Silverline against internet link DDoS

Regarding: how to protect my internet link and not just VIPs.

 

Have someone here setting Silverline DDoS in proxy mode setup?

 

As I understand that an attacker will flood any "backdoor" in my public net link and so make it down.

 

I think the issue is that my internet infra shares the services like ecommerce, mail, vpn, etc, and I think that just setting up ecommerce VIPs in Silverline portal is not enough to guarantee its availability, since I have other known public addresses.

 

Obvious that, if the traffic is not sent to the Silverline, it can't protect against DDoS, thus, an attacker may arrive into IP address instead of name resolution. I understand that an ACL list is needed in ISP and it need to cover all my subnet and not just one or two addresses, So, an ACL white list with Silverline /21, otherwise, I need to be reactive (black list), am I wrong?

 

If I'm right and expecting to be proactive against DDoS attacks, I need to forward all the traffics (web, vpn, mail, etc) to the Silverline, correct? If so, should be a big trouble for me :(

 

Have you experienced this in a similar Silverline deployment?

 

Suggestions are welcome.

 

Best Regards.