[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting hit hard by CHINANET

would be interested to know of providers using bgp to auto block ranges from china


Sent from my iPhone

> On 18 Mar 2015, at 09:49, "Roland Dobbins" <rdobbins at arbor.net> wrote:
>> On 18 Mar 2015, at 13:32, Mark Tinka wrote:
>> That's one of two issues - if the sources are overwhelming how does one scale that up without the use of some scrubbing service? Writing data plane filters that are customer-specific works (assuming you have the hardware for it), but can get unwieldy.
> Some operators have specialized DDoS mitigation capabilities.  Others rely exclusively on basic network infrastructure-based mechanisms like D/RTBH, S/RTBH, and/or flowspec.
>> The other issues are the chance to boo-boo things when filtering a customer-facing port, and/or forgetting to remove filters after they are needed and customer (or the remote end) ends up having reachability issues.
> Sure.  But this doesn't obviate the fact that cooperative DDoS mitigation amongst network operators routinely takes place on the Internet today, and is increasingly made available in one form or another to end-customers who request same.
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>