Re: Getting hit hard by CHINANET

[Colin Johnston <colinj () gt86car org uk>]

would be interested to know of providers using bgp to auto block ranges from china

colin

Sent from my iPhone

> On 18 Mar 2015, at 09:49, "Roland Dobbins" <rdobbins () arbor net> wrote:
>
>
> > On 18 Mar 2015, at 13:32, Mark Tinka wrote:
> >
> > That's one of two issues - if the sources are overwhelming how does one scale that up without the use of some 
> > scrubbing service? Writing data plane filters that are customer-specific works (assuming you have the hardware for 
> > it), but can get unwieldy.
>
> Some operators have specialized DDoS mitigation capabilities.  Others rely exclusively on basic network 
> infrastructure-based mechanisms like D/RTBH, S/RTBH, and/or flowspec.
>
> > The other issues are the chance to boo-boo things when filtering a customer-facing port, and/or forgetting to remove 
> > filters after they are needed and customer (or the remote end) ends up having reachability issues.
>
> Sure.  But this doesn't obviate the fact that cooperative DDoS mitigation amongst network operators routinely takes 
> place on the Internet today, and is increasingly made available in one form or another to end-customers who request 
> same.
>
> -----------------------------------
> Roland Dobbins <rdobbins () arbor net>