Presentation is loading. Please wait.

Presentation is loading. Please wait.

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

Published byJefferson Swindall Modified over 10 years ago

Similar presentations

Presentation on theme: "NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,"— Presentation transcript:

1 NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta, 27 November 2014

2 NORDUnet Nordic infrastructure for Research & Education Basic DDoS is a major issue; every responsible network must be working on the best ways to counter it So far NORDUnet is doing blackholing It works It kills an entire network Creates ”Innocent bystander” problem Creates reluctance to deploy

3 NORDUnet Nordic infrastructure for Research & Education DDoS structure

4 NORDUnet Nordic infrastructure for Research & Education Options Scrubbing Intelligence DDoS Mitigation Systems (IDMS) Commercial products available (i.e., Arbor Networks) Costly Unlike carriers, we cannot sell it as a service Enterprise-level solutions IP rewrite, running traffic through filter or firewall Does not scale to our needs Flowspec Promising This is our bet for a future solution

5 NORDUnet Nordic infrastructure for Research & Education What is FlowSpec? Flow Specification (RFC 5575) Designed for DDoS mitigation Remote triggered ACLs Extension to BGP Can match in various events and traffic types Can act to rate-limit, redirect, mark, etc Bleeding edge technology, working it’s way through IETF Per-interface capability only came this summer

6 NORDUnet Nordic infrastructure for Research & Education Trying FlowSpec Objective Investigate what a FlowSpec-based solution might look like Is there a good match for NREN environment? DIY, since there’s nothing in the market Can we create a controller to dynamically assign FlowSpec rules? Student project MSc student: Martin Aldrin Controller design and development Full implementation and test Lab exercise

7 NORDUnet Nordic infrastructure for Research & Education DDoS Attack (w/ NTP)

8 NORDUnet Nordic infrastructure for Research & Education Blackhole Real traffic lost

9 NORDUnet Nordic infrastructure for Research & Education Flowspec – edge limit Better, but still load on core

10 NORDUnet Nordic infrastructure for Research & Education Limit w/ FlowSpec controllers Co-operating networks reduce core load

11 NORDUnet Nordic infrastructure for Research & Education Lab w/FlowSpec controllers

12 NORDUnet Nordic infrastructure for Research & Education Attack traffic flow

13 NORDUnet Nordic infrastructure for Research & Education Real traffic flow

14 NORDUnet Nordic infrastructure for Research & Education Status We have done the experiment We have it working in the lab Decision point: is this something we’re pushing towards production? Live network trial? We have not decided We need a customer / border to try it on Solution has network effect Value go up with more deployments There’s mutual benefit (and there’s additional technical work we’d like to do)

15 NORDUnet Nordic infrastructure for Research & Education Joint Effort? Collaborative DDoS effort based on FlowSpec? Are we solving a problem? Is this something other networks see value in? Community adopting the technology? GÉANT Firewall-as-a-service based on FlowSpec What next? Is the idea liked? How do we set up a collaboration? What is the way forward?

16 NORDUnet Nordic infrastructure for Research & Education Conclusions We must have something better than blackhole Right now that means FlowSpec We have to go DIY It works in the lab We want to work with YOU Real value comes of many are doing it

Download ppt "NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,"

Similar presentations

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
TERENA General Assembly meeting, Poznań 9-10 June 2005 Workshop on FP7 Brussels, 11 April 2005 1. Theme: “Research Networking: Where do we go next?”. Attendees:

TERENA General Assembly meeting, Poznań 9-10 June 2005 Workshop on FP7 Brussels, 11 April Theme: “Research Networking: Where do we go next?”. Attendees:
NORDUnet Nordic Infrastructure for Research & Education Service Sharing at NORDUnet Lars Fischer TF-MSP Meeting Malta, 27 November 2014.

NORDUnet Nordic Infrastructure for Research & Education Service Sharing at NORDUnet Lars Fischer TF-MSP Meeting Malta, 27 November 2014.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG 19.04.2013.

Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Report back from Parallel Group 1 Shirley Wood UKERNA and TERENA Executive.

Report back from Parallel Group 1 Shirley Wood UKERNA and TERENA Executive.
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.
SDN and Openflow.

SDN and Openflow.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University

A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Security Towards a coherent portfolio Walter van Dijk TF-MSP - 27 November 2014.

Security Towards a coherent portfolio Walter van Dijk TF-MSP - 27 November 2014.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
NORDUnet Nordic Infrastructure for Research & Education NORDUnet Collaborations with Africa Lars Fischer CTO, NORDUnet 2010 EURO-AFRICA E-INFRASTRUCTURES.

NORDUnet Nordic Infrastructure for Research & Education NORDUnet Collaborations with Africa Lars Fischer CTO, NORDUnet 2010 EURO-AFRICA E-INFRASTRUCTURES.
Bandwidth on Demand Dave Wilson DW238-RIPE

Bandwidth on Demand Dave Wilson DW238-RIPE
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.

Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.

Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.
Extension to LDP-VPLS for Ethernet Broadcast and Multicast draft-delord-l2vpn-ldp-vpls-broadcast-exten-03 Presenter: Zhihua Liu, China Telecom IETF79,

Extension to LDP-VPLS for Ethernet Broadcast and Multicast draft-delord-l2vpn-ldp-vpls-broadcast-exten-03 Presenter: Zhihua Liu, China Telecom IETF79,
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
BGP Flow specification Update

BGP Flow specification Update
Connect communicate collaborate Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina.

Connect communicate collaborate Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina.

Similar presentations

Ads by Google