Carrier-grade DDoS Mitigation by Genie Networks and F5 Joint Solution
In years past, Distributed Denial of Service (DDoS) attacks have remained one of the major threats to communications service providers (CSPs). DDoS attacks have been dominated by “volumetric” attacks whose sizes continue to increase year over year and usually originate from a large number of geographically distributed bots. The high bandwidth of the volumetric DDoS attacks saturates not only the target victim’s resources, but also exhausts in-the-path network resources processing capacity and interrupts network connectivity. A volumetric DDoS attack impacts not only the target victim, but also the CSP’s network infrastructure as well as the CSP’s other customer networks sharing the same network backbone resources. While many attacks are still volumetric, attackers are leveraging many other techniques as well, NTP amplifications, SSL and application level slow-n-low attacks.
Cost-effective DDoS Mitigation for CSPs
In order to minimize the impact of an attack, the sooner an attack can be detected as it enters the network infrastructure the better. However, the distributed nature of DDoS attacks makes it hard to detect because an attack can come from everywhere in the network. Deploying detection systems everywhere, on every edge link connecting the backbone to the customer networks or peering networks doesn’t work due to the intimidating deployment costs it would incur.
To make the problem worse, even though collectively when the distributed traffic from all the bots gathers at certain points in the network, it brings harm to the network; the traffic behavior from each individual bot may appear as normal traffic with not so huge traffic volume. Therefore, to effectively detect DDoS attacks takes a network-wide pervasive data collection and centralized detection intelligence which possesses a network-wide view of the traffic visibility to make the early detection call.
F5 and Genie Networks have collaborated to bring a carrier-grade DDoS mitigation solution with BIG-IP and GenieATM. The solution enables a cost-effective DDoS mitigation capability for CSPs by leveraging IP Flow records, centralized detection, and high-performance traffic scrubbing.
The components of the F5 BIG-IP DDoS solution support demonstrated high-scale, high-performance architectures, with full-proxy and SSL interception. They provide intrinsic security because they are inline and already inspecting every single user connection instead of sampling or watching traffic off a mirrored port. F5 BIG-IP offers high performance defense capability against network layer attacks with hardware (FPGA) acceleration, application layer anomaly detection, web application firewalling and defense against SSL attacks.
- Network-wide Detection — carrier-grade network coverage by leveraging IP Flow records from routers/switches.
- Network Behavior Analysis-based — analyses traffic data to detect anomalies with unknown content signatures.
- In-line Cleaning On-demand — traffic cleaning gets “in-line” for only suspicious traffic.
- Real-time Traffic Visibility — provides on-the-fly traffic reports of normal traffic, anomaly traffic, scrubbed traffic, and real-time traffic Snapshot and forensic reports.
- Industry-leading Performance — monitors and detects traffic from up to 3,000 routers and scrub the suspicious traffic up to 640 Gbps (L4) and 320 Gbps(L7) per deployment.
- Cost-Performance — small deployment thanks to Flow technologies and the shared scrubbing center architecture.
- Layered Protection — first-line L4 detection for volumetric attacks complemented with L7 attack scrubbing capability.
- No In-line Risks — no in-line latency and single-point-of-failure risks for normal traffic.
- MSSP Enabling — Web GUI portal with multi-tenant design for enabling MSSP easily.
- Comprehensive Analysis — traffic insights for not only the security incidents but also traffic analysis reports for peacetime traffic.
For more information about the Genie and F5 joint solution, please see the resource: F5 BIG-IP + GenieATM Solution Profile.