Demonstration: 100G Line-rate DDoS Enforcement with BGPFlowSpec Filtering
Being able to secure 100G points of presence against cyber attacks is increasingly important if not urgent. Traditional hardware appliances struggle to offer both detection and enforcement at 100G linerate. Traffic growth is adding to the strain on these boxes – raw throughput, # sessions, session rates, session capacitance limits. IoT is looming and will cause further issue. Corsa will demonstrate a DDoS enforcement engine with flow forwarding to any number of VNFs with a networking approach to offloading functions such as: Logging, DDoS, IPS, blacklisting and whitelisting, advanced threat protection (Zero day protection), CDN filtering, IPSec clustering, NAT. We will demonstrate immediate, precision enforcement at 150 Million PPS per 100G and hundreds of thousands of sources to withstand a volumetric DDoS attack. We will demonstrate a full reference design with the threat detection intelligence coming from an existing DDoS detector, such as Flowmon or Arbor, via BGPFlowSpec.