[j-nsp] Cisco vs Juniper confused

Dave Bell me at geordish.org
Thu Apr 14 18:05:46 EDT 2016


In my opinion trying to scrub DDoS traffic yourself is a losing battle. Its
likely that an attacker can easily fill the ingress points onto your
network. If this is the case, then legitimate traffic will be dropped
before it even hits you. The damage is already done. The only way around
this is bigger links, which can be costly and your not even guaranteed to
have links big enough to cope with an attack.

You're better off looking at your upstreams to assist you with this. They
likely have some form of traffic scrubbing solution that you can employ
when under attack. Its likely a lot easier for you to administrate too.

Regards,
Dave

On 14 April 2016 at 22:57, Payam Chychi <pchychi at gmail.com> wrote:

> What gear do you currently have? What do your filtering rules look like?
> You don't need to buy new gear if your filtering much of the bad traffic at
> the edge using simple ACLs
>
>
>
> On Apr 14, 2016, 2:39 PM -0700, Dovid Bender<dovid at telecurve.com>, wrote:
> > Why not use an external service to scrub your traffic?
> >
> > Regards,
> >
> > Dovid
> >
> > -----Original Message-----
> > From: Satish Patel<satish.txt at gmail.com
> > Sender: "juniper-nsp"<juniper-nsp-bounces at puck.nether.net>Date: Thu, 14
> Apr 2016 17:35:17
> > To:<juniper-nsp at puck.nether.net
> > Subject: [j-nsp] Cisco vs Juniper confused
> >
> > This is my first port here, We are small size of company and now we
> > are getting harsh by DDoS stuff. We have 10G link in our network
> > terminated on L3 Cisco switch and from there other switches.
> > Everything was working great but recently we started seeing DDoS more
> > and more. They are filling 10G link using NTP, IPFrag etc. attack.
> >
> > Now we are looking for big gear so we keep bad guys out and scrub
> > traffic but confused between Juniper Vs Cisco war.. I am not able to
> > decide what to buy and how it will help us. I have following in my
> > mind, We thought about ASR firewall too but not sure because it can
> > handle DDoS or not.
> >
> > Need your suggestion what i should buy and why? One more thing we are
> > planning to run BGP so we can do null triggering etc.
> >
> > MX80 vs ASR100X - Does this enough to handle DDoS and filter traffic?
> >
> > MX240 vs ASR900X
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list