[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UDP DoS mitigation?

Subject: UDP DoS mitigation?
From: rdobbins at cisco.com (Roland Dobbins)
Date: Sat, 13 Dec 2008 02:24:23 +0800
In-reply-to: <[email protected]>
References: <[email protected]>

On Dec 13, 2008, at 2:15 AM, Rick Ernst wrote:

> - Are there any platforms that deal with high PPS/small packet more  
> gracefully?

S/RTBH can deal with any type of packet-flooding DDoS at layer-3, up  
to the capacity of the platform in question.  It sounds as if a) you  
should investigate getting DDoS mitigation assistance from your  
upstreams and/or b) moving from your currently software-based platform  
to a hardware-based platform at your edge to provide increased  
performance (this holds true irrespective of which vendor you select  
for your edge platform).

If you move to a hardware-based edge platform, be sure to first  
investigate all the particulars of its uRPF implementation so as to  
ensure that you can use it for S/RTBH, and if at all possible, test it  
before buying.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile

      History is a great teacher, but it also lies with impunity.

                    -- John Robb

References:
- UDP DoS mitigation?
  - From: ernst at easystreet.com (Rick Ernst)

Prev by Date: UDP DoS mitigation?
Next by Date: UDP DoS mitigation?
Previous by thread: UDP DoS mitigation?
Next by thread: UDP DoS mitigation?
Index(es):
- Date
- Thread