Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation.

Published byEverett Reed Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation."— Presentation transcript:

1 Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation infrastructure Raju Raghavan. S TATA COMMUNICATIONS MENOG – 13 22 Sep 2013

2 Agenda The ContextKey Global Trends The network journey / key learnings Summary

3 Tata Communications - Context Key benefit Over 219 PoPs in 31 countries 6 th largest global IP Service Provider 13 Terabits of round the globe owned cable system. Global IP Service Provider - 6,100G of backbone capacity

4 Challenging Global Trends drive innovation in network planning 250K hits per second Zero Tolerance Exponential traffic growth leads to shorter planning cycles

5 Impact of the global trends on SP infrastructure Planning for Traffic Growth Planning for Traffic Growth Planning for Zero Tolerance Planning for Zero Tolerance Capacity – 100G, 40G, 10G, 1G, STM16, STM4., Load Balancing – LAG, ECMP, entropy label. Data Plane’s effect on Control plane Control Plane’s effect on Data plane Data Plane Control Plane CPU QoS TCAM FIB MFIB LFIB Adjacency L2FIB Backbone / Peer / customer link Utilization Netflow / sFlow / jFlow / IPFIX encrypted flow, L2 PW Flow, giant flow BFD NP Scale Fast SPF calculations BGP ADD Path BFD FRR EOAM G.8032 xSTP LFA BGP Best External Vicious Cycle

6 Network Analytics and focused instrumentation unravel interesting perspectives Control PlaneData Plane 100G / 40G / LAGs Hot potato Routing, Peering management, Multi Gigabit DDoS Attacks, IPv6 Public Cloud / Domain Private Cloud / Domain VPNs, Fast Convergence, BFD/LFA Multiple QoS requirements Application Optimization and SLAs, zero tolerance

7 Food for thought Tata Communications deploys both converged and de-converged architecture in different parts of the network High Traffic vs. high Control plane intensive geographies Does economics play a role? How does it affect planning cycles? Converged Network Model De-Converged Network Model

8 Globally ~2500 large DDoS attacks happen every day (about 2.5 Mn attacks every year) BOSS BOT Chief Infected Computer

9 Zombies Target / Victim Zombies Clean Traffic DDoS attacks can be mitigated using behavioral analysis, black list filtering,protocol validation techniques etc., in a DDoS Scrubbing Farm DDOS Scrubbing farm How can we defend DDoS attacks?

10 Zombies Target Zombies Clean Traffic Zombies Regional Scrubbing Farm + In premise DDoS mitigation infrastructure are not an alternative for obvious reasons. + Firewall, IDS, IPS, Antivirus are a different ballgame Cloud based distributed mitigation vs. in premise mitigation So Tata Communications has deployed a global distributed scrubbing farm that scrubs attack traffic regionally

11 Anycast on-ramping Target Zombies Advertise /32 of the target GRE Tunnel Anycast GRE How can you seamlessly add / remove scrubbing farms as the attack evolves quickly?

12 Case Study | Large Service provider Large Service Provider in Asia.Typical traffic towards one particular destination – 35- 40 Mbps20Gbps Attack from Europe and American zombies

13 Case Study | Large Service provider Bandwidth Attack – Avg Packet size = 1KB

14 14CORPORATE 14 Tata Communications IPv6 Context

15 Learnings from the IPv6 deployment journey Global backbone Have you tried deploying 6 PE with a hierarchical design? Swapping 6PE service labels have no standard mechanisms across leading vendors. Every vendor has a different way of generating the 6PE service labels Tata Communications deploys a global native dual stack backbone with native IPv6 IGP and BGP

16 Global Dual Stack IGP deployment V4 and v6 Topology V4 Topology V6 Topology Tata Communication's deploys Multi-topology ISIS This gives us the flexibility of steering IPv6 and IPv4 traffic on different topologies as vendors evolved their IPv6 support / maturity Integrated Topology view Multi Topology view

17 Summary Innovation in network engineering is being driven by challenging global network trends of exponential traffic growth vis a vis zero tolerance expectations Network analytics of control and data plane uncovers interesting perspectives related to technical behavior of various market segments. These insights can be innovatively applied in network engineering/design. Tackling todays multi gigabit DDoS attacks is best done using a global distributed / intelligent DDoS scrubbing infrastructure. In premise DDoS mitigation infrastructure are not an alternative.

18 Summary Since we started our IPv6 Network journey 10 years back, we had several learnings that prompted us to deploy a unique global dual stack and multi- topology infrastructure Build your network infrastructure not based on “generic best practices” but based on in-depth contextual analytics / focused instrumentation and technical / business merit !

19 Thank you and Happy Innovating for your network!

Download ppt "Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Network Resource Broker for IPTV in Cloud Computing Lei Liang, Dan He University of Surrey, UK OGF 27, G2C Workshop 15 Oct 2009 Banff,

Network Resource Broker for IPTV in Cloud Computing Lei Liang, Dan He University of Surrey, UK OGF 27, G2C Workshop 15 Oct 2009 Banff,
All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Next Generation Network Architectures Summary John.

1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Next Generation Network Architectures Summary John.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP-Prefix Segment in large-scale data centers draft-filsfils-spring-segment-routing-msdc-00.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP-Prefix Segment in large-scale data centers draft-filsfils-spring-segment-routing-msdc-00.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.
IEEE HPSR 2012. IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,

IEEE HPSR IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,
Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.

Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
© 2010 Cisco and/or its affiliates. All rights reserved. 1 Segment Routing Clarence Filsfils – Distinguished Engineer Christian Martin –

© 2010 Cisco and/or its affiliates. All rights reserved. 1 Segment Routing Clarence Filsfils – Distinguished Engineer Christian Martin –
Bringing the Voice of the Consumer Into Your Supply Chain Jake Barr Director, Consumer Driven Supply Network Global Mfg, Planning & Logistics The Procter.

Bringing the Voice of the Consumer Into Your Supply Chain Jake Barr Director, Consumer Driven Supply Network Global Mfg, Planning & Logistics The Procter.
Brocade VDX 6746 switch module for Hitachi Cb500

Brocade VDX 6746 switch module for Hitachi Cb500
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

Similar presentations

Ads by Google