UPDATE: Efficient and Scalable DDoS Mitigation with SDN (SDN Idol Award WINNER!)
bymschiff03-03-201408:57 AM - edited 03-06-201405:04 PM
DDoS attacks are on the rise. That statement by itself might not be that interesting because in this climate of "cyber insecurity", it is probably no surprise that the number of attacks is increasing. However, what is more interesting, and even more troubling for networks, is that the size of these attacks is on the rise, with some attacks reported at over 400 Gbps. And yet the same solutions that were used for much smaller attacks are being used in attempt to detect and mitigate these security threats. Good luck. Go trying covering up a fire hydrant after it’s already been open, with saran wrap. Truth be told, traditional DDoS mitigation solutions were just not built to respond and handle the immense bandwidth these attack impose on today’s networks. And many current implementations based on sFlow, IPFIX etc. treat all flows as equal at the Layer 4 level, so there is no differentiation between the type of flows: short-lived, long-lived, large, or small. This results in delays in detection of these new mega-scale attacks. Who does this affect? Well in a single word, you. Whether you are a CEO of a major cloud service provider or you are just trying to stream the new season of House of Cards you are at risk of feeling the impact of an attack. That’s because these attacks consume so much bandwidth on the network that they are not just taking out the intended target, but also degrading the services of other customers on the network.
A more scalable and efficient solution is needed to protect cloud data centers and networks from these attacks. SDN offers a way to do this by providing programmatic control of the entire networks so that an application can be used to monitor, detect, and mitigate an attack, all in real-time. Brocade is very excited that we will be able to demonstrate such an application at the Open Networking Summit this week, as it has been named a finalist for the event’s SDN Idol Award. The application, leveraging our newly announced support for OpenFlow 1.3, inMon sFlow-RT and an OpenDaylight framework, treats long-lived, large flows caused by DDoS attacks separately from other Layer 2-4 flows. When an attack happens, the application, within seconds, instructs the network comprised of OpenFlow-enabled Brocade MLXe Routers to rate limit or drop the attack traffic flow in hardware without affecting the performance of the system or network. In addition, the industry’s only true Hybrid Port Mode for OpenFlow allows the rest of the network to behave as normal, so this solution can be seamlessly integrated with existing infrastructures today. With this application, service providers can offer tiered DDoS services to customers and enterprises can have stronger DDoS mitigation more efficiently.
If you are at ONS this week, a live demonstration of the application will take place on Monday at 2:30pm during the Demo Track. Voting for the SDN Idol Award will be Tuesday night during the evening reception at 7pm. A version of the demo will also be in the Brocade Booth #505 during the exhibition. If you are not ONS, check out this video from Networking Field Day 7 of the demo and stay tuned as more material will be made available on this exciting SDN application.