On Jul 1, 2014, at 7:03 AM, Skeeve Stevens <skeeve+na...@eintellegonetworks.com> wrote:
> Roland, what methods are the easiest/cheapest way to deal with this? Ensure you have visibility into your traffic southbound of the NAT - flow telemetry generally works best for this, and there are plenty of open-source solutions around which allow folks to get up and running quickly. Then deploy either S/RTBH or flowspec on the aggregation routers southbound of the NAT. This makes is easy to squelch compromised/abusive hosts. It might also be worth considering sticking some Web proxies (transparent ones clustered via WCCPv2, if available) southbound of the NAT, as well; while the bandwidth savings may be a wash due to dynamic content, SSL, etc. (all highly variable based upon user behavior), TCP sessions for Web requests from hosts southbound of the NAT will terminate on the proxies, which provide a good point to perform filtering on an as-needed basis. ---------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön
