[j-nsp] Cisco vs Juniper confused
Aaron
aaron1 at gvtc.com
Fri Apr 15 12:05:24 EDT 2016
When I have ddos attacks that are sustained and HUGE, then I use my RTBF
trigger router to launch a bgp /32 route to my (3) upstream providers, BANG,
attack stopped, immediately.
My rtbh trigger router is a $50 cisco 2600 that simply injects a /32 route
advertisement to my (3) upstream providers.... they then null route it and
then that attack no longer shows up on my front door.... it's very nice.
And free. My trigger 2600 was a spare router that was in my lab. My
providers don't charge for this, it's just a service they provide.
Also I've heard of Team Cymru's UTRS... I might convert my sp-specific /32
or community tagging to this more open/standard non-sp-specific way later...
http://www.team-cymru.org/UTRS/
Also, for other attacks, I have crafted a set of policers on my asr9k's
facing the internet that limit how much dns, ntp, whatever, can enter my
network. This is nice as I don't allow 5 gbps of DNS reflexive attack !!
....only say for instance 25 mbps of dns...something that makes sense.
Aaron
-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
Satish Patel
Sent: Thursday, April 14, 2016 4:35 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Cisco vs Juniper confused
This is my first port here, We are small size of company and now we are
getting harsh by DDoS stuff. We have 10G link in our network terminated on
L3 Cisco switch and from there other switches.
Everything was working great but recently we started seeing DDoS more and
more. They are filling 10G link using NTP, IPFrag etc. attack.
Now we are looking for big gear so we keep bad guys out and scrub traffic
but confused between Juniper Vs Cisco war.. I am not able to decide what to
buy and how it will help us. I have following in my mind, We thought about
ASR firewall too but not sure because it can handle DDoS or not.
Need your suggestion what i should buy and why? One more thing we are
planning to run BGP so we can do null triggering etc.
MX80 vs ASR100X - Does this enough to handle DDoS and filter traffic?
MX240 vs ASR900X
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list