On Mon, Jan 4, 2010 at 4:19 PM, Rick Ernst <nanog@shreddedmail.com> wrote:
Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned several times but they haven't been responsive to literature requests (hint, if anybody from Arbor is looking...). Our current upstream is 3x GigE from 3 different providers, each landing on their own BGP endpoint feeding a route-reflector core.
I see two possible solutions: - Netflow/sFlow/***Flow feeding a BGP RTBH - Inline device
- Outsource to service provider Netflow can lag a bit in detection. I'd be concerned that inline devices
add an additional point of failure. I'm worried about both failing-open (e.g. network outage) and false-positives.
How often are you getting DDoS'd? The financials of using a managed service provider vs. buy-all-your-own-grrovy-stuff can be fairly compelling especially if the amount of DDoS you experience is almost nil. Re: Arbor. I don't have any recent experience, but they've been around for a long time, have a very experienced team that understands ISP and enterprise and the product is mature. Hard to go wrong if you can justify the costs. YMMV. Best, -M< -- Martin Hannigan martin@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants