[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GRE performance over the Internet - DDoS cloud mitigation

Subject: GRE performance over the Internet - DDoS cloud mitigation
From: rdobbins at arbor.net (Roland Dobbins)
Date: Mon, 08 Jun 2015 18:25:14 +0700
In-reply-to: <CAOLsBOuJ5O=EOgmCgp8dm5=fHQ3hJP4Nw-hc=mJGSZNuLuoR3A@mail.gmail.com>
References: <CAOLsBOuJ5O=EOgmCgp8dm5=fHQ3hJP4Nw-hc=mJGSZNuLuoR3A@mail.gmail.com>

On 8 Jun 2015, at 17:57, Ramy Hashish wrote:

> a BGP session has to be established over a GRE tunnel over the 
> internet between the ISP/NSP/DC and the cloud scrubbing center,

This is incorrect.

In most cloud overlay DDoS mitigation scenarios (e.g., end-customer 
obtains service from an MSSP which isn't providing them with transit), 
a) there is no BGP relationship whatsoever between the end-customer and 
the MSSP, and b) the GRE tunnel is used strictly for re-injection of 
clean traffic (i.e., post-mitigation) to the end-customer.

In some scenarios, DNS is also used in place of/in addition to BGP-based 
diversion.

But GRE is used for re-injection only.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

Follow-Ups:
- GRE performance over the Internet - DDoS cloud mitigation
  - From: infinityape at gmail.com (Dennis B)

References:
- GRE performance over the Internet - DDoS cloud mitigation
  - From: ramy.ihashish at gmail.com (Ramy Hashish)

Prev by Date: GRE performance over the Internet - DDoS cloud mitigation
Next by Date: Regulators now regulating Internet History? Really?
Previous by thread: GRE performance over the Internet - DDoS cloud mitigation
Next by thread: GRE performance over the Internet - DDoS cloud mitigation
Index(es):
- Date
- Thread