"BGP DDoS Protection"

[Mornincupofhate]

So I was browsing some cloud mitigation solutions online and I came across a few companies that give you a gre tunnel, but also re route your traffic to a scrubbing center during an attack. Couldn't they just scrub at the data center where the gre route is located? There's something I'm just not understanding here.

[Mark77]

Sounds like the idea is to provide DDoS mitigation only when its actually needed, rather than on a full time basis.  Thus reducing loading on the tunneling.  So if there is an attack, the BGP routes for your particular AS are altered.  Otherwise, they remain fully pointing at your hardware.

 

Sounds like a reasonable compromise.  After all, most hosts will only be the subject of occasional DDoS attacks, and it would be a giant waste of network resources to have everything routed through a 'scrubbing center'. 

[U.Ho]

Routing traffic through a proper DDoS scrubbing cloud all the time would be really expensive. And I mean ridiculously expensive compared to a normal GRE tunnel connection.

[leadeater]

You able to name the service you were looking at? Would be interested in checking them out.