On Mon, May 2, 2016 2:30 pm, Danny McPherson wrote: > We use it effectively in a layered model where "Principle of Minimal > Intervention" applies, allowing attack mitigation and traffic diversion > in the most optimal place (e.g., at network ingress), and only scrubbing > or diverting traffic when necessary.
Sorry to say, but the most optimal place for ddos mitigation is at network egress of origin. What comes in mind regarding that is the ability for target ASN telling source ASN to stop sending packets from a specific (let's say /29) in the case of a DDoS (with appropiate security measures in place off course). Because, let's face it, why would a target of a ddos need to nullroute itself?