[AusNOG] 10G routing
James Braunegg
james.braunegg at micron21.com
Sat Feb 8 18:42:16 EST 2014
Dear Mike
If you want to test the hardware / solution you have in place, rather than waiting for the next random DDoS attack have a look at http://www.ipstresser.com/ so you can simulate an attack and confirm you have a working environment at a time which suits you.
Kindest Regards
James Braunegg
P: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616
E: james.braunegg at micron21.com | ABN: 12 109 977 666
W: www.micron21.com/ddos-protection T: @micron21
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Michael Marklew
Sent: Saturday, February 08, 2014 9:49 AM
To: Ben
Cc: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] 10G routing
Yes. Apart from rate limiting I had something similar to this in place - http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
FYI: It had been handling 60k+ pps with sustained 200+ Mbps for some weeks and 0-3% CPU load.
Not really a big deal considering it's specks.
Tom Berryman suggested the logging may have crashed it. The DDOS trigged some logging so this is possibly the problem. I will adjust and wait for the next DDOS.
On 8 Feb 2014, at 9:23 am, Ben <ben at meh.net.nz> wrote:
> were you storing state? i'd be disconcerted if it can't handle 250 megabit of traffic of any kind.
>
> if state tables overflow then you can lose connection to devices.
>
> Ben.
>
> On Sat, Feb 08, 2014 at 09:12:04AM +1100, Michael Marklew wrote:
>> 1:09 am and my Cloud Core (CCR1036-12G-4S) was taken down by a 250Mbps plus DDOS to an end user. Now it is non-resposnive and I have to make a weekend trip into the data centre.
>>
>> I put it in front of my Cisco 7200 series only a few weeks ago so I could do some QoS on my main feed. It has been working well and I have been patting myself on the back because I saved $20k on the appropriate Allott Net Enforcer or some such.
>>
>> My backup BGP path is via another 7200 and other then being very slow it managed when the traffic switched.
>>
>> So it would appear the CCR1036-12G-4S has less routing power then an old Cisco 7200 VXR, although the Mikrotik was doing some rate limiting and fire walling (to block DDOS) for that matter.
>>
>> I love the Mikrotik gear, I love it's price and I love it's flexibility. Shame. Now to decide if I should put a managed power rain in so I can reboot it remotely or just get rid of it.
>>
>> Kind Regards,
>> Michael.
>>
>> On 7 Feb 2014, at 3:05 pm, Matt Perkins <matt at spectrum.com.au> wrote:
>>
>>> Google mikrotik cloud core.
>>>
>>> Matt.
>>>
>>>
>>> On 7/02/14 1:25 PM, Alex Samad - Yieldbroker wrote:
>>>> Hi
>>>>
>>>> Q) am I being unrealistic to think I should be able to get 10Gb/s
>>>> routing/firewall in a vm? (or cheap hardware solution)
>>>>
>>>> I know there are very expensive Big name boxes out there, but I am wondering what other people are thinking / using. I guess I am not thinking core telco stuff but more for business end user.
>>>>
>>>> I have had a bit of a test of the current soft routers and love
>>>> interfaces, love the price (not so much the brocade vr5400..)
>>>>
>>>> Did some testing of a home built centos 6.5 box I was able to get
>>>> up to 8Gb/s routed and firewall rules in place, but writing a
>>>> system to manage it I have better things to do :)
>>>>
>>>> My general feel currently is they are not ready yet, trying to get up over 1Gb/s was rather hard.. General feel on yvos was it should work out of the box ...
>>>>
>>>> My next question
>>>>
>>>> Any one played with one of these
>>>> CCR1036-8G-2S+: 36core Cloud Core Router with 8GbE 2x 10Gbe SFP
>>>>
>>>> They say they can get 28Gb/s routed with firewall rules in place ....
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>> --
>>> /* Matt Perkins
>>> Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>>> Office 1300 133 299 matt at spectrum.com.au
>>> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
>>> SIP 1300137379 at sip.spectrum.com.au
>>> PGP/GNUPG Public Key can be found at http://pgp.mit.edu */
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list