Maintaining the network availability has been the top priority for enterprises worldwide, as virus attacks have intensified in size, frequency and complexity. In fact, service providers have been unprecedentedly sensitive for their network protection since the first incident of DDoS attacks, which cause Internet outage and severe damage to the serviceability of network infrastructure of the victimized service providers, namely GitHub and Sony.
Today, it is even easier to launch a massive DDoS attacks due to the wide deployments of cloud and IoT infrastructures. DDoS has also evolved from Mbps in size to the now Gbps in volumes, contributed by complicated, multi-virus techniques such as botnet, malware and other devastating methods. Therefore, the threats towards DDoS have escalated the awareness for service providers, and meanwhile, they have realized that they need cloud-based defense against DDoS to mitigate the threat from their network infrastructure and serviceability.
By taking 24/7 availability and up times into consideration, service providers need a cloud-based DDoS protection platform that meet carrier-grade and NEBS compliance for their data center requirement, and preferably a non-proprietary white-box for easy interoperability with secure VNF (Virtualized Network Functions) and cost efficiencies. Therefore, a first-tier service provider, also an enterprise DDoS mitigation solution provider in China co-works with Lanner and have defined the following technological requirements:
24/7 Full-Redundancy and High Availability
To ensure 24/7 uptime, the white-box server shall provide 1+1 redundant power supply units to ensure full-redundancy and high-availability with constant supply of power.
Network Equipment Building System (NEBS) compliant
NEBS compliance is a necessary specifications to function as a carrier-grade hardware in service provider and telecom network environments.
With real-time defense against network attacks in mind, the required white-box shall be capable of real-time digital signal processing to offer continuous uptime performance when executing security instructions and policies at low latency. For example, server grade processors like Intel® Xeon® E5-2600 v3/v4 family should fulfill the requirements. In addition, Intel® x86 processor is built in open architecture to allow interoperability with mainstream cloud applications and secure VNF.
The required white-box must be compatible with affordable, fully managed hybrid, on-premises and in-cloud DDoS protection services.
Deployment Flexibility and Future Expansion:
Empowered Intel® x86 server-grade processor, the white-box hardware shall support software-defined networking (SDN) and NFV, as well as future-proof with high-port density I/O blade for the needed bandwidth expansion in enhanced anti-DDoS instructions.
To meet the requirement of carrier-grade network traffic, the white-box hardware must leverage the latest packet processors to offer 100GbE high-speed throughputs with capacity up to 1.2Tbps.
For deployments in service provider and telecom data centers, Lanner suggests HTCA-6600 anti-DDoS firewall appliance. The NEBS compliant HTCA-6600 provides 24/7 full-redundancy and high availability, as well as the scalability and maximum flexibility with blade I/O design. Compare to Advanced-TCA architecture, Lanner’s HybridTCA is more cost-effective and built for enhanced networking performance.
HTCA-6600 is a carrier-grade x86 server empowered by the optimal combination of Intel® Xeon® CPUs and Broadcom switching processors in deep packet inspection (DPI) and anti-DDoS prevention instructions. HTCA-6600 comes with 6 CPU blades, and each featuring dual Intel® Xeon® E5-2600 v3/v4 Series processors and sixteen DDR4 memory sockets to deliver optimized performance and throughput. HTCA-6600 also provides switch functionality with built-in BCM StrataXGS™ Trident-II/II+ BCM56854/56860 Switch Fabric with 720/1280 Gbps. With the switch fabric, this massive 6U server can accommodate 6 x Swappable I/O blades on the front, supporting up to 2x Switch blades or 6x Ethernet blades. The Ethernet NI blade is driven by Intel® XL710 Ethernet controller and capable of up to thirty-two 10GbE ports.
As the higher-end model, HTCA-6600 is designed with switch blade and CPU blade redundancy. In case one of the blades is encountered with failure, the other will take all the work loads.