25 Sep
2016
25 Sep
'16
2:46 p.m.
On Sep 24, 2016, at 7:47 AM, John Levine <johnl@iecc.com> wrote:
Well...by anycast, I meant BGP anycast, spreading the "target" geographically to a dozen or more well connected/peered origins. At that point, your ~600G DDoS might only be around
anycast and tcp? the heck you say! :)
People who've tried it say it works fine. Routes don't flap that often.
There are a number of companies terminating anycasted TCP endpoints without issue. It’s not exactly turnkey, but it’s hardly black magic either. Here’s Nick Holt @Microsoft presenting their experience: https://www.youtube.com/watch?v=40MONHHF2BU <https://www.youtube.com/watch?v=40MONHHF2BU> -Chris