L4Drop: XDP DDoS Mitigations

L4Drop: XDP DDoS Mitigations

Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop.

L4Drop: XDP DDoS Mitigations
Public domain image by US Air Force

We've written about our DDoS mitigation pipeline extensively in the past, covering:

  • Gatebot: analyzes traffic hitting our edge and deploys DDoS mitigations matching suspect traffic.
  • bpftools: generates Berkeley Packet Filter (BPF) bytecode that matches packets based on DNS queries, p0F signatures, or tcpdump filters.
  • Iptables: matches traffic against the BPF generated by bpftools using the xt_bpf module, and drops it.
  • Floodgate: offloads work from iptables during big attacks that could otherwise overwhelm the kernel networking stack. Incoming traffic bypasses the kernel to go directly to a BPF interpreter in userspace, which efficiently drops packets matching the BPF rules produced by bpftools.

Both iptables and Floodgate send samples of received traffic to Gatebot for analysis, and filter incoming packets using rules generated by bpftools. This ends up looking something like this:

L4Drop: XDP DDoS Mitigations
Floodgate based DDoS mitigation pipeline

This pipeline has served us well, but a lot has changed since we implemented Floodgate. Our new Gen9 and ARM servers use different network Continue reading

New Report: Major Online Retailers Increase Email Marketing Trustworthiness and Follow Unsubscribe Best Practices

Today, the Internet Society’s Online Trust Alliance released its fifth annual Email Marketing & Unsubscribe Audit. OTA researchers analyzed the email marketing practices of 200 of North America’s top online retailers and, based on this analysis, offer prescriptive advice to help marketers provide consumers with choice and control over when and what messages they receive. The Audit assesses the end-to-end user experience from signing up for emails, to receiving emails, to the unsubscribe process and its results.

In the 2018 Audit, seventy-four percent of the top online retailers received “Best of Class” designation, meaning they scored eighty percent or higher in OTA’s analysis of their email marketing. In addition, ten retailers received perfect scores, meaning they adopted all twelve of OTA’s best practices. They are: Dick’s Sporting Goods, Home Depot, Lands’ End, Musician’s Friend, Office Depot, OpticsPlanet, Sierra Trading Post, Staples, Talbots, and Walgreens.

In the subscribe process there were several positive findings. The percentage of sites that had subscribe forms that were easy for the user to find was 94% in 2018, up from 85% in 2017. In addition, one-quarter of sites offered incentives such as free shipping to entice users to subscribe, down slightly from 28% in 2018.

Continue reading

Episode 40 – MPLS Part 4 – Fast Reroute

In this Network Collective community roundtable episode, Nick Russo and Jeff Tantsura join us to close out our MPLS series with an episode on Fast Reroute.

 

We would like to thank VIAVI Solutions for sponsoring this episode of Network Collective. VIAVI Solutions is an application and network management industry leader focusing on end-user experience by providing products that optimize performance and speed problem resolution. Helping to ensure delivery of critical applications for businesses worldwide, Viavi offers an integrated line of precision-engineered software and hardware systems for effective network monitoring and analysis. Learn more at www.viavisolutions.com/networkcollective.

 

Nick Russo
Guest
Jeff Tantsura
Guest
Jordan Martin
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 40 – MPLS Part 4 – Fast Reroute appeared first on Network Collective.

6 ways IoT is transforming retail

In the wake of Black Friday and Cyber Monday, this seems like the perfect time to look some of the many ways that the Internet of Things (IoT) is transforming the world of retail. The IoT is already in use in stores around the world, and according to estimates from Grand View Research, retail IoT could be a $94 billion market by 2025. Here are a half dozen ways that might come to pass:To read this article in full, please click here

The Third India School on Internet Governance

The third edition of the India School on Internet Governance (inSIG) took place from 13–15 October 2018 at the India International Centre in New Delhi in partnership with the Internet Society Indian Chapters: Delhi, Trivandrum, Mumbai, and Kolkata.  It was supported by the Beyond the Net Funding Programme with the participation of Olaf Kolkman, the Internet Society’s Chief Internet Technology Officer.

Ninety participants joined a three day activity event which included  workshops, role play exercises and discussions. The event focused on educating emerging leaders from India and other South Asian countries, such as Afghanistan, Bangladesh, Nepal, and Sri Lanka on their role in the global Internet Governance ecosystem.

On 12 October 2018, two events were co-hosted: Firstly, The Internet Infrastructure Security Day, a workshop to learn more on pen Internet standards and sharing good practices as part of the Global Forum on Cyber Expertise (GFCE) – and secondly, India’s first Youth Internet Governance Forum (YIGF), which conducted multiple sessions on topics of relevance to young Internet users, particularly those in secondary school, college, and early employment. Both events were live streamed and viewed by over 1,500 participants.

A range of several industry experts offered insight into India’s Continue reading

HPE edge offerings merge analytics, applications and IoT systems control

HPE is offering new Edgeline Converged Edge System hardware and software designed to let enterprises not only control machines in their facilities, but also manage and analyze the sea of data generated by devices and sensors at the edge network.The new software lets enterprise network managers and data-center administrators merge data from a variety of third-party applications and remotely manage as many as thousands of Edgeline hardware systems, which are capable of running unmodified enterprise applications, HPE said at its Discover Conference in Madrid Tuesday.To read this article in full, please click here

Cisco predicts nearly 5 zettabytes of IP traffic per year by 2022

Cisco foresees a massive buildup of IP traffic – 4.8 zettabytes per year by 2022, which is over three-times the 2017 rate – lead by the increased use of IoT device traffic, video and sheer number of new users coming onboard. The company also says there will be 4.8 billion Internet users by 2022, up from 3.4 billion in 2017.Those predictions are from Cisco’s Visual Networking Index, its annual look at the state of the Internet culled from actual network traffic reports and independent analyst forecasts.To read this article in full, please click here

Cisco predicts nearly 5 zettabytes of IP traffic per year by 2022

Cisco foresees a massive buildup of IP traffic – 4.8 zettabytes per year by 2022, which is over three-times the 2017 rate – lead by the increased use of IoT device traffic, video and sheer number of new users coming onboard. The company also says there will be 4.8 billion Internet users by 2022, up from 3.4 billion in 2017.Those predictions are from Cisco’s Visual Networking Index, its annual look at the state of the Internet culled from actual network traffic reports and independent analyst forecasts.To read this article in full, please click here

1 1,423 1,424 1,425 1,426 1,427 3,877