, Can you shed some light on the use case? Looks like you are confusing ACLs and BGP Flowspec. ACLs and Flowspec rules are similar in some ways but they have a different use case. ACLs cannot be configured using Flowspec announcements. Flowspec can be loosely explained as 'Routing based on L4 rules' (there's a lot more to it than just L4). I doubt if a there is a Switch which can hold a large number of Flowspec entries. ~Pratik Lotia “Improvement begins with I.” On 11/6/18, 10:39, "NANOG on behalf of Mike Hammett" <nanog-bounces () nanog org on behalf of nanog () ics-il net> wrote: I am looking for recommendations as to a 10G or 40G switch that has the ability to hold a large number of entries in ACLs. Preferred if I can get them there via the BGP flow spec, but some sort of API or even just brute force on the console would be good enough. Used or even end of life is fine. -----Mike HammettIntelligent Computing SolutionsMidwest Internet ExchangeThe Brothers WISP E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
Current thread:
- Switch with high ACL capacity Mike Hammett (Nov 06)
- Re: Switch with high ACL capacity Lotia, Pratik M (Nov 06)
- Re: Switch with high ACL capacity Mike Hammett (Nov 06)
- Re: Switch with high ACL capacity Tim Jackson (Nov 06)
- RE: Switch with high ACL capacity Ryan Hamel (Nov 06)
- RE: Switch with high ACL capacity Mike Hammett (Nov 06)
- Re: Switch with high ACL capacity Mike Hammett (Nov 06)
- RE: Switch with high ACL capacity Ryan Hamel (Nov 06)
- RE: Switch with high ACL capacity Mike Hammett (Nov 06)
- Re: Switch with high ACL capacity Lotia, Pratik M (Nov 06)
- Message not available
- RE: Switch with high ACL capacity Mike Hammett (Nov 06)