Distributed DoS Mitigation with OpenFlow

Distributed DoS mitigation is another one of the “we were doing SDN without knowing it” cases: remote-triggered black holes are used by most major ISPs, and BGP Flowspec was available for years. Not surprisingly, people started using OpenFlow to implement the same concept (there’s even a proposal to integrate OpenFlow support into Bro IDS).

For more details, watch the Distributed DoS Prevention video recorded during the Real Life OpenFlow-based SDN Use Cases webinar.


  1. Do people implement DDoS mitigation strategies for private networks, for example, a large enterprise running MPLS VPN network
  2. The challenge with a pure OpenFlow DDoS mitigation solution is that you also need to use OpenFlow for forwarding in addition to filtering. An integrated hybrid OpenFlow solution allows normal forwarding (BGP, OSPF, ISIS, etc) and uses OpenFlow only for filtering.

    Readers might be interested in the Network Field Day 7 demonstration where Brocade demonstrated the solution.
Add comment