Good day All, I just want to raise the issue that has not been addressed so far by the DDoS cloud mitigation providers, either in the always-ON solution or the on-demand solution, a BGP session has to be established over a GRE tunnel over the internet between the ISP/NSP/DC and the cloud scrubbing center, the BGP/GRE are used for two main purposes; advertising the victim /24 subnet during the attack, and sending the traffic back to from the scrubbing center to the provider. The question is how can we guarantee the GRE/BGP performance (control traffic) during the time between detection and mitigation? Experts from Arbor, Prolexic(AKAMAI), Radware, Incapsula, Defense.net (F5), Verisign, nexus guard, neustar ......etc are most welcomed to give opinions. Thanks, Ramy "Only the best is good enough"