[j-nsp] rate limiting per-user prefix lists
mike+jnsp at willitsonline.com
mike+jnsp at willitsonline.com
Mon Jan 14 12:51:55 EST 2019
On 1/9/19 7:37 AM, Alexander Arseniev via juniper-nsp wrote:
> Hello,
>
> Well, the prefix-action policers would likely relieve congestion on
> Your backhaul MW links but the 100Mbps "last mile" will still be
> congested, with a mix of good and bad packets.
>
> And I would say more bad than good because good traffic (mainly HTTPS
> nowadays) will do TCP backoff at the early stage of congestion and bad
> packets (i.e. UDP flood) will fill the void in the 100Mbps policer
> buckets.
>
> Have a look at the latest Juniper-Correro DDOS solution that detects
> the attack, finds the packet "fingerprint" & then drops only bad
> packets, and it's all automated
>
> https://www.corero.com/resources/data-sheets/juniper-networks-solution-brief/
>
>
> HTH
Thank you for the feedback.
The Correro solution was quoted to me as $50k to protect (1) 10gbps
link, which I think it completely silly.
Mike-
More information about the juniper-nsp
mailing list