rextended thank you for your experience, what was magnitude of DDOS attack? and how much bandwidth did you have and how much did bandwidth did the DDOS take?
Right:
On my rack:
2 x guaranted 100Mbps bi-directional from MUX Milano (Milan) by InteRoute -> cross connected on RB1100AH "A" and RB1100AH "B"
2 x guaranted 100Mbps bi-directional from MUX Roma (Rome) by InteRoute -> cross connected on RB1100AH "B" and RB1100AH "A"
4 x RB1100AHx2 "C/D/E/F" Gateway, each connected on both Router 1100AH "A/B" the load balancing and failover happen here
1 x RB1100AHx2 "Spare" connected on each
bypass of all RB1100AH / RB1100AHx2 (ether12) and directly to both Router "A/B"
Each Backbone start from ether11 on "C/D/E/F" and have backup on ether10
2 x RB1200 "G/H" connected on all mentioned device before, as DNS server 1 & 2 and NTP server 1 & 2
1 x RB1200 "I" for HotSpot services, if fail "Spare" take control.
1 x Windows XP for logging, connected only on C/D/E/F/I/Spare
1 x x86 (RouterOS) for User Manager, if fail "D" take charge ("D" have less users than other) connected only on C/D/E/F/Spare
1 x Windows Server 2003 for some Webistes connected on both "A" and "B"
1 x Windows Server 2008 for backup of Websites [actually one by one migrated from 2003] on both "A" and "B"
Usually DDoS or DoS attack not block my network, because if one of connection go to full inbound, there are other 3 links with other range of IP addresses, fully working.
The DDoS take all the inbound bandwidth.
Usually I call InteRoute, and he stop routing such type of traffic on my inbound fiber, and adfter all go normal.
My clients can not notice if one of 4 inbound fiber fail for reach the max througput.
InteRoute is NOT forwarding traffic to another fiber if one of my 4 lines are busy for DDoS or disconnected. I want it in this way.