nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verisign Internet Defence Network

From: Hank Nussbacher <hank () efes iucc ac il>
Date: Wed, 01 Jun 2011 08:26:21 +0300
At 10:25 30/05/2011 -0400, Jim Mercer wrote:
My knowledge is from 1.5 years ago when I compared Verisign, Prolexic, Akamai and others so things may have changed since then.
VeriSign claim that they are servicing their own network globally which has performed with zero down time over the last decade. Verisign have 2 offerings - one over BGP and the other over GRE/SSL VPNs. The BGP solution would be faster to turn on but will require more configuration set-up. Interestingly, their mitigation service is not 'always-on' (they sell their monitoring and mitigation services seperately). On detection of an attack, they contact the customer and only once the customer acknowledges that they want their services "redirected" do they turn on the filtering.
My biggest gripe was their SLA - or lack of one. Back in Dec 2009 I forced them to start writing an SLA which they had not thought of, which back then showed an immaturity of service. Things might be different now. Verisign then took the view that the SLA should be based on *their* mitigation platform availability ("our scrubbing center has 100% SLA") and not on the customer site availability (all great and wonderful that your scrubbing center is up and running - but my site is down). They were willing to give service credits if their scrubbing center was down but not if the customer site was down.
I found they had a well established customer portal and ample reporting facilities. 

Just make sure they have improved on their SLA before buying.

Regards,
Hank



Heyo,

So, I asked to look into the viability and usefullness of the "Verisign
Internet Defence Network" service.

I don't claim to be any kind of expert in DDoS mitigation, but some of the
claims made by the product descriptions seem suspect to me.

it claims to be "Carrier-agnostic and ISP-neutral", yet "When an event is
detected, Verisign will work with the customer to redirect Internet traffic
destined for the protected service to a Verisign Internet Defense Network
site."

anyone here have any comments on how this works, and how effective it will be
vs. dealing directly with your upstream providers and getting them to assist
in shutting down the attack?

--
Jim Mercer        jim () reptiles org        +1 416 410-5633
You are more likely to be arrested as a terrorist than you are to be
blown up by one. -- Dianora
Previous By Date Next
Previous By Thread Next

Current thread: