On Mon, Dec 10, 2012 at 9:33 AM, Ameen Pishdadi <apishdadi@gmail.com> wrote:
Sounds like an advertisement to me
In the end there are few actual options (in general): 1) do it yourself 2) have your carrier do it for you 3) have a third party do it for you There are cost and capability considerations with all of these, basically: 1: - you'll need more pipe - absorb all that can arrive, can you handle an extra 100gbps of traffic? (or less, you could reasonably build out for X gbps and just die under Y if the cost is unacceptably large to absorb Y) - more people-smarts - understand what is/isn't an attack, understand peering, transit, costs, complexities, mitigation techniques and costs involved. - more equipment - mitigation gear (cisco guard, arbor tms, radware...etc) 2: - monthly (most times) cost for 'insurance', imagine paying an uplift on your current bandwidth costs, for mitigation services, pre-prepared, so all you need to is 'initiate mitigation' inside the carrier's network. - people-cost in training to 'make the mitigation happen' (done right at the carrier this is nothing more than a bgp update from you...) 3: - monthly (or one-time) cost, you may be able to initiate it one-time and walk away, with the attendant costs in management of adhoc contracts/etc. - routing changes (do you control at least the /24 around the resource you need to mitigate?) - tunneling complexity to return to you the 'clean' traffic - dns shennigans for those ddos-mitigation folks who don't do routing change, or prefer DNS ones. pick what works for you... or your charity org. -chris