Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...


Chronological Thread 
  • From: "D'Angelo, Cas (Samuel)" <>
  • To: Steven Wallace <>, "" <>
  • Cc: Rob Vietzke <>, George Loftus <>, John Moore <>, "Caroline Weilhamer" <>
  • Subject: Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...
  • Date: Tue, 20 Oct 2015 12:36:43 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

Steve,


I like your list of requirements.  Should we say something about the pricing model we'd prefer? 

  small recurring charge with burst fee for scrubbing

  higher recurring charge with no additional fees

  some other model


Does Internet2 (and TR-CPS) provide the routing based tools today?  Should we start a separate project asking I2 to implement:

  • RTBH with flow spec
  • UTRS

maybe more???


Thanks.


Cas


From: <> on behalf of Steven Wallace <>
Sent: Friday, October 16, 2015 9:59 AM
To:
Cc: Rob Vietzke; George Loftus; John Moore; Caroline Weilhamer
Subject: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...
 
[cc’ing Caroline for NTAC engagement]


I received a couple of volunteers (i.e. 2)  to participate in developing a fast-tracked set of recommendations to Internet2 concerning possible DDoS service offerings. Since this is going to be very light weight, I’m soliciting the entire group to weigh in.

I confirmed with Rob Vietzke that our charge is:

“Internet2 requests that the Security WG recommend a set of DDoS mitigation capabilities to be delivered using, or in conjunction with, the Internet2 network. The intent is to inform Internet2’s expeditious engagement with mitigation providers to on-board services.”

The idea is that the group would provide a list of DDoS mitigation capabilities Internet2 might offer. To expedite I2’s delivery of these capabilities, I2 is not seeking specific vendor recommendations. It’s also my understanding that such services may or may not be delivered via Net+ (as someone said expeditiously and via Net+ have not been proven to co-exist ;-).

I’m going to take this charge a bit farther and also solicit additional Internet2 operational capabilities, such as RTBH with BGP Flowspec and participation in UTRS.


I’ll prime the pump with some desired capabilities:

  • scrubbing service (the ones that announce the campus’s IP space)
  • web, and web-based application caching
  • RTBH with flow spec
  • UTRS
  • DDoS detection



I think it also good to list any constraints that will help inform I2’s efforts.

Let’s use the list to contribute. Next Friday I’ll summarize and deliver to I2 are recommendations. This feels like real progress for this group.

thanks,

ssw



Archive powered by MHonArc 2.6.16.

Top of Page