anti-DDOS & MX

SOLVED
kima25
Here to help

anti-DDOS & MX

Hello everyone,
 
Does the SDWAN solution include anti-DDOS, integrated or via a third party VNF?
 
Thank you.
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with @KarstenI - there is no on-premise anti-DDOS solution that works - despite what the sales person says.  Using an ISP provided solution is a serious option.

 

Personally, I move customers who want DDOS protection to someone with serious punch - Amazon AWS.  It is usually cheaper than buying ISP DDOS - and it works.

View solution in original post

4 REPLIES 4
KarstenI
Kind of a big deal
Kind of a big deal

Nothing that is included in the Meraki solution. And in my opinion, if you need something like this, the best option is to choose an ISP that offers this as a service.

PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with @KarstenI - there is no on-premise anti-DDOS solution that works - despite what the sales person says.  Using an ISP provided solution is a serious option.

 

Personally, I move customers who want DDOS protection to someone with serious punch - Amazon AWS.  It is usually cheaper than buying ISP DDOS - and it works.

I also agree with Phil here, and want to give a bit more technical context on this response.

 

A DDoS falls under the broader umbrella of what's known as a resource exhaustion attack: https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-015_Denial_of...

 

While I've seen varying descriptions, in general, any resource can fall under such an Umbrella, including network bandwidth. If someone's saturating your uplink with garbage downlink traffic, there's very little mitigating it on your network perimeter would really accomplish anyway.

In a more traditional sense, we can't mitigate against a DDoS consuming CPU or memory either; processing that many inbound packets through our IPS and inbound firewall is always going to consume both.

BlakeRichardson
Kind of a big deal
Kind of a big deal

Proper DDOS protection requires multiple routing paths and large amounts of WAN bandwidth, far to expensive to do on your own.

 

I had a gaming server years ago that got DDOS because of an unhappy user ( someone killed him in game and took all of his stuff) and even having it hosted by a large gaming website their DDOS protection was useless because it turns out they were doing it themselves. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels