nanog mailing list archives

Re: D/DoS mitigation hardware/software needed.

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 5 Jan 2010 05:43:16 +0000


On Jan 5, 2010, at 12:39 PM, Adrian Chadd wrote:

I mean, I assume that there's checks and balances in place to limit
then number of routes being injected into the network so one doesn't
overload the tables, but what's the behaviour if/when this limit is
reached? Does mitigation cease being as effective?


For IDMS 'scrubbing' solutions, one merely injects the route of the attack targets into one's iBGP, in order to draw 
all traffic towards that specific target into the scrubbing center.

For S/RTBH and flow-spec, modern edge routers can scale to millions of routes; also note one isn't limited to /32s.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

Current thread:

Re: D/DoS mitigation hardware/software needed., (continued)
- - - Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Adrian Chadd (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Florian Weimer (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - RE: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 04)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Rob Shakir (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
    - Message not available
    - Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 06)

(Thread continues...)