Hello,
I am hoping someone with deep QoS experience can help direct me in an
attempt to mitigate DoS/DDoS attacks using QoS. In theory, WFQ seems like a
good mechanism to handle excessive bandwidth usage by a small number of
hosts attempting to starve the class-default queue.
Scenario:
- High Bandwidth Transit Links from Service Provider (40 Gbps)
- Large Number of Customers (Tens-Hundreds of Thousands)
- Small Traffic Consumption per Average User (>1Mbps)
Concerns:
- Effectiveness of WFQ as a solution
- Limited Number of Dynamic Queues
- Willingness of service provider to implement
Does anyone have experience with mitigating these type of attacks without
specialized services?
Best Regards,
Kristian J. Francisco
Blogs and organic groups at http://www.ccie.net
Received on Mon Dec 02 2013 - 14:51:47 ART
This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART