GRE performance over the Internet - DDoS cloud mitigation

[infinityape at gmail.com (Dennis B)]

Roland,

Agreed, Ramy's scenario was not truly spot on, but his question still
remains. Perf implications when cloud security providers time to
detect/mitigate is X minutes. How stable can GRE transports and BGP
sessions be when under load?

In my technical opinion, this is a valid argument, which deems wide
opinion. Specifically, use-cases about how to apply defense in depth
logically in the DC vs Hybrid vs Pure Cloud.

Good topic, already some back-chatter personal opinions from Nanog lurkers!

Regards,

Dennis B.


On Tue, Jun 30, 2015 at 2:45 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

>
> On 1 Jul 2015, at 1:37, Dennis B wrote:
>
>  Would you like to learn more? lol
>>
>
> I'm quite conversant with all these considerations, thanks.
>
> OP asserted that BGP sessions for diversion into any cloud DDoS mitigation
> service ran from the endpoint network through GRE tunnels to the
> cloud-based mitigation provider.  I was explaining that in most cloud
> mitigation scenarios, GRE tunnels are used for re-injection of 'clean'
> traffic to the endpoint networks.
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
>