Virtualized Cyber Security: Elastically Scalable DDoS Scrubbing and Threat Deception
A Sandvine Technology Showcase
In early 2017, a tier-1 converged access communications service provider (CSP) in Asia-Pacific issued Sandvine a challenge: demonstrate a distributed denial-of-service (DDoS) attack solution that achieves elastic scale by means of a Virtual Network Function Manager (VNFM).
Such a solution overcomes the enormous inefficiencies of legacy DDoS solutions, which typically consist of proprietary hardware that is dimensioned for rare peaks, and otherwise sits idle, consuming operational resources for no gains.
This paper explains how Sandvine met the challenge, by working with partners Dell EMC, Intel, and RIFT.io.
- The solution leveraged the compute capabilities of two Sandvine VNFs: the Traffic Steering Engine is dynamically provisioned to meet the bandwidth and packet forwarding rate demands of a sudden DDoS attack; the Policy Traffic Switch performs the DDoS scrubbing.
- Dell EMC provided the underlying infrastructure via the DSS 9000 rack scale infrastructure. Based on hyperscale principles, the DSS 9000 provides compute, storage, networking, power and cooling, and open management in a pre-integrated rack. Management is provided at the rack level and is based on the Distributed Management Task Force (DMFT) Redfish specification.
- The Intel ® RSD Pod Manager and the Pod Management Foundation API provided the tools and APIs to integrate platform discovery, lifecycle, boot, configuration, and telemetry capability required to accomplish the orchestration capability of the NFV infrastructure.
- RIFT.io provided the autoscaling framework that allows the Sandvine virtual instances to scale as required by the attack load.
In addition to the DDoS component of this proof-of-concept, Sandvine took the opportunity to demonstrate carrier-scale threat deception.