This is my first post to Nanog. So please don't flame me down ![:wink: :wink:](/images/emoji/apple/wink.png?v=9)
Hi Mario.
Typically the cost of Ddos mitigation is charged on the amount of clean traffic inbound to your network, the number of protected /24 ranges you need protected and the number of datacentres you want to protect.
Ideally the Ddos mitigation solution should block attacks as close as possible to the source of the attack. One good way of doing this is by leveraging anycast from multiple scrubbing centres and ensure there is enough backbone bandwidth between each scrubbing centre to deliver clean traffic.
Blocking it at your upstream transit provider may be too late for significant attacks as any service provider between you and the source could black hole the traffic before it gets to your peers. This results in legitimate traffic not being able to reach your network.
Paras is correct, attacks could be on any port and often multivector and change within an attack campaign if attackers see one vector is not effective. So each attack really needs to be dealt with dynamically to ensure there are no false positives (something is blocked when it shouldn't be)
Unfortunately it is very simple to intimate a Ddos attack, but the cost of mitigation is very high. So the solution you choose really depends on the monetary cost of the outages, clients you have and whether the cost can be amortised over your client base.
I have seen service providers offer premium hosting services which have Ddos mitigation, using separate infrastructure and links to their normal customers. This reduces the cost of mitigation while also containing the risks and the collateral damage.
There are also different Ddos mitigation solutions depending on the service protocols your are offering. Ie web traffic could be mitigated with cdn vs all protocols and ports with BGP via a scrubbing centre.
James Tin
Enterprise Security Architect APJ
Join the Conversation.
Log on to Akamai Community. [http://www.akamai.com/images/img/community-icon-large.png] <https://community.akamai.com/>
[http://www.akamai.com/images/img/bg/akamai-logo.png]<http://www.akamai.com/>
Office: +<tel:+1.617.444.1234>61 9008 4906
Cell: +<tel:+1.617.444.1234>61 466 961 555
Akamai Technologies
Level 7, 76 Berry St
North Sydney, NSW 2071
Connect with Us: [http://www.akamai.com/images/img/akamai-community-icon.jpg] <https://community.akamai.com/> [http://www.akamai.com/graphics/misc/rs_icon_small.png] <http://blogs.akamai.com/> [http://www.akamai.com/graphics/misc/tw_icon_small.png] <https://twitter.com/akamai> [http://www.akamai.com/graphics/misc/fb_icon_small.png] <http://www.facebook.com/AkamaiTechnologies> [http://www.akamai.com/graphics/misc/in_icon_small.png] <http://www.linkedin.com/company/akamai-technologies> [http://www.akamai.com/graphics/misc/yt_icon_small.png] <http://www.youtube.com/user/akamaitechnologies?feature=results_main>