Skip to Content.
Sympa Menu

netsec-sig - RE: [Security-WG] thinking about arbor cloud ...

Subject: Internet2 Network Security SIG

List archive

RE: [Security-WG] thinking about arbor cloud ...


Chronological Thread 
  • From: "Schopis, Paul" <>
  • To: "Magorian, Daniel F." <>, Steven Wallace <>, "" <>
  • Subject: RE: [Security-WG] thinking about arbor cloud ...
  • Date: Fri, 30 Oct 2015 12:32:33 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 164.107.81.214) smtp.mailfrom=oar.net; internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=bestguesspass action=none header.from=oar.net;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

Dan,
In Ohio where 27 K-12 ITC sites have deployed they got substantial discounts
on the appliance and service. I would think with greater numbers they would
be willing to go deeper.

________________________________________
From:


[]
on behalf of Magorian, Daniel F.
[]
Sent: Thursday, October 29, 2015 3:35 PM
To: Steven Wallace;

Subject: RE: [Security-WG] thinking about arbor cloud ...

Yes, that's their Full Monty but the on-prem box is $100-150k if I remember,
and if we assume that such an I2 service has 50 customers, is that the best
expenditure of $7.5M?

If I2 can get Arbor's essentially-unlimited cloud scrubbing service at a
great price, shared by the members of an I2 DDoS service, and the open-source
detection software is good enough to trust with automatically signaling more
specific /24s to the cloud service with bgp communities, then the mitigation
part of what the on-prem box does might not be needed. But if you only get 3
or whatever, then you need the on-prems to not use those up for small attacks
that can be handled locally.

In this model, we wouldn't have to trust the detection software with
connections to the campus edge routers, which don't change their
advertisements during attacks, which would be needed to use bgp flowspec.
But this way, different campuses could use different mechanisms to detect &
divert, from the Full Monty to manual.

Let 1000 flowers bloom...

Dan

-----Original Message-----
From:


[mailto:]
On Behalf Of Steven Wallace
Sent: Thursday, October 29, 2015 3:10 PM
To:

Subject: [Security-WG] thinking about arbor cloud ...

I was impressed, and it sounds like a combination of their on-prem, their
cloud for larger DDoS, and peek flow for signaling upstream providers would
be sweet, but costly for some.

We have I2 members that have automated DDoS detection and signaling to UTRS
and/or RTBH via BPG for upstream filtering. For those of whom an on-prem
device is not a good option, it might be useful to pursue engaging Arbor
Cloud much the same way as UTRS, although Dan’s comment concerning detecting
the end of the attack would need to be solved.

ssw


Archive powered by MHonArc 2.6.16.

Top of Page