We present various MPLS-based methods to enable a service provider to divert traffic of specific destinations to a centralized scrubbing and inspection facility. The traffic may be diverted from several locations, such as peering points, to the central processing facility. This technique differs from the sinkhole approach, in which the traffic does not come out of the sink and thus does not reach the intended destination. Here, after being processed, the traffic is sent back to the network on its way to the intended destination. This facilitates scalable, focused, and targeted filtering and processing of different customer traffic for on demand tasks such as, reverse proxy (ala Hardie & Wessels, see Bellwether - Surrogate Services for Popular Content," NANOG19), traffic examination, or DDoS attack filtering. The experience of a successful real-life deployment in an ISP environment will be reviewed.

About the Presenters
Yehuda Afek is a Professor in the School of Computer Science at Tel-Aviv University, and the CTO of Riverhead Networks Inc. Currently his research focuses on efficient forwarding and routing algorithms for IP networks, and methods for traffic engineering to stop DDoS attacks. Prior to joining Tel-Aviv University in 1989 he spent four years in AT&T Bell Laboratories. He received his M.Sc. and Ph.D. in Computer Science from UCLA in 1985 and 1983, respectively.

Nicolas Fischbach is a Senior Manager, responsible for the European IP Security Engineering team at COLT Telecom. He also manages the Swiss IP Engineering team, and after participating in the deployment of the Swiss IP network and Internet Solution Center, he helped create the security and network unit of the Professional Services department. He holds an Engineer degree in Networking and Distributed Computing. Nicolas is also co-founder of Sécurité.Org, a French-speaking portal on computer and network security.