As industry statistics suggests, many gaming providers are under DDoS attack continuously - each and every day. Gamers are said to be one of the highest profile targets on the Internet, while at the same time their business models require 100% uptime. These two facts manifest into quite the conundrum for today’s gaming providers. Live gaming sites (gambling and roll-play) are extremely sensitive to latency, jitter, and packet loss. DDoS related downtime and outages often equates to loss of revenue, decreased customer loyalty, and reduction of market share.
If online game players experience latency, jitter, and packet loss this could equate to lost bets while gambling for real money, or a disadvantage for the online, roll-play gamer. One could easily image receiving a failure notification when posting a bet online, or getting your favorite guy killed in a video game because the online game you were playing was choppy, jittery, and full of latency.
Also most people don’t know that gaming providers normally purchase much more bandwidth than is needed to support their customers’ needs. They often have many 10G Internet connections deployed in high-availability scenarios. Also most don’t know that gaming providers rarely experience full pipe-saturation DDoS attacks since they have “lots of available bandwidth”. Buying much more bandwidth than is needed is one approach they have implemented to defend against full-pipe saturation DDoS attacks.
However Corero observes that most of the attacks gaming providers experience today are partial-saturation, short-duration attacks that stress the gaming environment, increase latency for players, and often cause packet loss and jitter. For example, the graph below highlights the attacks one gaming provider was subjected to in a single week. The blue spikes in the traffic, shown below, are indicative of short-duration, partial-saturation DDoS attacks.
What options aren’t working?
One option that can block DDoS attacks is called Black Hole Routing. This traditional defense technique is being used today by many ISPs to block DDoS attacks that traverse their networks. However this technique cannot help gaming providers who are under attack. If black hole routing is used, it serves only make matters worse by blocking all good gaming traffic at the same time it blocks the DDoS traffic. Since most attacks are highly spoofed, the ISP cannot block on the source IP addresses of the attackers. In this case the only thing an ISP can do is block on the destination IP addresses which again is sure to block all good traffic. Using this technique would be a disaster for the gaming provider and could literally put them out of business very quickly. Black hole routing is simply not an option in this case.
Another option is to contract with a cloud-based anti-DDoS provider. When a gaming provider comes under attack, all incoming traffic (good traffic and DDoS traffic) destined to the gaming server(s) under attack is rerouted through the cloud-based scrubbing centers. The cloud provider attempts to scrub the DDoS traffic from the good traffic while struggling to forward all good traffic downstream to its destination. Unfortunately in almost all cases, good traffic gets dropped by the cloud-based anti-DDoS provider which can negatively impact the gaming experience.
Also there is a huge problem with this approach. It doesn’t address short-duration, partial-saturation DDoS attacks. Normally the short-duration DDoS attack is over before the reroute can take place. If a successful reroute does take place, typically all players must reconnect to the game they were playing because of the short outage during the reroute. Another drawback with this approach has to do with the partial-saturation attacks. If a gaming provider is forced to remain in a reroute situation to help defeat a partial-saturation, “long-duration” DDoS attack, the cloud-scrubbing costs can climb very rapidly.
Another interesting fact is that most cloud-based anti-DDoS providers simply do not want gaming providers as customers; since the occurrences of attacks are almost guaranteed. They view the risk of attack to be way too high for them since most tend to be risk-adverse. You can compare this notion to a workout facility (gym) that sells memberships. If every member came to the gym every day, and stayed all day long, the gym’s business model would not work so well. They would have too many customers and not enough machines. Instead gyms like to sell memberships to people who seldom use the gym. It’s called oversubscription. ISPs, Hosting Providers, Cloud anti-DDoS Providers and yes, even gyms take advantage of this concept.
There is a better way
Corero sells vast amounts of their SmartWall® Threat Defense Systems (TDS) to online gaming providers all over the world. The Corero technology defends their infrastructure, servers, applications, and customer-base from the negative effects of the DDoS attacks they experience in real-time.
For example, one of the Corero gaming provider customers has over fifteen (15) 10G Internet pipes located in multiple datacenters and Corero is protecting their entire network, defeating every DDoS attack they experience. This gaming provider has deployed the Corero SmartWall® Threat Defense Systems (TDS), inline on each of their 10G pipes. Using this approach, they are actively defeating every attack they experience, in real-time. Although the gaming provider has a cloud-based anti-DDoS contract in place, they rarely if ever use the service even when under a DDoS attack.
The SmartWall® TDS is not adding any measurable latency and the solution never drops good traffic with the Corero Do No Harm approach. There is no way that a gaming provider who is extremely sensitive to latency and packet loss would ever deploy a technology that added latency or dropped good traffic. The Corero approach never drops good traffic or reduces latency, and provides the ability to defeat the broadest range of DDoS attacks gaming providers experience today.
Corero develops solutions that are changing the way organizations “think” with regards to DDoS defenses. Traditional black hole routing and scrubbing-lane approaches are being replaced with real-time, inline defenses that eliminate this threat vector once and for all. Corero solutions provide real-time DDoS protection and DDoS event reporting and analytics for Hosting Providers, Service Providers and the Online Enterprise – including some of the world’s largest gaming providers.