nanog mailing list archives
Re: GRE performance over the Internet - DDoS cloud mitigation
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Mon, 08 Jun 2015 18:25:14 +0700
On 8 Jun 2015, at 17:57, Ramy Hashish wrote:
a BGP session has to be established over a GRE tunnel over the internet between the ISP/NSP/DC and the cloud scrubbing center,
This is incorrect.In most cloud overlay DDoS mitigation scenarios (e.g., end-customer obtains service from an MSSP which isn't providing them with transit), a) there is no BGP relationship whatsoever between the end-customer and the MSSP, and b) the GRE tunnel is used strictly for re-injection of clean traffic (i.e., post-mitigation) to the end-customer.
In some scenarios, DNS is also used in place of/in addition to BGP-based diversion.
But GRE is used for re-injection only. ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- GRE performance over the Internet - DDoS cloud mitigation Ramy Hashish (Jun 08)
- Re: GRE performance over the Internet - DDoS cloud mitigation Roland Dobbins (Jun 08)
- Re: GRE performance over the Internet - DDoS cloud mitigation Dennis B (Jun 30)
- Re: GRE performance over the Internet - DDoS cloud mitigation Roland Dobbins (Jun 30)
- Re: GRE performance over the Internet - DDoS cloud mitigation Dennis B (Jun 30)
- Re: GRE performance over the Internet - DDoS cloud mitigation Dennis B (Jun 30)
- Re: GRE performance over the Internet - DDoS cloud mitigation Roland Dobbins (Jun 08)