Distributed DoS Mitigation with OpenFlow

Distributed DoS mitigation is another one of the “we were doing SDN without knowing it” cases: remote-triggered black holes are used by most major ISPs, and BGP Flowspec was available for years. Not surprisingly, people started using OpenFlow to implement the same concept (there’s even a proposal to integrate OpenFlow support into Bro IDS).

For more details, watch the Distributed DoS Prevention video recorded during the Real Life OpenFlow-based SDN Use Cases webinar.

Watch the video

Recent posts in the same categories

3 comments:

  1. AB 18 April 2014 13:45
    Do people implement DDoS mitigation strategies for private networks, for example, a large enterprise running MPLS VPN network
    Replies
  2. Peter 22 April 2014 16:39
    The challenge with a pure OpenFlow DDoS mitigation solution is that you also need to use OpenFlow for forwarding in addition to filtering. An integrated hybrid OpenFlow solution allows normal forwarding (BGP, OSPF, ISIS, etc) and uses OpenFlow only for filtering.

    Readers might be interested in the Network Field Day 7 demonstration where Brocade demonstrated the solution.
Add comment
Home
Sidebar