Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Distribution Automation of Security Profiles• The problem:• Providers have limited options for mitigating DDoS attacks intra-AS as well as inter-AS• BGP destination black-holes: Portects against the attack butrequires static configuration• BGP src/uRP: difficult for some spoofed attacks and/or supportlarge numbers of sources• Access-Lists: difficult to maintain and occasionally dangerous toinstall• Need dynamic way of conveying info about threat and attack• The Basic IdeaUse BGP to distribute flow specification filters anddynamically filter on routes© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. 32