On Dec 18, 2012, at 12:48 PM, Randy Bush <[email protected]> wrote: > I am trying to understand why our fellow engineers at Verisign are > obsessed with global propagation of RPKI data on the order of a few > minutes. Then a friend hit me with the clue by four. It's about third > party DDoS (and other attack) mitigation.
Right, that's one reason[1] ... but, in the spirit of full disclosure here, since you didn't say "for example" in the case of Verisign ... there are other companies *aside* from Verisign that offer third-party DDoS scrubbing and attack mitigation services: https://www.google.com/#hl=en&tbo=d&sclient=psy-ab&q=ddos%20scrubbing%20service&oq=&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&bvm=bv.1355534169,d.aWM&fp=a7e118819f5e1e5b&bpcl=40096503&biw=1209&bih=766&pf=p&pdl=300 http://www.bing.com/search?q=DDos+scrubbing+services&qs=n&form=QBRE&pq=ddos+scrubbing+services&sc=0-14&sp=-1&sk= Quite frankly, the Google ads (at the top and to the right) are more useful in this particular instance than the actual search results. Sigh. (Although, I find the ads for Residential Cleaning and "Merry Maids" to be quite humorous in a list of ads results for "DDoS scrubbing" ... good job Google! :-). -shane [1] I'd also note there are legitimate cases where customers may be unable to serve traffic for their content/service/application, (think: unexpected, but legitimate flash crowds/traffic combined with under-provisioned tail circuit capacity). In that case, it may be far easier for the customer to temporarily give up, say, a /24 that their content/service/application was being served out of and allow a third party to announce it out of the SP's AS (while still serving the same content/service/application off servers moved to or X-connect'ed to a new 'higher bandwidth' location), until the "storm passed" ... _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
