Real-time DDoS mitigation using BGP RTBH and FlowSpec

DDoS Protect is a recently released open source application running on the sFlow-RT real-time analytics engine. The software uses streaming analytics to rapidly detect and characterize DDoS flood attacks and automatically applies BGP remote triggered black hole (RTBH) and/or FlowSpec controls to mitigate their impact. The total time to detect and mitigate an attack is in the order of a second.

The combination of multi-vendor standard telemetry (sFlow) and control (BGP FlowSpec) provide the real-time visibility and control needed to quickly and automatically adapt the network to address a range of challenging problems, including: DDoS, traffic engineering, and security.

Solutions are deployable today: Arista BGP FlowSpec describes the recent addition of BGP FlowSpec support to Arista EOS (EOS has long supported sFlow), and sFlow available on Juniper MX series routers describes the release of sFlow support on Juniper MX routers (which have long had BGP FlowSpec support). This article demonstrates DDoS mitigation using Arista EOS. Similar configurations should work with any router that supports sFlow and BGP FlowSpec.
The diagram shows a typical deployment scenario in which an instance of sFlow-RT (running the DDoS Protect application) receives sFlow from the site router (ce-router). A  Continue reading

Daily Roundup: Cloud Titans Tank Arista’s Q4

Cloud titans tanked Arista’s Q4; US charged Huawei with theft and espionage; and Microsoft JEDI...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

The Softer Side Of Exascale

When talking about high-end HPC systems in the world, much of the attention often is paid to the massive supercomputers that are being developed by the likes of system makers Cray (now part of Hewlett Packard Enterprise and the main contractor on two exascale systems), Fujitsu, Atos, IBM, and others along with component makers Intel (which is a primary contractor on one exascale system), AMD, and Nvidia.

The Softer Side Of Exascale was written by Jeffrey Burt at The Next Platform.

Is SD-Branch Worth the Hype?

As the SD-WAN market explodes, some service providers are pushing SD-branch as a way to build an...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Heavy Networking 502: Get Off My VLAN! Old Network Engineers On What New Engineers Should Know

As more abstractions and automation layers creep into the network, are network engineers losing their grasp on core fundamentals? Three grumpy old network engineers ponder this question, talk about how we got here, and what can be done about it. Our guests are Chris Young and Ivan Pepelnjak.

The post Heavy Networking 502: Get Off My VLAN! Old Network Engineers On What New Engineers Should Know appeared first on Packet Pushers.

Member News: Internet Society Chapters Focus on Security

Security on your mind: The Internet Society’s Chapter in Benin recently hosted a conference focused on online security and on connectivity issues. Much of the discussion focused on instability of connections in the country, with participants concerned about degraded connections. Participants also talked about limited coverage for mobile services. On the topic of security, speakers urged Internet users to regularly change their passwords, avoid default passwords, and prevent third-party apps from connecting to the services they use.

Secure messages: The Israeli Chapter has focused on the security of messaging and social media apps recently. The Chapter recently posted a guide on how to prevent Instagram accounts from being hacked and a guide on how users can protect their privacy on the Tik Tok messaging app.

Privacy for the young ones: Meanwhile, the Chapter in Portugal, working with the Kids Safe on the Net project, has launched an initiative to improve awareness among Portuguese youth about the importance of online privacy and how they can maintain their privacy.

Good privacy: The Netherlands Chapter recently gave its support to the Good ID initiative, an approach to identity management that prioritizes data privacy and security. Good ID aims to give Internet users Continue reading

Stuff The Internet Says On Scalability For February 14th, 2020

Wake up! It's HighScalability time:

 

Visualize the huge scale of Deep Time by identifying key reference points along the way.

 

Do you like this sort of Stuff? Without your support on Patreon Stuff won't happen. I also wrote Explain the Cloud Like I'm 10 for everyone needing to understand the cloud (who doesn't?). On Amazon it has 93 mostly 5 star reviews (152 on Goodreads). Please be a real cloud hero and recommend it.

 

Number Stuff:

Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

Arista Finally Makes Big Switch Official, Disappoints in Q4

Meanwhile, Arista’s Q4 revenue declined, and took a big hit from cloud and service providers...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

The Force Sides With Amazon, Microsoft JEDI Training Stalls

"It's important that the numerous evaluation errors and blatant political interference that impact...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

US Charges Huawei With Theft, Espionage

Huawei is charged with conspiring to steal intellectual property from six U.S. companies, violating...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Weekly Wrap: Coronavirus Kills MWC Barcelona

SDxCentral Weekly Wrap for Feb. 14, 2020: GSMA cancels this year's MWC Barcelona event; Cisco CEO...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Fast Friday – Networking Field Day 22 Thoughts

Since I’m on the road again at Networking Field Day this week, I have had some great conversations with the delegates and presenters. A few stray thoughts that may develop into full blown blog posts at some point, but I figured I could get some of them out here for some quick entertainment.

  • The startup model means flexibility. That also means you can think about problems in a new light. So it would follow that you get to develop some new idea without a mountain of technical debt. Things like archaic platforms and crusty old user interfaces. You’d be surprised the amount of stuff that gets carried forward as technical debt.
  • Integrating products isn’t easy. Even if you think you’ve got the right slot for your newest acquisition you may find it isn’t the best fit overall. Or, even better, you may find a synergy you didn’t know existed because of a forgotten tool. Very rarely does anything just neatly fit into all your plans.
  • The more guest Wi-Fi I have to register for, the more I long for the days of Passport and OpenRoaming. If you already know who I am, why oh why must I continually register. Who Continue reading

Podcast: BGP in Public Cloud Revisited

After my response to the BGP is a hot mess topic, Corey Quinn graciously invited me to discuss BGP issues on his podcast. It took us a long while to set it up, but we eventually got there… and the results were published last week. Hope you’ll enjoy our chat.

I talked about (lack of) network security in How Networks Really Work webinar. I’ll cover similar topics in the Upcoming Internet Challenges webinar.

Podcast: BGP in Public Cloud Revisited

After my response to the BGP is a hot mess topic, Corey Quinn graciously invited me to discuss BGP issues on his podcast. It took us a long while to set it up, but we eventually got there… and the results were published last week. Hope you’ll enjoy our chat.

I talked about (lack of) network security in How Networks Really Work webinar. I’ll cover similar topics in the Upcoming Internet Challenges webinar.
1 1,068 1,069 1,070 1,071 1,072 3,883