Mitigate DDoS Threats with Cloud-based Protections

Share it on

Background

Maintaining the network availability has been the top priority for enterprises worldwide, as virus attacks have intensified in size, frequency and complexity. In fact, service providers have been unprecedentedly sensitive for their network protection since the first incident of DDoS attacks, which cause Internet outage and severe damage to the serviceability of network infrastructure of the victimized service providers, namely GitHub and Sony.

Today, it is even easier to launch a massive DDoS attacks due to the wide deployments of cloud and IoT infrastructures. DDoS has also evolved from Mbps in size to the now Gbps in volumes, contributed by complicated, multi-virus techniques such as botnet, malware and other devastating methods. Therefore, the threats towards DDoS have escalated the awareness for service providers, and meanwhile, they have realized that they need cloud-based defense against DDoS to mitigate the threat from their network infrastructure and serviceability.

Requirements

By taking 24/7 availability and up times into consideration, service providers need a cloud-based DDoS protection platform that meet carrier-grade and NEBS compliance for their data center requirement, and preferably a non-proprietary white-box for easy interoperability with secure VNF (Virtualized Network Functions) and cost efficiencies. Therefore, a first-tier service provider, also an enterprise DDoS mitigation solution provider in China co-works with Lanner and have defined the following technological requirements:

24/7 Full-Redundancy and High Availability

To ensure 24/7 uptime, the white-box server shall provide 1+1 redundant power supply units to ensure full-redundancy and high-availability with constant supply of power.

Network Equipment Building System (NEBS) compliant

NEBS compliance is a necessary specifications to function as a carrier-grade hardware in service provider and telecom network environments.

Server-grade Processor

With real-time defense against network attacks in mind, the required white-box shall be capable of real-time digital signal processing to offer continuous uptime performance when executing security instructions and policies at low latency. For example, server grade processors like Intel® Xeon® E5-2600 v3/v4 family should fulfill the requirements. In addition, Intel® x86 processor is built in open architecture to allow interoperability with mainstream cloud applications and secure VNF.

Managed Services:

The required white-box must be compatible with affordable, fully managed hybrid, on-premises and in-cloud DDoS protection services.

Deployment Flexibility and Future Expansion:

Empowered Intel® x86 server-grade processor, the white-box hardware shall support software-defined networking (SDN) and NFV, as well as future-proof with high-port density I/O blade for the needed bandwidth expansion in enhanced anti-DDoS instructions.

High-Throughput

To meet the requirement of carrier-grade network traffic, the white-box hardware must leverage the latest packet processors to offer 100GbE high-speed throughputs with capacity up to 1.2Tbps.

Lanner’s Solution

For deployments in service provider and telecom data centers, Lanner suggests HTCA-6600 anti-DDoS firewall appliance. The NEBS compliant HTCA-6600 provides 24/7 full-redundancy and high availability, as well as the scalability and maximum flexibility with blade I/O design. Compare to Advanced-TCA architecture, Lanner’s HybridTCA is more cost-effective and built for enhanced networking performance.

HTCA-6600 is a carrier-grade x86 server empowered by the optimal combination of Intel® Xeon® CPUs and Broadcom switching processors in deep packet inspection (DPI) and anti-DDoS prevention instructions. HTCA-6600 comes with 6 CPU blades, and each featuring dual Intel® Xeon® E5-2600 v3/v4 Series processors and sixteen DDR4 memory sockets to deliver optimized performance and throughput. HTCA-6600 also provides switch functionality with built-in BCM StrataXGS™ Trident-II/II+ BCM56854/56860 Switch Fabric with 720/1280 Gbps. With the switch fabric, this massive 6U server can accommodate 6 x Swappable I/O blades on the front, supporting up to 2x Switch blades or 6x Ethernet blades. The Ethernet NI blade is driven by Intel® XL710 Ethernet controller and capable of up to thirty-two 10GbE ports.

As the higher-end model, HTCA-6600 is designed with switch blade and CPU blade redundancy. In case one of the blades is encountered with failure, the other will take all the work loads.

Fetured Products

HTCA-6600


High Availability Chassis 6U Telecom Network Appliance with 6 x86 CPU Blades and 6 I/O Blades

CPU Intel® Xeon® processor E5-2600 v3/v4 Series
Chipset Intel C612 Chipset

Read more

HLM-1000


HybridTCA Switching Blade with Broadcom StrataXGS Trident-II BCM56854

CPU None
Chipset None

Read more

HLM-1030


100 GbE Switch Blade with Broadcom StrataXGS Tomahawk BCM56960

CPU None
Chipset Broadcom StrataXGS Tomahawk BCM56960 3.2Tbps bandwidth Multilayer Switch Fabric

Read more

Comparing First and Second Generation Intel® Core™ Processors
Throughput Improvements with the Intel® Data Plane Development Kit
The Evolution of LAN Bypass Technology: Lanner’s Generation One to Generation Three Bypass
Building Next-Generation Network Security with Wind River® DPI Solutions on Lanner FW-8895
The Advantages of Lanner HTCA over ATCA platforms
Unprecedented Performance Gains with the Intel® Atom™ Processor C2000 Product Family
Security Performance Comparison Between Intel Communications Chipset SKUs
Meet the Growing Network, Communications, and Processing Demands with the Intel® Xeon® Processor E5-2600 V3 Grantley Platform
Intel® Ethernet Controller XL710 Reshapes Networking Landscapes
Accelerating Ethernet Performance and Throughput with Intel® DPDK
Lanner’s Secure Boot and Secure Flash
Lanner’s Advanced Generation of LAN Bypass for Reliable Network Traffic
Establish Optimal Performance and Power Consumption Ratio with Intel® Xeon™ D-1500 Series Processor
The 6th Generation Intel Core Processor Further Strengthens Enterprise Cyber Protections
The 6th Generation Intel Core Processor to Redefine Video Streaming
OpenNSL