[dns-operations] Anycast supernodes

Roland Dobbins rdobbins at arbor.net
Wed Aug 14 13:34:39 UTC 2013

Gavin Brown <gavin.brown at centralnic.com> wrote:

>Now that there are attacks as big as 300Gbps, could you ever rely on such a design to guarantee protection from DDoS attacks?

Bandwidth has *never* been an adequate way to deal with DDoS attacks at any time since they first emerged in the late 1980s, as the attackers have always had highly-asymmetric capacity at their disposal - essentially infinite capacity, relatively speaking.  Also, all DDoS attacks are not volumetric in nature.  

Whoever is handing out such advice is in need of serious education with regards to operational reality, & likely has little experience mitigating actual DDoS attacks of any significance against production systems.  

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list