rextended thank you for your experience, what was magnitude of DDOS attack? and how much bandwidth did you have and how much did bandwidth did the DDOS take?
On my rack:
2 x guaranted 100Mbps bi-directional from MUX Milano (Milan) by InteRoute -> cross connected on RB1100AH "A" and RB1100AH "B"
2 x guaranted 100Mbps bi-directional from MUX Roma (Rome) by InteRoute -> cross connected on RB1100AH "B" and RB1100AH "A"
4 x RB1100AHx2 "C/D/E/F" Gateway, each connected on both Router 1100AH "A/B" the load balancing and failover happen here
1 x RB1100AHx2 "Spare" connected on each bypass of all RB1100AH / RB1100AHx2
(ether12) and directly to both Router "A/B"
Each Backbone start from ether11 on "C/D/E/F" and have backup on ether10
2 x RB1200 "G/H" connected on all mentioned device before, as DNS server 1 & 2 and NTP server 1 & 2
1 x RB1200 "I" for HotSpot services, if fail "Spare" take control.
1 x Windows XP for logging, connected only on C/D/E/F/I/Spare
1 x x86 (RouterOS) for User Manager, if fail "D" take charge ("D" have less users than other) connected only on C/D/E/F/Spare
1 x Windows Server 2003 for some Webistes connected on both "A" and "B"
1 x Windows Server 2008 for backup of Websites [actually one by one migrated from 2003] on both "A" and "B"
Usually DDoS or DoS attack not block my network, because if one of connection go to full inbound, there are other 3 links with other range of IP addresses, fully working.
The DDoS take all the inbound bandwidth.
Usually I call InteRoute, and he stop routing such type of traffic on my inbound fiber, and adfter all go normal.
My clients can not notice if one of 4 inbound fiber fail for reach the max througput.
InteRoute is NOT forwarding traffic to another fiber if one of my 4 lines are busy for DDoS or disconnected. I want it in this way.
I'm Italian, not English. Sorry for my imperfect grammar.