Procera does not handle DDOS events very well … just a word of caution on that based on recent experiences. You really should look at something in front of the Procera to protect it. This is all relevant to traffic levels though – just make sure you understand the capabilities of whichever hardware you are using (ie. 8920).
Yes – too bad you can’t utilize public IP’s for your customers .. would save you a lot of headaches. However, it would just spread out the DDOS impact (meaning the attacks would of course still be there – just wider in aspect)…. 4 Gig attacks are not very large at network edge Paul From: Af [mailto:af-boun...@afmug.com] On Behalf Of Andreas Wiatowski Sent: Friday, April 15, 2016 11:15 AM To: af@afmug.com Subject: Re: [AFMUG] Procera CG NAT So what are people doing to do CGN and get around DDOS to a single IP? We have been doing it on the edge, but the minute a single subscriber gets attacked we have network impact….. there is no way to suppress, my understanding is that if we moved the edge onto the Procera, it can distinguish traffic and suppress an attack. As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we have changed the natted address to get around, but even then we sometimes have the attack follow to the new address. This is becoming a nightmare to manage. If only I could give every customer a public! Cheers, ______________________________ Andreas Wiatowski | CEO Silo Wireless Inc. Email <mailto:andr...@silowireless.com> andr...@silowireless.com 19 Sage Court Brantford, Ontario N3R 7T4 (CANADA) Tel +1.519.449.5656 Extension-600|Fax +1.519.449.5536 |Toll Free +1.866.727.4138 From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini Sent: Friday, April 15, 2016 11:05 AM To: Animal Farm <af@afmug.com <mailto:af@afmug.com> > Subject: Re: [AFMUG] Procera CG NAT afaik, Procera does not support CG NAT On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <andr...@silowireless.com <mailto:andr...@silowireless.com> > wrote: Anyone using CG NAT with Procera…specifically to supress DDOS? Cheers, ______________________________ Andreas Wiatowski | CEO Silo Wireless Inc. Email andr...@silowireless.com <mailto:andr...@silowireless.com> 19 Sage Court Brantford, Ontario N3R 7T4 (CANADA) Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600> Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536> |Toll Free +1.866.727.4138 <tel:%2B1.866.727.4138>
