Optimizing Carrier DDoS Mitigation Scenarios - Part 1

Bipin Mistry
By | July 22, 2015

Posted in: ISP DDoS Protection

In a large Carrier environment, DDoS attacks have escalated from a nuisance, to a sophisticated threat, and now to a revenue opportunity. Scrubbing DDoS traffic at a centralized location, after attacks have been detected has become a commonplace approach to reducing the amount of DDoS traffic transiting Carrier networks, and sent to downstream providers. Typical Carrier DDoS deployments involve localized monitoring points for detection of attack traffic, paired with a centralized scrubbing operation. In the event of DDoS attack traffic detection,  both the good and bad traffic for the particular victim subnet will need to transported back to a centralized scrubbing operation, then on-ramped back on to the network at the appropriate point. 

As the surge in data load on the network and traffic fluctuations related to ongoing DDoS attacks continue to increase, Carriers are tasked to cost effectively scale their scrubbing center operations out from 10G to 20G and even 40G to keep pace with network modernizations.  The traditional approach to scaling out a scrubbing operation is costly and cumbersome to manage—continuing to require human intervention as part of the overall mitigation process.

With an automated and economically sound approach for detection mitigation and alerting, scrubbing operations can be scaled in a cost effective manner allowing Carriers to double or even triple scrubbing center capacity at a fraction of the cost. Corero has effectively augmented incumbent scrubbing operations through appliance-based DDoS protection, with flexible bandwidth licensing options to allow for greater protection and scale than previously available, and at a fraction of traditional mitigation costs.

With Corero’s flexible deployment model, Carriers can take advantage of economies of scale, reducing overall opex/capex spend, while maintaining sophisticated and real-time DDoS protection.  Major benefits include:

Improved Visibility into DDoS Activity: Carriers need clear visibility into the threats facing their infrastructure, and their downstream customers. Real-time reporting, alarm and event integration with back-end OSS infrastructure enables

fast reaction times, scalable implementations and the analytics needed to understand the threat condition and proactively improve DDoS security.

Future-proofed to support distributed environments:  The Corero DDoS defense deployment supports a much smaller footprint with 10Gbps full-duplex performance in a ¼ wide, 1 RU form factor, an ideal solution for Carrier networks moving toward a more distributed architecture.

Comprehensive Protection:  With a scrubbing center deployment, suspect traffic flows are redirected to SmartWall Network Threat Defense appliances for traffic validation and granular scrubbing DDoS traffic (layers 3-7). Allowing only good user traffic to transit further into the network and downstream.

Scalability without breaking the budget: Flexible bandwidth licensing allows Carriers the ability to scale existing scrubbing center operations from 10G, 20G and even 40G at roughly ¼ of the cost associated with scaling utilizing traditional solutions.  A rip and replace model is not needed, and a deployment to augment existing solutions is seamless.

Enable Premium Services: Carriers can offer baseline DDoS mitigation services to all customers, but for those customers who place a premium on high availability, or prefer to pay for clean-pipe services the Carriers can create value-added service options to build incremental revenue streams while differentiating from the competition.

In my next post, I will aim to cover in-line DDoS mitigation deployments at peering and transit points in a Carrier network.

You May Also Be Interested In: