*nods* The more ways of knocking down the low hanging fruit the better.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: Ryan Hamel
To: Tim Jackson , na...@ics-il.net
Cc: nanog list
Sent: Tue, 06
Other than it completes the DDoS.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: Zach Puls
To: Mike Hammett
Cc: 'nanog list'
Sent: Tue, 06 Nov 2018 13:55:22 -0600 (CST)
Subject: RE: Switch with
If the DDoS exceeds capacity, I simply resort to the RTBH. Until then, if I can
handle it more delicately, then great. If I can handle it by adjusting routing
policy (shy of blackholing) or by dropping traffic selectively until then, I
deliver a better experience.
Eyeball networks can handle DD
I would see if you can get your upstream providers to apply rules to a
dedicated interface upstream (drop NTP, memcache, LDAP, rate limit SSDP), and
connect that to your switch, which would announce the /32’s or /128’s to pull
the traffic over. You would of course have to announce the /24 or /48
Mike,
Are you sure you have enough inbound capacity to setup such a thing? Do you
have RTBH setup for the final means of killing the attack?
If you could get another set of circuits to feed this switch from your same
providers, and they accept more specific announcements, you could use this to
Juniper QFX1(including 12) supports ~64k ACL entries + FlowSpec
--
Tim
On Tue, Nov 6, 2018 at 1:49 PM Mike Hammett wrote:
> The intent is to see if I can construct a poor man's DDOS scrubber. There
> are low cost systems out there for the detection, but they just trigger
> something els
The intent is to see if I can construct a poor man's DDOS scrubber. There are
low cost systems out there for the detection, but they just trigger something
else to do the work. Obviously there is black hole routing, but I'm looking for
something with a bit more finesse.
If I need to get a switc
We have a mailing list but discussions happen mostly on slack channel.
https://groups.google.com/a/networkatlas.org/forum/m/#!forum/discuss
On Tue, Nov 6, 2018 at 10:57 AM Alfie Pates wrote:
> Looks interesting, I'll have to have a play!
>
> One thing; Slack's a little modern for a lot of us,
Looks interesting, I'll have to have a play!
One thing; Slack's a little modern for a lot of us, and perhaps
unsuitable for people who don't have as much attention to commit -
perhaps a mailing list would also be appropriate?
~ a@fdx
Mike,
Can you shed some light on the use case? Looks like you are confusing ACLs and
BGP Flowspec. ACLs and Flowspec rules are similar in some ways but they have a
different use case. ACLs cannot be configured using Flowspec announcements.
Flowspec can be loosely explained as 'Routing based on
I am looking for recommendations as to a 10G or 40G switch that has the ability
to hold a large number of entries in ACLs.
Preferred if I can get them there via the BGP flow spec, but some sort of API
or even just brute force on the console would be good enough.
Used or even end of life is fine
Hello everyone.
Another exciting update to share, the demo which is 20-25x faster loading
times globally (thank you Cloud) with a lot more features is now reachable
at https://www.networkatlas.org/ - this is the most important upgrade we
have released so far!
What is coming up next? Well another
12 matches
Mail list logo
