> -----Original Message----- > From: Jim Mercer [mailto:j...@reptiles.org] > Sent: Monday, May 30, 2011 10:26 AM > To: nanog@nanog.org > Subject: Verisign Internet Defence Network > > it claims to be "Carrier-agnostic and ISP-neutral", yet "When an event > is > detected, Verisign will work with the customer to redirect Internet > traffic > destined for the protected service to a Verisign Internet Defense > Network > site." > > anyone here have any comments on how this works, and how effective it > will be > vs. dealing directly with your upstream providers and getting them to > assist > in shutting down the attack?
It's really very simple. Verisign advertises your netblock to the Internet at whole while at the same time you cease to advertise your route to your ISPs. Traffic gets redirected into VIDN scrubbing center where the bad traffic is removed. The resulting clean traffic is sent via GRE tunnel back to customer CPE router. Regarding how effective it will be vs. getting your upstream to assist really depends on how many upstream providers you have and what their capabilities are. Certainly dealing with one company (Verisign) is going to be a lot easier than dealing with many upstream providers which are likely to not have uniform offerings and services. Most providers that are going to be willing to assist you are only going to null-route traffic towards the destination netblock thereby completing the DoS attack. Those that do have mitigation offerings are going to charge you for it, and then again, it's not a uniform offering across all your upstream providers. I personally think the "cloud-based" approach offered by Verisign makes a whole heckuva lot more sense than trying to deal with heterogeneous offerings from many disparate providers, much less having to open tickets with each provider, having to deal with typical response times, etc. In my experience, reducing the number of cogs usually results in dramatically lower mitigation times, which is certainly the end goal in dealing with these types of attacks. Stefan Fouant JNCIE-M #513, JNCIE-ER #70, JNCI GPG Key ID: 0xB4C956EC
