[j-nsp] Cisco vs Juniper confused
Michael Gehrmann
mgehrmann at atlassian.com
Thu Apr 14 18:45:05 EDT 2016
+1 for for Dave's comment. You can only survive until your upstream is
congested.
Mike
On 15 April 2016 at 08:05, Dave Bell <me at geordish.org> wrote:
> In my opinion trying to scrub DDoS traffic yourself is a losing battle. Its
> likely that an attacker can easily fill the ingress points onto your
> network. If this is the case, then legitimate traffic will be dropped
> before it even hits you. The damage is already done. The only way around
> this is bigger links, which can be costly and your not even guaranteed to
> have links big enough to cope with an attack.
>
> You're better off looking at your upstreams to assist you with this. They
> likely have some form of traffic scrubbing solution that you can employ
> when under attack. Its likely a lot easier for you to administrate too.
>
> Regards,
> Dave
>
> On 14 April 2016 at 22:57, Payam Chychi <pchychi at gmail.com> wrote:
>
> > What gear do you currently have? What do your filtering rules look like?
> > You don't need to buy new gear if your filtering much of the bad traffic
> at
> > the edge using simple ACLs
> >
> >
> >
> > On Apr 14, 2016, 2:39 PM -0700, Dovid Bender<dovid at telecurve.com>,
> wrote:
> > > Why not use an external service to scrub your traffic?
> > >
> > > Regards,
> > >
> > > Dovid
> > >
> > > -----Original Message-----
> > > From: Satish Patel<satish.txt at gmail.com
> > > Sender: "juniper-nsp"<juniper-nsp-bounces at puck.nether.net>Date: Thu,
> 14
> > Apr 2016 17:35:17
> > > To:<juniper-nsp at puck.nether.net
> > > Subject: [j-nsp] Cisco vs Juniper confused
> > >
> > > This is my first port here, We are small size of company and now we
> > > are getting harsh by DDoS stuff. We have 10G link in our network
> > > terminated on L3 Cisco switch and from there other switches.
> > > Everything was working great but recently we started seeing DDoS more
> > > and more. They are filling 10G link using NTP, IPFrag etc. attack.
> > >
> > > Now we are looking for big gear so we keep bad guys out and scrub
> > > traffic but confused between Juniper Vs Cisco war.. I am not able to
> > > decide what to buy and how it will help us. I have following in my
> > > mind, We thought about ASR firewall too but not sure because it can
> > > handle DDoS or not.
> > >
> > > Need your suggestion what i should buy and why? One more thing we are
> > > planning to run BGP so we can do null triggering etc.
> > >
> > > MX80 vs ASR100X - Does this enough to handle DDoS and filter traffic?
> > >
> > > MX240 vs ASR900X
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Michael Gehrmann
Senior Network Engineer - Atlassian
m: +61 407 570 658
More information about the juniper-nsp
mailing list