Are you sure the attacks are coming from a few hosts? I thought most DOS
these days used botnets with many hosts. WFQ wouldn't help in this case.
On Mon, Dec 2, 2013 at 2:51 PM, Kristian Francisco
<kristian.j.f_at_gmail.com>wrote:
> Hello,
>
> I am hoping someone with deep QoS experience can help direct me in an
> attempt to mitigate DoS/DDoS attacks using QoS. In theory, WFQ seems like a
> good mechanism to handle excessive bandwidth usage by a small number of
> hosts attempting to starve the class-default queue.
>
> Scenario:
>
>
> - High Bandwidth Transit Links from Service Provider (40 Gbps)
> - Large Number of Customers (Tens-Hundreds of Thousands)
> - Small Traffic Consumption per Average User (>1Mbps)
>
> Concerns:
>
> - Effectiveness of WFQ as a solution
> - Limited Number of Dynamic Queues
> - Willingness of service provider to implement
>
> Does anyone have experience with mitigating these type of attacks without
> specialized services?
>
> Best Regards,
>
> Kristian J. Francisco
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Marc Abel CCIE #35470 (Routing and Switching) Blogs and organic groups at http://www.ccie.netReceived on Mon Dec 02 2013 - 15:57:54 ART
This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART