PoC for shortlisted DDoS Vendors
In our effort to pick up a reasonably priced DDoS appliance with a competitive features, we're in a process of doing a PoC for the following shortlisted vendors: 1- RioRey 2- NSFocus 3- Arbor 4- A10 The setup will be inline. So it would be great if anyone have done this before and can help provide the appropriate tools, advices, or the testing documents for efficient PoC. Thanks. -- Mohamed Kamal Core Network Sr. Engineer
On Wed, 01 Apr 2015 19:51:54 +0300 Mohamed Kamal <mkamal@noor.net> wrote:
The setup will be inline. So it would be great if anyone have done this before and can help provide the appropriate tools, advices, or the testing documents for efficient PoC.
Hi Mohamed, We recently introduced a community RTBH service called UTRS that might be a useful tool in your toolbox. Automated route relay went into effect not long ago and it seems to be working well. It isn't equivalent to any of the vendors you listed, but complimentary (and completely free :-) so I hope you don't mind me mentioning it. You can find more about it here: <https://www.cymru.com/jtk/misc/utrs.html> As for other tools... NfSen may be an open source option you want to consider. It can be extended with plugins you or others provide: <http://nfsen.sourceforge.net/> Team Cymru has leveraged that with a set of plug-ins based on our insight for your network. If you want to talk to us about it, see: <https://www.team-cymru.org/Flow-Sonar.html> You might also check out: <https://github.com/FastVPSEestiOu/fastnetmon> <https://bitbucket.org/tortoiselabs/ddosmon> <http://sourceforge.net/projects/panoptis/> Cisco has, or had the Cisco Guard family of products, formerly based on the Riverhead acquisition, but that platform was end-of-sale some time ago and is effectively dead. They (and some other hardware vendors) have since begun to license Arbor into their gear. John
I have recommended RioRey to our clients. There have been no, or only minor, issues with any of the testing, mismatch with optics and that was a client issue. The RioRey box can be set in full bypass, monitor, or mitigation. You can install in bypass mode first to make sure everything is wired up correctly, then switch on monitor mode and see how it is doing. When your comfort level increases you can turn on full mitigation mode. Full disclosure I did work for RioRey years back, but for our clients we always try to recommend what works best for the client. On 04/01/2015 11:51 AM, Mohamed Kamal wrote:
In our effort to pick up a reasonably priced DDoS appliance with a competitive features, we're in a process of doing a PoC for the following shortlisted vendors:
1- RioRey 2- NSFocus 3- Arbor 4- A10
The setup will be inline. So it would be great if anyone have done this before and can help provide the appropriate tools, advices, or the testing documents for efficient PoC.
Thanks.
-- Joe Chisolm Computer Translations, Inc. Network and Datacenter Consulting Marble Falls, Tx.
participants (3)
-
Joe Chisolm
-
John Kristoff
-
Mohamed Kamal