+1 for for Dave's comment. You can only survive until your upstream is congested.
Mike On 15 April 2016 at 08:05, Dave Bell <m...@geordish.org> wrote: > In my opinion trying to scrub DDoS traffic yourself is a losing battle. Its > likely that an attacker can easily fill the ingress points onto your > network. If this is the case, then legitimate traffic will be dropped > before it even hits you. The damage is already done. The only way around > this is bigger links, which can be costly and your not even guaranteed to > have links big enough to cope with an attack. > > You're better off looking at your upstreams to assist you with this. They > likely have some form of traffic scrubbing solution that you can employ > when under attack. Its likely a lot easier for you to administrate too. > > Regards, > Dave > > On 14 April 2016 at 22:57, Payam Chychi <pchy...@gmail.com> wrote: > > > What gear do you currently have? What do your filtering rules look like? > > You don't need to buy new gear if your filtering much of the bad traffic > at > > the edge using simple ACLs > > > > > > > > On Apr 14, 2016, 2:39 PM -0700, Dovid Bender<do...@telecurve.com>, > wrote: > > > Why not use an external service to scrub your traffic? > > > > > > Regards, > > > > > > Dovid > > > > > > -----Original Message----- > > > From: Satish Patel<satish....@gmail.com > > > Sender: "juniper-nsp"<juniper-nsp-boun...@puck.nether.net>Date: Thu, > 14 > > Apr 2016 17:35:17 > > > To:<juniper-nsp@puck.nether.net > > > Subject: [j-nsp] Cisco vs Juniper confused > > > > > > This is my first port here, We are small size of company and now we > > > are getting harsh by DDoS stuff. We have 10G link in our network > > > terminated on L3 Cisco switch and from there other switches. > > > Everything was working great but recently we started seeing DDoS more > > > and more. They are filling 10G link using NTP, IPFrag etc. attack. > > > > > > Now we are looking for big gear so we keep bad guys out and scrub > > > traffic but confused between Juniper Vs Cisco war.. I am not able to > > > decide what to buy and how it will help us. I have following in my > > > mind, We thought about ASR firewall too but not sure because it can > > > handle DDoS or not. > > > > > > Need your suggestion what i should buy and why? One more thing we are > > > planning to run BGP so we can do null triggering etc. > > > > > > MX80 vs ASR100X - Does this enough to handle DDoS and filter traffic? > > > > > > MX240 vs ASR900X > > > _______________________________________________ > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Michael Gehrmann Senior Network Engineer - Atlassian m: +61 407 570 658 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp