Introduction
The IoT era has ushered in not only constantly increasing demands for connectivity but also growing concerns about tenacious and complex attacks. DDoS attacks today target not only connection bandwidth, but multiple devices that make up an enterprise’s existing security infrastructure, such as firewall/IPS devices and awide variety of applications such as HTTP, HTTPS, VoIP, DNS and SMTP.
Disruptions to Internet service availability as a result of Distributed Denial of Service (DDoS) attacks could render critical operations crippled, impact customer services and result in an exponential amount of economic losses for all involved.
Service providers and enterprises worldwide therefore need solutions that are capable of not only keeping up with an estimated 1.2 billion concurrent connections for today’s Internet of Things but also offering real-time, line-rate, DDoS detection, protection and automatic mitigation.
Challenges/Requirements
A leading network security service provider specialized in DDoS and network security solutions found Lanner during their search for a network and DDoS threat protection appliance. The requirements for the said appliance are as followed:
- Must feature speedy packet processing, high memory bandwidth and power efficiency.
- Must be capable of extending real-time, line-rate, DDoS detection and automatic mitigation, to 100 Gigabit Ethernet connections.
- Must support large-scale transit and peering point deployments with in-line protection or scrubbing-center topologies.
- Must allow service providers, hosting providers, and the online enterprise to deploy centralized or distributed DDoS attack protection solutions via purpose-built network security appliances.
- Must come with a modular interface and be in a compact 1U form factor for expansion and for easy deployment.
Lanner Solution
• FW-8894
The FW-8894 is a 1U high performance x86 network appliance built with Intel’s latest server-based 14nm micro-architecture Xeon® E5-2600 v4 family processors and C612 PCH (codenamed Broadwell-EP). This particular appliance offers additional lightening faster packet processing performance, high memory bandwidth and significant power efficiency.
The FW-8894 comes with dual Intel® Xeon E5-2600 v3/v4 Series processors for handling enterprise-grade network traffic data and the associated control/signaling infrastructure requirements. Also notable is its support for Intel® QuickAssist acceleration technology, which enables offloading encryption/decryption and compression for up to 25 Gbps.
What’s more, the FW-8894’s modular interface allows the installation of various Lanner modules, making available a maximum of 4 slots for 1G, 10G, or 40G, Fiber or Copper/Bypass NIC modules.
• N2S-RRC01
The N2S-RRC01, Lanner’s first F.A.S.T. solution, is built with Intel RRC FM10420 (codenamed Red Rock Canyon), a chipset designed specifically for high-density rack scale server platforms running high-performance communications infrastructure applications. The N2S-RRC01 supports advanced DPDK acceleration and its most notwithstanding feature is its support for 2x 100G Ethernet ports (QSFB28), delivering socket direct, multi-host performance and lightning speed for almost all networking applications.
Benefits
The FW-8894, configured with the N2S-RRC01 F.A.S.T solution was eventually adopted by the said network security specialist for delivering DDoS detection and automatic mitigation to 100 Gigabit Ethernet connections in a compact 1U form factor.
The FW-8894 is a high-performance hardware solution for building multi-tier or multi-service network environments in which resource utilization can be optimized for achieving maximal user base and high network throughput at each tier of one or more network functions, while also minimizing the likelihood of system bottlenecks and slowdowns.
This robust combination of the FW-8894 and the N2S-RRC01 offers the following competitive advantages for this DDoS solution provider:
-
Powerful CPU and chipset with built-in enhancements and development framework
Intel® Data Plane Development Kit (Intel® DPDK), Intel® QuickPath Interconnect, Intel® AES-NI, Intel® Virtualization, Intel® Turbo Boost, Intel® Hyper-Threading and Intel® Cache Allocation & Monitoring are among the latest Intel® technologies baked into Intel® Xeon® E5-2600 v3 series processor, not only enabling faster development of high speed data packet networking applications but also contributing to the FW-8894’s superior computing performance.
-
Complete I/O, NIC expansion and storage
Built into the FW-8894 are externally accessible 2.5” SATA drive trays, management ports, GbE RJ-45 ports, NIC module slots (for 1G/10G/40G RJ45, SFP fiber, SFP+ fiber, QSFP+ fiber), DDR4 2133 MHz memory, OPMA slot and optional TPM.
Conclusion
This DDoS mitigation solution, built using Lanner’s FW-8894 and the F.A.S.T. solution N2S-RRC01, offers add-on values, innovations and advantages for not only DDoS protection but also enterprise firewall, UTM, IPS, application delivery control, WAN optimization and virtualized network management. Its introduction reinforced this DDoS defense specialist’s leadership role in delivering the robust, real-time, DDoS protection that helps secure the world’s largest enterprise and service provider networks.
Related Articles
- Protect Enterprise Data Center from DDoS Attacks with Next-generation Firewalls
- Preventing DDoS Attacks with High Performance Network Appliances