[j-nsp] Bandwidth aware using BGP on ISP transit

Adam Vitkovsky Adam.Vitkovsky at gamma.co.uk
Sun Jan 24 17:09:41 EST 2016 

> tim tiriche
> Sent: Sunday, January 24, 2016 10:36 AM
>
> Hello,
>
> How do big companies manage traffic on ISP links automatically.
>
> For eg: I have 10 ISP/Transit links and all announcing the same prefixes.
>
> During a DDOS attack, one of the ISP link got saturated.
>
> I would like to be able to do something if bandwidth exceeds 50% use other
> links.
>
> In MPLS, we can leverage RSVP subscription.  Is there a way to automate this
> for Transit peers?
>
> In the past, i have used aspath for certain prefixes which is slow and does not
> help for short lived DDOS attacks.
>
Hello Tim,

1)
You can use flow telemetry to identify the prefixes under attack (in-house tool or IDS)
Flow collector or IDS can trigger a script that will prepend all but the prefixes under attack on one of the upstream links.(sink holing DDOS traffic to one link)
Result is one upstream link is used solely by the DDOS traffic while other links can service legit traffic.
2)
You can then redirect this DDOS traffic to your closest scrubbing centre (in-house tool or IPS)
3)
Then send the clear traffic to your customer

Or you can use your upstream ISPs' scrubbing services (usually limited) or use third party scrubbing companies.

adam


        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.

More information about the juniper-nsp mailing list