SlideShare a Scribd company logo

Combating DDoS and why peering is important in Asia

MyNOG
MyNOG

Combating DDoS and why peering is important in Asia Marty Strong Network Engineer (Cloud Flare)

Internet
1 of 27
Download to read offline
Combating DDoS and why peering is important in Asia Marty Strong MyNOG-5 - Kuala Lumpur 20th August 2015
What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics 2MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
How does CloudFlare work? 3 CloudFlare works at the network level ● Once a website is part of the CloudFlare community, its web traffic is routed through our global network of 30+ data centres. ● At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimisation and third party app installations. MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
How does CloudFlare work? How does it work? ● DNS Query - to anycast DNS address ● DNS result returned with Anycast IP ● Client makes connection to returned IP ● CloudFlare replies, session established What happens in the event of an outage? ● Anycast prefixes are withdrawn from problematic PoP ● Traffic re-routes to next closest PoP o TCP session resets at this point CloudFlare Amsterdam CloudFlare Frankfurt CloudFlare London ISP DNS server Visitor 4MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
CloudFlare works globally 5 CloudFlare protects globally ● DDoS attack traffic is localised and lets other geographic areas continue to operate MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why do we peer? 6MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why do we peer? 7 “In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network.” ● To improve performance (reduce hop count, reduce latency etc.) ● To reduce costs ● To ensure anycast traffic lands locally ● To gain more control over routing ● To gain more control of DDoS traffic MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Where do we peer? 8MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Where do we peer? 9 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● IX Australia (Melbourne, Sydney) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● MyIX (Kuala Lumpur) (soon) ● PIPE (Melbourne, Sydney) Plus many more @ http://as13335. peeringdb.com MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
What is a DDoS attack? 10MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
What is a DDoS attack? 11 According to WikiPedia: “In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. This could be CPU resources, but often involves efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where incoming traffic comes from more than one - and often thousands - of unique IPs, either from botnets or via various types of reflection attack.” https://en.wikipedia.org/wiki/Denial-of-service_attack Learn more here: https://www.cloudflare.com/ddos MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS network 12 60 Mbps peak 600 Mbps peak MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS network 13 ● Our usual traffic ratio to eyeball ISPs is around 1:20 inbound:outbound ● However the ratio from the previous slide was 10:1 inbound:outbound ● The attacks shown on the graph are highly likely part of a much bigger global DDoS How do we connect to this ISP? MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS look-and-feel 14 DNS Attacks look different ● Layer-7 attacks (hitting the application layer) ● Purpose: exhaust the CPU (vs. bandwidth) Malicious payload ● Request sent to exploit vulnerability on server ● Purpose: gain control or release sensitive data ● CloudFlare WAF blocks ~1.2 billion request per day Volumetric attack ● Send as many small packets as possible ● Purpose: overwhelm the router ports MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why run 1,000s and 1,000s of servers? 15 Geography ● Spread the load for both content delivery and DDoS processing ● Allows us to distribute the attack more effectively ● Allow specific attack sources to be isolated In-PoP load balancing ● Allows us to ensure no one server bears the entire brunt of an attack Externally presented IP addresses ● One IP can map to 100s (or 1000s) of servers This isn’t just one server MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Anycast routing ● You can’t guarantee which path ISPs will take ● Routing is down to the eyeball ISP ● There are a small number of ways to influence it ○ Use BGP communities to adjust announcements (e.g. do not announce to ASN X) ○ Use AS-Path prepending ○ Peer with ISPs MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 16
What if there was no peering? ● You are reliant on your transit carriers’ routing and interconnection with other providers ● Performance could be affected (long path, more hops etc.) ● Higher likelihood of sporadic changes MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 17
Why is this so important in Asia? 18MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Let’s test: Methodology ● Take an IP prefix it and announce it in multiple locations (anycast) ○ Singapore ○ Hong Kong ○ Toyko ○ Osaka ● Do this separately for each provider in use (NTT, Tata, Pacnet) ● Make RIPE Atlas measurement ○ Probes from HK, ID, JP, KR, MY, PH, SG, TH, VN MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 19
Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 20
Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 21
Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 22
Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 23
Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 24
Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 25
How is this related to ingesting DDoS attacks? ● By utilising multiple transit carriers and peering extensively you have path diversity i.e. multiple ports that will ingest the attack ● You can geographically separate traffic ● There are less collateral issues caused to upstream backbones MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 26
Thank you! Questions? Marty Strong, Network Engineer @martystronguk / @cloudflare marty@cloudflare.com https://www.cloudflare.com/ AS13335 http://as13335.peeringdb.com/ 27MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong

