Roland, Agreed, Ramy's scenario was not truly spot on, but his question still remains. Perf implications when cloud security providers time to detect/mitigate is X minutes. How stable can GRE transports and BGP sessions be when under load?
In my technical opinion, this is a valid argument, which deems wide opinion. Specifically, use-cases about how to apply defense in depth logically in the DC vs Hybrid vs Pure Cloud. Good topic, already some back-chatter personal opinions from Nanog lurkers! Regards, Dennis B. On Tue, Jun 30, 2015 at 2:45 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > > On 1 Jul 2015, at 1:37, Dennis B wrote: > > Would you like to learn more? lol >> > > I'm quite conversant with all these considerations, thanks. > > OP asserted that BGP sessions for diversion into any cloud DDoS mitigation > service ran from the endpoint network through GRE tunnels to the > cloud-based mitigation provider. I was explaining that in most cloud > mitigation scenarios, GRE tunnels are used for re-injection of 'clean' > traffic to the endpoint networks. > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> >