[c-nsp] DDoS Attack detection and elimination suggestions
Dobbins, Roland
rdobbins at arbor.net
Fri Apr 1 01:43:12 EDT 2011
On Apr 1, 2011, at 12:08 PM, Lee Starnes wrote:
> I'm looking for pointers on how to best detect DDoS attacks and best practices for stopping one once identified.
http://www.arbornetworks.com/report (free registration required)
<https://files.me.com/roland.dobbins/y4ykq0>
<https://files.me.com/roland.dobbins/k54qkv>
<https://files.me.com/roland.dobbins/prguob>
<https://files.me.com/roland.dobbins/k4zw3x>
<https://files.me.com/roland.dobbins/dweagy>
Please forgive the brief commercialistic propaganda mentions in a couple of the decks, the focus is on strengthening the infrastructure itself and on making use of freely-available tools/techniques.
> What is recommended as a replacement router
That's a large question that's really impossible to answer without a lot more details about your network in general, your peers/upstream/downstream transits, your customer base, et. al. One answer is newer GSRs - if you take this option, be sure you get E3 or E5 linecards, whcih support NetFlow telemetry, ACLs, and uRPF. Note you'll likely end up on IOS-XR or IOS-XE, rather than IOS, if you stick w/reasonable Cisco platforms.
Under no circumstances go down the 6500/7600 path - NetFlow caveats, ACL caveats, and uRPF caveats render these platforms suboptimal for SP edge applications.
GSR/12000 w/E3/E5 linecards, CRS-1 (Cisco make little ones and big ones), CRS-3, ASR9K, ASR1K, even 4500 with Sup7 (no previous Sups) or N7K can work, depending upon your particular circumstances, required interface density/types, required bandwidth/throughput performance envelope at different packet sizes and with different feature mixes, and general feature requirements.
> and what would be recommended if the routers are not replaced?
The stuff in the slides, plus getting PRPs and E3/E5 linecards.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the cisco-nsp
mailing list