Home > Applications > Wireless Router > DDoS protection solution

DDoS protection solution

Published time : 2018-07-19 communication network
In the current network environment, DDoS attacks have become very common, and attack traffic can reach several Gbps or more in a few seconds. It is more difficult to defend against these attacks. According to the characteristics of its own data center, a Japanese data center designed a DDoS protection solution with SDN participation.

Solution Introduction

In the current network environment, DDoS attacks have become very common, and attack traffic can reach several Gbps or more in a few seconds. It is more difficult to defend against these attacks. According to the characteristics of its own data center, a Japanese data center designed a DDoS protection solution with SDN participation.

DDoS filtering application steps

1.After the detection server detects the attack, the device forwards the packet to the bypassed OpenFlow switch through BGP.

2.Using the OpenFlow switch to modify the IPDA of the legal packet (the DDA attacked by the DDoS attack) and return the packet. 

3.The purpose of modifying the IPDA is to prevent loops from being sent back to the core router.

4.Illegal packet discard

5.Restore the original IPDA in the packet through the OpenFlow switch near the destination host.

Based on the Shengke TransWarp family of core chips, the Shengke V-Series OpenFlow switches provide industry-leading matching and flexible editing of messages, enabling the network provider's defense DDoS attack solution to be implemented. 

In this solution, the most critical function is that OpenFlow switches must support IPDA rewriting. Currently, this function can only be supported by Shengke TransWarp series switch chips.

The characteristics of solution

Shengke V-Series OpenFlow switches are based on Shengke's new generation of TransWarpTM series of switch chips, providing industry-leading OpenFlow1.3 networking capabilities.

Supports editing of messages and supports rewriting destination IP addresses.

Perfectly compatible with all major controllers (Floodlight, NOX, RYU, etc.).

It is easy to deploy without changing the existing network framework.

Through the Openflow protocol and the controller, the controller is perfectly integrated into the original management system.

Automated operation and maintenance and linkage strategies effectively improve the decision-making and response efficiency of the network in the face of DDoS attacks.

There is no need to use dedicated flow cleaning equipment, which is very low cost compared to the original solution.

DDoS protection solution block diagram

DDoS protection solution block diagram

Key Components

No. Part Number Manufacturer
1 HMC284АMS8GE HTITITE
2 GRM216R71H102K MURATA
3 RMCF0805FT2K87 STACKPOLE