On Mon, Oct 24, 2011 at 4:45 PM, Brett Watson <brett@the-watsons.org> wrote:
On Oct 24, 2011, at 10:54 AM, Andreas Echavez wrote:
Prolexic is the go-to company for handling large-scale DDoSes. We haven't yet tried the service, but they've been extremely professional.
Not sure I understand your post. You claim Prolexic are the go-to-guys, and extremely professional… but you haven't used them?
I would agree with Stephan's response as well, some of the other providers have as much capacity to deal with attacks (Verisign, Neustar, etc). And it's not about what's "stated" on their marketing slicks, it's about actual capacity, architecture, and "clue."
Agreed, however our point of contention was that no other providers were willing to write SLAs based on service delivery time. We've used Verizon's service and it took nearly 10-12 hours coordinating with their NOC to get the service up and running, then over a week of troubleshooting packet sizes and so forth to finally get the system working properly. Unfortunately the only way for us to test Prolexic is to come under attack. In the meantime, the provisioning, engineering team, and everyone else has been fantastic. I'm not trying to push one provider over another -- we've just had good communication. Someone with less frequent or smaller attacks may find better value in another service. Prolexic's stated current network capacity is 375Gb. They have *claimed* that they will have 500Gb total by next year.
Prolexic has a long (early) history of DDoS mitigation, and I have no reason do doubt they are any worse than they used to be but if you haven't used them, it's just conjecture.
That's all I'm really saying here. It's been a good experience so far -- but only time will tell. Most of these *providers* are just using Arbor networks equipment and a fat pipe. It generally all works the same. Unfortunately it's not a simple task to test several hundred gigabytes of mitigation capacity.
I'd be interested to know whom you have experience with and what size of attack you were able to mitigate with them (not being pedantic, but looking for real-world examples and all).
We were able to mitigate a 20Gb attack through VZB. It was concerning because their total network capacity is 80Gb across ~4 PoPs. Unfortunately we had the issues above, combined with a lot of billing confusion on their part. They asked us to pay more for no reason whatsoever because we really need to *upgrade* our tier to the 1Gb service from the 500Mb (what does that mean)? This conversation with their sales team followed the somewhat large attack stated above. When asked "does the 1Gb tier mean 1Gb of clean traffic, or that you block 1Gb of DDoS", they couldn't answer our question. Anyhow take everything with a grain of salt. Our experience could differ vastly than others, and this isn't mean I have anything against Verizon or anyone else.
-b
-Andreas