The CDN/"DDoS cleaners" simply do it by having vast amounts of capacity globally generally distributed into autonomous nodes. Akamai for example has many terabits of capacity on the Internet plus hundreds of nodes installed directly into access networks. On top of this they deploy sophisticated DNS load balancing to shift traffic around as demand / attacks dictate.
It sounds fancy but in reality if you have a few terabits of traffic the mitigate options become numerous.. its just an economy of scale, but one that exists for a limited number of content providers.. If you look at the port speeds that Akamai, Limelight etc have at the IXs, you'll see 80Gbps, 160Gbps.. multiple instances.. its just that vast. Steve On 29 April 2013 13:18, Simon Green <[email protected]> wrote: > Hi Stephen,**** > > ** ** > > That was my take on it as well. In that case these appliances will only > hold up as long as your transit links aren’t saturated, so really they are > for protecting your routing equipment rather than the links themselves.*** > * > > ** ** > > How, technically speaking, do the “DDoS cleaning” providers work who > handle your traffic for you?**** > > ** ** > > Simon **** > > ** ** > > *From:* Stephen Wilcox [mailto:[email protected]] > *Sent:* 29 April 2013 13:04 > *To:* Simon Green > *Cc:* [email protected] > *Subject:* Re: [uknof] DDoS mitigation appliances**** > > ** ** > > Hi Simon,**** > > imho if someone DDoS's you and overwhelms your incoming capacity then > there is no appliance that can stop the traffic from coming in via your > supplier's interface. The only solution is to have suppliers who agree to > be proactive in filtering traffic at their borders should you find yourself > under attack. Alternatively outsourcing content to CDNs or anti-DDoS > specialists is an option if you are a high profile target.**** > > ** ** > > I am highly skeptical of vendors who claim to be able to do this, it can > clearly only work on a small scale.**** > > ** ** > > HTH**** > > Steve**** > > ** ** > > ** ** > > On 29 April 2013 12:53, Simon Green <[email protected]> wrote:**** > > Hi List,**** > > **** > > We’re looking at DDoS mitigation options at the moment, and one vendor > we’ve spoken to has recommended NSFOCUS and their ADS line. Has anybody had > any experience with these or similar, and also any ideas on competitor > costs? **** > > **** > > Simon**** > > **** > > ** ** >
