[AusNOG] DDOS mitigation
Dobbins, Roland
rdobbins at arbor.net
Fri May 10 23:13:27 EST 2013
On May 10, 2013, at 7:51 PM, James Braunegg wrote:
> Have you had enough capacity to be able to absorb attacks thus collect metrics or have the attacks been larger than your capacity and hence requiring the need for S/RTBH thus losing the ability to measure the true size of the attack ?
S/RTBH doesn't in and of itself take away one's visibility into traffic on platforms with decent flow telemetry support - dropped traffic is still tabulated, with the destination ifindex set to 0.
Notable exceptions are pre-Sup2T Cisco 6500s/7600s, & pre-Sup7 Cisco 4500s.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the AusNOG
mailing list