If I de-peer them, I pay my upstream to carry the
attack traffic.
If I maintain peering with them, the attack traffic is free.
It would seem the economics work the other way around.
It would be more cost effective for me to identify the largest sources
of attacks, and reach out to directly peer with them, to avoid paying
an upstream to carry the traffic, if I'm going to end up throwing it
away anyhow.
We are always trying to reply asap on peering@ovh.net if it's network
related (it's not abuse and I don't manage it ;). You're welcome to
share anything wrong so we can mitigate attack with our own antiddos
system, if automatic detection didn't catched it.
We are obviously not responsible for the memcached issue, and we get the
same type / volume of attacks than everyone on input. You should not
have a one way thought, and think about network peering is done with at
least 2 peers which have sometimes the same problem without any direct
responsibility.
> OVH does not suprise me in the least.
>
> Maybe this is finally what it will take to get people to de-peer them.
>If I de-peer them, I pay my upstream to carry the
attack traffic.
Your isp will do rtbh
Your peers wont
OVH does not suprise me in the least.
Maybe this is finally what it will take to get people to de-peer them.
If I de-peer them, I pay my upstream to carry the
attack traffic.Your isp will do rtbh
Your peers wont
Some public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs is a different story.
>
>>> OVH does not suprise me in the least.
>>>
>>> Maybe this is finally what it will take to get people to de-peer them.
>>>
>>
>> If I de-peer them, I pay my upstream to carry the
>> attack traffic.
>>
>
> Your isp will do rtbh
>
> Your peers wontSome public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs
is a different story.
Those IX “blackhole” mechanisms are a perverse ineffective method that
exists solely for marketing reasons. If you aren’t blackholing in the
fabric you aren’t blackholing.
Kind regards,
Job
So I want to buy additional ports at each IX. The slowest speed they offer.
If I am lucky they have a free 100 Mbps. And then I just announce the
prefix I want to blackhole. Doesn't matter that the port overloads. I am
just going to null route the traffic anyway...
Regards
Baldur
>
>>> OVH does not suprise me in the least.
>>>
>>> Maybe this is finally what it will take to get people to de-peer them.
>>>
>>
>> If I de-peer them, I pay my upstream to carry the
>> attack traffic.
>>
>
> Your isp will do rtbh
>
> Your peers wontSome public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs
is a different story.
Those IX “blackhole” mechanisms are a perverse ineffective method that
exists solely for marketing reasons. If you aren’t blackholing in the
fabric you aren’t blackholing.
Kind regards,
Job
So I want to buy additional ports at each IX. The slowest speed they offer.
If I am lucky they have a free 100 Mbps. And then I just announce the
prefix I want to blackhole. Doesn't matter that the port overloads. I am
just going to null route the traffic anyway...
Sure, that works. Those are called “choke ports”.
Kind regards,
Job