-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, NANOG! My thanks again to all who responded with suggestions, tips, and further considerations. I appreciate it very much! As promised, here is my pithy summary of your detailed suggestions. I've included URLs for those who may wish to conduct further research. We've not made our selection yet, and likely won't until early 2020. At present I'm busy building out our new backbone, and thus can't yet offer up my own recommendation. Who needs sleep? :D Several folks shared their architecture and deployment recommendations, which were quite insightful. Placement of these devices, and in particular a centralized monitoring solution for distributed deployments, were keys to success. There were no support concerns for any of these suggestions. Folks have used open source and freeware, but generally recommended commercial offerings. These required less manual intervention. It was aces to see so many folks employing techniques such as flowspec and RTBH. DDoS appliance recommendations: . Anycast and fat pipes - Multiple votes . Massive peering - Multiple votes - Be ready for peering requests from me :) . Arbor Netscout - Multiple votes - Consistently labeled as "expensive" - https://www.netscout.com/arbor-ddos . RioRey - Multiple votes - http://www.riorey.com/ . Juniper routers MX240 or MX480 - https://www.juniper.net/us/en/products-services/routing/mx-series/mx240/ - https://www.juniper.net/us/en/products-services/routing/mx-series/mx480/ . NFOCUS ADS - ADS 8000 is the scrubbing box - ADS-m is the monitoring box - NTS is the box which uses Netflow to find unwanted traffic - https://nsfocusglobal.com/anti-ddos-system-ads/ . Wanguard+Wanfilter - https://www.andrisoft.com/software/wanguard - https://www.andrisoft.com/software/wanguard/ddos-mitigation-protecti on . A10 Thunder ADC - https://a10networks.optrics.com/products/application-delivery.aspx . FastNetMon - Free or inexpensive - https://fastnetmon.com/ Thank you! Rob, the routing rabbi. - -- Rabbi Rob Thomas Team Cymru "It is easy to believe in freedom of speech for those with whom we agree." - Leo McKern -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3n97AACgkQQ+hhYvqF 8o1zdA//aSCm5pVs2O6g88cqTMkOP9RMHndPv0HMSSbaGTKvLEgfO+Vb3uC//GrU GqOVPdq2DqMk0iYnplRFqXIGD1wPT6q6m141FCm0srh6Wza4Q4+9uRoOMoNFDGu4 +PWjKTlThUyu2GzpTEDehMU1ruN0cXtKSNa3Pz9CXTNLcDDf5d1L+Jdfci6I7kKp 6flJG6IIuxDXKMhByywmYW2pEGfMqqgKK6maqyICwtvA4rL/rB54cwvNjE8fnhuY qboqkYXQDFO0+8+lVeWQXVCh5NGD8HfD+pZ7h4sLEp6/6WMivQ7WBZdno7wMW73U vexICCPq5zSfcir7ME4BIBfSRpDZZODBAe6T2EQ9X/ehy+iJEnnQV7NZ96nHLOZc dCTY29XC4Un1kAWN0HfNP7be8SuXmFt4VcuuOVzlUuwoBIDzUX9+eDgoZN2uRYvd ev27CL3dr1RAuWLRzauOz6nJGiKqZ2Hh1JhEaqAxC4V+zJfeGMuNiqazJ1SjDVkG lAufVLdjsIy7AoCjkJI7diVQ6QuBR70w0p9l8rFaJ5rc/Ef9OzLR8Po4QlJHstLD IaD9IKCoqnlucxFQmHA45Zp+h+EZvo32lg4Cy3rDv4NweoFhzgxpq6ER1IvS3k4T zhiAsZxKPwitwxNdRUg0Qb1wFq3gwa9nDUv3Z0cy6+CE/zSg0KU= =hYKB -----END PGP SIGNATURE-----