February 26, 2020

205 words 1 min read

Next Gen Blackholing to Counter DDoS

Next Gen Blackholing to Counter DDoS

Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage (recent attacks exceed 1.7 Tbps) and …

Talk Title Next Gen Blackholing to Counter DDoS
Speakers Christoph Dietzel, DE-CIX / TU Berlin
Conference NANOG75
Conf Tag
Location San Francisco, CA
Date Feb 18 2019 - Feb 20 2019
URL Talk Page
Slides Talk Slides
Video Talk Video

Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage (recent attacks exceed 1.7 Tbps) and have a devastating impact on the targeted networks, thus, companies/governments. Over the years, mitigation techniques, ranging from blackholing to ACL filtering at routers, and on to traffic scrubbing, have been added to our defense toolboxes. Even though these mitigation techniques provide some protection, they either yield severe collateral damage, e.g., dropping legitimate traffic, are cost-intensive, or do not scale well for Tbps level attacks. In this talk we present our Next Generation Blackholing system, developed and deployed at DE-CIX by combining available hardware filters with a novel route server-based signaling mechanism. It builds upon the scalability of blackholing while limiting collateral damage by increasing its granularity. We present the design fundamentals and the building blocks while highlighting implementation challenges and performance evaluation.

comments powered by Disqus