Yeah, our issue isn’t internal, and we already buy lots of bandwidth and have very capable, very large routers, so unless DDoS protection is upstream before it hits us, I don’t think it will work? We can’t reach the upstream network when it’s flooded, so I think we’d have to route to some very large network upstream from them that could handle this, and they scrub it and send it to us. Akamai sounds good but expensive (maybe?), I’ve gotten a couple tips off list, so thanks. I don’t know what anyone could do in this case with CCR routers alone? Our upstream can do BGP.
> There are companies where you can have them announce your IP space, and > they only send you the 'good' traffic. But it costs a hell of a lot more > than just upgrading your upstream for most smaller ISPs. On 7/13/2017 10:19 AM, Kurt Fankhauser wrote: > Is there a way to do DDOS protection that doesn't involve buying a > bigger bandwidth pipe or initiating some sort of blackhole with your > upstream? > > On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett <[email protected] > <mailto:[email protected]>> wrote: > > I'm going to be implementing some on-net scrubbing boxes. > Obviously limited by upstream capacity, simply acquire more > upstream capacity. ;-)
