Re: default route

RickMi · ‎11-07-2020

Hello,

new to here,

im not sure if you can give me some help.

[my situation now]

i colo servers at datacenter,

and datacenter use their ASN to help me announce my ip,

and set the gateway ip on their router,

by the way,i just need use a general L2 switch to connect my servers to their network/internet.

[my hoping]

i hope to have my ASN to announce my ip,

and i still have only one uplink(isp) to connect the internet.

if my certain /24 ip get ddos attack,

i can use third parity ddos protection service provider to filte the ddos attack( such as https://www.voxility.com/anti-ddos),

they will use gre tunnel to leave clean bandwidth to my servers,

and my servers still use original network to transfer data to visitors(not via gre tunnel).

[my questions]

1. for this purpose,can cisco 3850,3750 or 3650 to make it well ?

2. are there any steps i need to take ? and what the commands i need to set on my cisco device ?

thanks

Georg Pauwen · ‎11-07-2020

Hello,

I checked the Voxility website, it looks like all you need is a device that supports BGP (the 3650/3750/3850 all do) and a GRE tunnel. Voxility requires you to peer with them, and they give you an IP address for the tunnel. That really seems to be all there is to it.

Richard Burts · ‎11-08-2020

I do not have experience with this particular service. But I did work with a customer who used a similar service. For that service to work they needed a device at the edge of the network that could provide these services:

- do address translation for their private address space to public addresses.

- run BGP with the normal Service Provider.

- terminate a GRE tunnel with the provider who would be used while under attack.

I am not sure whether the switches mentioned in the original post can satisfy these requirements.

HTH

Rick