On 1/9/19 7:37 AM, Alexander Arseniev via juniper-nsp wrote: > Hello, > > Well, the prefix-action policers would likely relieve congestion on > Your backhaul MW links but the 100Mbps "last mile" will still be > congested, with a mix of good and bad packets. > > And I would say more bad than good because good traffic (mainly HTTPS > nowadays) will do TCP backoff at the early stage of congestion and bad > packets (i.e. UDP flood) will fill the void in the 100Mbps policer > buckets. > > Have a look at the latest Juniper-Correro DDOS solution that detects > the attack, finds the packet "fingerprint" & then drops only bad > packets, and it's all automated > > https://www.corero.com/resources/data-sheets/juniper-networks-solution-brief/ > > > HTH
Thank you for the feedback. The Correro solution was quoted to me as $50k to protect (1) 10gbps link, which I think it completely silly. Mike- _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp