The modern battle against ddos attacks ( distributed denial of service attacks ) has become wide spread, the days where high risk business models were the only targets for “ddosers” are long gone. Cyber threats are a daily concern for network operators and end users equally.

The diversity of the attack vectors and the ever evolving techniques requires a solution present at the data center Edge, this is the reason at Racknation we have deployed a robust protection scheme available for all our clients. All RackNation services can be combined with DDos protection right from the start or after deployment depending on the client needs.

Racknation offers different types of mitigation services, as operators of our own ddos mitigation cluster of RioRey appliances we provide line rate protection in a matter or seconds with no servide degradation or TCP fragmentation or packet loss.

Mitigation for layer 3 and layer 4 attacks under this protection scheme provides mitigation in exactly 1 second, posing no threat to the destination server.

For clients with web only applications looking for layer 7 protection, we recommend remote ddos protection via a WAF (web application firewall). In this model we provide an ip address to be used as the public front end which will protect your web server on the back. Mitigation is completely transparent and immediate for the client.

Both application and website protection is done via inhouse technology using RioRey mitigation appliances and Flow analyzers which react on a real time basis to make changing in our routing schemes depending on the attack vector and dimensions.

How to implement mitigation?

When selecting one of our Cloud Servers or Dedicated Servers packages, be sure to check the option that says “DDos protection”, you will be able to select 24×7 protection or the WAF ddos protection using a remote protected ip address. Any of the mentioned methods can be implemented in a matter of minutes.

The WAF method is the preferred method if your server is only running Web services, if you are running other protocols like SMTP, DNS, NTP of similar select the option that says 24 x 7 protection.

We also offer Emergency DDos protection Services in case you are currently under attack and require a quick solution to protect your environment.

How does RackNation’s DDos mitigation work?

DDos mitigation is composed by a series of carefully synchronized tools which combined react to the traffic anomalies presented while under attack, a typical scenario is listed step by step on the list below:

1- Hacker triggers a DDos attack against a Racknation client

2- Inline flow analyzer is consuming sflows from our Juniper MX Core Routers & EX9208 Switches to measure incoming traffic against predefined thresholds. These thresholds determine if an incoming attack is too big to be handled by our inline mitigation alone which can be the case of 100+ GBPS attacks. The inline RioRey appliance detects incoming attacks in a matter of a few seconds which as a result informs our SOC and initiates mitigation immediately. The Flow analyzer can tell if there is an incoming attack between 30 to 60 seconds from the attack starting point via sflow analysis.

3- If the incoming attack doesn’t reach the thresholds defined on our edge flow analyzer, then the attack is contained directly by our inline RioRey mitigation appliances, the Riorey appliances sit between the Core routers and the Edge routers making sure that the customer networks are not affected by malicious traffic.

4- If the incoming attack surpasses our cluster capabilities, the flow analyzer triggers a script that connects to the Core router, then using carefully crafted scripts, announces the affected prefix to our remote Scrubbing locations.

5- Cloud scrubbing centers return filtered traffic back to our Juniper MX Core, in the case that the scrubbing center suffers an attack leak, our inline RioRey appliance is able to filter the leak without affecting the client itself.

The scenario described above is the typical hybrid approach which is the best practice in the industry, we don’t rely entirely on the mitigation scrubbing centers, we use them to carry the heavy weight in case the attack reaches 100+Gbps of traffic, all in all the mix of the scrubbing center and our inline mitigation appliances provides leverage as well as the possibility to have a clear sight on the attack vector, which is critical in order to achieve a reliable mitigation and to maintain our clients much needed uptime. In the case of very high risk environments we offer the option of 24 x 7 divertion, where clients traffic is only announced via our Miami Equinix MIA1 RioRey cluster scrubbing center and then filtered on a second pass by our local Costa Rican RioRey appliances.