Demonstration: FPGA-based 100 Gbps DDoS protector
DDoS attacks are one of the biggest issues for infrastructure and service providers. The volumetric attacks aim at overloading the organization’s input line, causing packet drops and thus degrading quality of services, or even effectively disconnecting the services. CESNET will showcase live demo of its custom DDoS protection device and service. The device consists of an 100 Gbps FPGA card and a commodity server PC. The FPGA forwards legitimate packets to the protected network and discards the attacks, while the server’s CPU continuously evaluates the network traffic parameters and in case of attacks, it enables FPGA filtering with less than one second delay. Guaranteed throughput, predictable behavior and low price compared to commercial products are the main benefits of this research and development project. Even though still work in progress, the 100Gbps DDoS protector has been deployed in the CESNET NREN infrastructure and gained attention from commercial ISPs and government agencies.