Peace,
On Wed, Aug 4, 2021, 3:00 AM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
TCP over ANYCAST is crossing the streams. Not surprised it doesn't work and see no reason to change that.Does that imply that you believe no TCP-based protocol deserves protection from DDoS attacks? Because anycast is ultimately the one and the only basement for that protection.?? I had better get me to a patent lawyer then because I have multiple DDoS protection ideas and none involve ANYCAST and only a few TCP.
Either that, or you might want to test your ideas against the specialized field expertise.
Anycast has been the ultimate DDoS mitigation tool for a decade already, and for a reason. Basically, it all comes down to a simple idea: DDoS traffic, generated in thousands of locations on the globe, cannot possibly be handled when accumulated in one of such locations. But it's surely more complicated than that.
Either you have multiple traffic termination points on the net (a.k.a. anycast), each as close to some traffic generation point as possible, or you'll end up having capacity overload around your last mile. This is fundamental, kind of.
--
Töma
