[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DDoS Mitigation Survey

One other thing I forgot to mention...

Source-specific based rate limiting or queueing.  This is not widely
deployed, but I've used it and tried various approaches on various
occasions with some success.  This is more appropriate at the stub
subnet edges, but can be used at campus borders also if the hardware
doing the prefix matching and limiting/queueing is up to the job.

The basic idea with this approach is try to reduce the impact any
source address has on an aggregate.  Ideally with the queueing approach,
in times where capacity is plentiful, a host could use as much as they
want, perhaps it is even a DoS, but as others contend for the link,
traffic above the threshold from specific sources is dropped first.
In the rate limiting case, this just turns whatever link speed the
end user has into something less.  This works best at an aggregate
upstream so that traffic is rate limited within a so-called trusted