DDoS (distributed denial of service) attacks are a serious and persistent threat to every network. This series highlights the six widely-accepted technologies and architectures that you can employ to protect your assets.
These are:
- Overprovisioning
- DDoS Mitigation Appliances
- ISP Scrubbers
- Third-Party Scrubbing Services
- Cloud Web Application Firewall
- Remotely Triggered Black Hole
For more detailed information, read our whitepaper, Building Better DDoS Mitigation.
My first post covered on-premise solutions for DDoS mitigation inside the datacenter, including network overprovisioning and DDoS mitigation appliances. This post moves upstream from the datacenter and discusses a technology with considerably larger capacity: ISP Scrubbing Centers
ISP Scrubbing Centers
For this solution, you contract with your ISP(s) to route traffic for specific IP addresses through scrubber appliances deployed in their network. These appliances clean the traffic and send it to your datacenter(s).
An ISP scrubbing center is an effective solution that is fairly simple to implement, since your ISPs are already your provider. It offers significantly larger capacity than on-premise technologies, and mitigation can be activated very quickly because your traffic is already routed through the ISP. In most cases, the ISP can route either entire network blocks or individual IP addresses to their scrubber and send back clean traffic.
However, the scrubbing capacity of an ISP does have an upper limit, based on the extra capacity of their peering bandwidth, typically 20-120Gbps. An attack that exceeds that capacity threatens to overwhelm their peering and impact the quality of service for their other customers. This forces them to divert traffic, most likely to a remotely triggered black hole, completely cutting off access to your site.
If your business uses multiple ISPs, you must contract separately with each of them, adding costs and complexity. Finally, if an attack successfully passes through one of your multiple ISPs, your public-facing websites and other services will be cut off even though the other ISPs are successfully scrubbing traffic. An effective DDoS strategy often involves multiple mitigation technologies. UltraDDoS Protect, our massively scaled DDoS solution, works effectively with other technologies to provide the highest level of protection.
We’d be happy to discuss your DDoS strategy and look for solutions that could strengthen your security posture. Contact us today for a consultative discussion of your strategy and options.
