would be interested to know of providers using bgp to auto block ranges from china
colin Sent from my iPhone > On 18 Mar 2015, at 09:49, "Roland Dobbins" <[email protected]> wrote: > > >> On 18 Mar 2015, at 13:32, Mark Tinka wrote: >> >> That's one of two issues - if the sources are overwhelming how does one >> scale that up without the use of some scrubbing service? Writing data plane >> filters that are customer-specific works (assuming you have the hardware for >> it), but can get unwieldy. > > Some operators have specialized DDoS mitigation capabilities. Others rely > exclusively on basic network infrastructure-based mechanisms like D/RTBH, > S/RTBH, and/or flowspec. > >> The other issues are the chance to boo-boo things when filtering a >> customer-facing port, and/or forgetting to remove filters after they are >> needed and customer (or the remote end) ends up having reachability issues. > > Sure. But this doesn't obviate the fact that cooperative DDoS mitigation > amongst network operators routinely takes place on the Internet today, and is > increasingly made available in one form or another to end-customers who > request same. > > ----------------------------------- > Roland Dobbins <[email protected]>
