DDos protection Services

The modern battle against ddos attacks ( distributed denial of service attacks ) has become wide spread, the days where high risk business models were the only targets for “ddosers” are long gone. Cyber threats are a daily concern for network operators and end users equally.
The diversity of the attack vectors and the ever evolving techniques requires a solution present at the data center Edge, this is the reason at Racknation we have deployed a robust protection scheme available for all our clients.

All RackNation services can be combined with DDos protection right from the start or after deployment depending on the client needs.

DDos protection

Understanding your needs is basic

Racknation offers different types of mitigation services, in conjunction with our premium ddos scrubbing centers in locations like: Miami, Dallas, Washington & Rumania we are able to offer 24×7 traffic divertion for clients prone to constant ddos attacks.
Mitigation for layer 3 and layer 4 attacks under this protection scheme provides mitigation in exactly 1 second, posing no threat to the destination server. If the attack vector used by the attacker results in a traffic leak; Racknation has deployed inline mitigation via RioRey mitigation appliances.

For clients with web only applications looking for layer 7 protection, we recommend remote ddos protection via a WAF (web application firewall). In this model we provide an ip address to be used as the public front end which will protect your web server on the back. Mitigation is completely transparent and immediate for the client.

Both application and website protection is done via exclusive partnership with DDos mitigation Provider DOSBUFFER , Dosbuffer operates mitigation clusters based on RioRey mitigation appliances as well as inhouse developed sflow analyzers.

ddos-booter

How to implement mitigation?

When selecting one of our Cloud Servers or Dedicated Servers packages, be sure to check the option that says “DDos protection”, you will be able to select  24×7 protection or the WAF ddos protection using a remote protected ip address. Any of the mentioned methods can be implemented in a matter of minutes.
The WAF method is the preferred method if your server is only running Web services, if you are running other protocols like SMTP, DNS, NTP of similar select the option that says 24 x 7 protection.

We also offer Emergency DDos protection Services in case you are currently under attack and require a quick solution to protect your environment.

How does RackNation’s DDos mitigation work?

ddos protection architecture


DDos mitigation is composed by a series of carefully synchronized tools which combined react to the traffic anomalies presented while under attack, a typical scenario is listed step by step on the list below:

  1. Hacker triggers a DDos attack against a Racknation client
  2. Inline flow analyzer is consuming netflows from Cisco ASR & Juniper MX240 Core Routers to measure incoming traffic against predefined thresholds. These thresholds determine if an incoming attack is too big to be handled by our inline mitigation alone which can be the case of multi-gig attacks like DNS or NTP amplification. The inline RioRey appliance detects incoming attacks in a matter of a few seconds which as a result informs our SOC and initiates mitigation immediately. The Flow analyzer can tell if there is an incoming attack between 30 to 60 seconds from the attack starting point.
  3. If the incoming attack doesn’t reach the thresholds defined on our edge flow analyzer, then the attack is contained directly by our inline RioRey mitigation appliance, the Riorey appliance sits between the Core router and the Edge router making sure that the customer networks are not affected by malicious traffic.
  4. If the incoming attack surpasses our local capabilities, the flow analyzer triggers a script that connects to the Core router, then using Cisco event manager scripts announces the affected prefix to DosBuffer Scrubbing locations.
  5. Cloud scrubbing centers return filtered traffic back to our ASR Core, in the case that the scrubbing center suffers an attack leak, our inline RioRey appliance is able to filter the leak without affecting the client itself.

The scenario described above is the typical hybrid approach which is the best practice in the industry, we don’t rely entirely on the mitigation scrubbing centers, we use them to carry the heavy weight in case the attack reaches a high bandwidth or high pps level, all in all the mix of the scrubbing center and our inline mitigation appliance provides leverage as well as the possibility to have a clear sight on the attack vector, which is critical in order to achieve a reliable mitigation and to maintain our clients much needed uptime.

In the case of very high risk environments we offer the option of 24 x 7 divertion, where clients traffic is only announced via Dosbuffer scrubbing centers and then filtered by our inline RioRey appliance.

ddos-mitigation-2