On 12/09/2011 20:45, Owen DeLong wrote:
In your typical enterprise environment, a 1G DoS will zorch the link long before it zorches the router at the enterprise side.
It sure will, unless you have multiple 1G links into your router, in which case the ddos will effectively trash all the links.
I agree that software-based routers are not a good choice for a backbone provider, but, for an enterprise that is dealing with <1gbps links coming in from ≤3 providers, the difference in cost makes a software router an attractive option in many cases.
Of course it is important to understand the limitations of the solution you choose, but, in such an environment, a USD100,000+ ASIC based router may be like trying to kill a mosquito with a sledge hammer.
Indeed - as you implicitly point out, it's a cost / benefit thing. So then the question becomes this: for the set of organisations which are large enough to warrant multiple 1G upstreams, how long an outage can they sustain before the price difference becomes worth it? Let's throw some figures around (ridiculously simplified): a company has a choice between a pair of $10k software routers or something like a pair of MX80s for $25k each. So, one solution costs $20k; the other $50k. $30k cost difference works out as $625 per month depreciation (4 year). I.e. not going to affect the bottom line in any meaningful way. Now say that this company has a DoS attack for 24h, and the company effectively loses one day of revenue. On the basis that there are 260 office working days per year, the point at which spending an extra $30k for a hardware router would be of net benefit to the company would be 260*30k = $7.8m. I.e. if your annual revenue is higher than that, and if spending that cash would mitigate against your DoS problems, then it would be worth your while in terms of direct loss mitigation. Of course, this analysis is quite simplistic and excludes things like damage to reputation, online stores, the likelihood of DoS attacks happening in the first place, the cost of transit and many other points of reality. However, the point is that the break-even point for getting serious horsepower for your transit requirements is surprisingly low once you take into account the relationship between functional corporate internet connectivity and either or both of corporate revenue and corporate productivity. It's extraordinary how much attention senior management starts paying when everyone in the office starts twiddling their thumbs because connectivity has been down for the day. Nick