[c-nsp] Modern BGP peering border router and DDoS attack defense
recommendations?
Sam Crooks
sam.a.crooks at gmail.com
Wed Jun 8 22:24:37 EDT 2005
I asked a question yesterday regarding setting up an org as an ASN with
ARIN. thanks for the off-list responses. The process is underway.
My question has 2 parts:
What is the minimum router these days to peer with other AS's?
3700/3800? 7200VXR? 7301? 7304? 7600? 12000GSR? M7? M10? M20? M40?
Recommended router?
As far as BGP peering, options being discussed with SPs are partial routes
(with or without default route) and full routes (with and without default
route). Current access speed to the Internet is 2xT1 at 2 locations, in an
active-standby setup, static routes to the SPs, (no BGP, currently).
Initial bandwidth needs would be similar, however, this will scale
significantly (sales-driven), not to mention DDoS protection.
The org is a ripe target for a DDoS attack, given the business (financial
transaction processing). For example, here is a recent development in the
industry: http://www.eweek.com/article2/0,1759,1662704,00.asp
What access speed and router can withstand a DDoS attack these days,
assuming appropriate security measures are taken (CAR, NBAR, bogon filters,
etc)?
Cost (as always) is an issue, however the business case could certainly be
made to justify appropriately sized border routers and adequate access
speeds. Note that this is not for transit for customers, but for internet
connectivity for the enterprise for handling the business service traffic,
and for withstanding DDoS attacks on the business.
I appreciate any replies (off-list if you wish).
Regards,
Sam
More information about the cisco-nsp
mailing list