Recommended

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 

Recommended

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my NetworkAPNIC
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodAPNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaMyNOG
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment UpdateBangladesh Network Operators Group
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionBangladesh Network Operators Group
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...SolarWinds
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenMyNOG
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and moreInternet Society
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 

More Related Content

What's hot

Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my NetworkAPNIC
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodAPNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaMyNOG
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...SolarWinds
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenMyNOG
 

What's hot (20)

Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my Network
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas Wilson
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
 

Similar to Combating DDoS and why peering is important in Asia

DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and moreInternet Society
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...Cloudflare
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingCloudflare
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineeringJimmy Lim
 
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTWD Industries AG
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêterNetSecure Day
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectThousandEyes
 
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o... "How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...Cohesive Networks
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPsAPNIC
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP'sTom Paseka
 
202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipeiRonald Hsu
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?Tom Paseka
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesAlexander Penev
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023SaiLinnThu2
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Chris Grundemann
 

Similar to Combating DDoS and why peering is important in Asia (20)

DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
 
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o... "How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPs
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
 
202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023
 
Overlay Network Overview
Overlay Network OverviewOverlay Network Overview
Overlay Network Overview
 

More from MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 

More from MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 

Recently uploaded

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 

Recently uploaded (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 

Combating DDoS and why peering is important in Asia

  • 1. Combating DDoS and why peering is important in Asia Marty Strong MyNOG-5 - Kuala Lumpur 20th August 2015
  • 2. What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics 2MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 3. How does CloudFlare work? 3 CloudFlare works at the network level ● Once a website is part of the CloudFlare community, its web traffic is routed through our global network of 30+ data centres. ● At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimisation and third party app installations. MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 4. How does CloudFlare work? How does it work? ● DNS Query - to anycast DNS address ● DNS result returned with Anycast IP ● Client makes connection to returned IP ● CloudFlare replies, session established What happens in the event of an outage? ● Anycast prefixes are withdrawn from problematic PoP ● Traffic re-routes to next closest PoP o TCP session resets at this point CloudFlare Amsterdam CloudFlare Frankfurt CloudFlare London ISP DNS server Visitor 4MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 5. CloudFlare works globally 5 CloudFlare protects globally ● DDoS attack traffic is localised and lets other geographic areas continue to operate MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 6. Why do we peer? 6MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 7. Why do we peer? 7 “In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network.” ● To improve performance (reduce hop count, reduce latency etc.) ● To reduce costs ● To ensure anycast traffic lands locally ● To gain more control over routing ● To gain more control of DDoS traffic MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 8. Where do we peer? 8MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 9. Where do we peer? 9 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● IX Australia (Melbourne, Sydney) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● MyIX (Kuala Lumpur) (soon) ● PIPE (Melbourne, Sydney) Plus many more @ http://as13335. peeringdb.com MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 10. What is a DDoS attack? 10MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 11. What is a DDoS attack? 11 According to WikiPedia: “In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. This could be CPU resources, but often involves efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where incoming traffic comes from more than one - and often thousands - of unique IPs, either from botnets or via various types of reflection attack.” https://en.wikipedia.org/wiki/Denial-of-service_attack Learn more here: https://www.cloudflare.com/ddos MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 12. DDoS network 12 60 Mbps peak 600 Mbps peak MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 13. DDoS network 13 ● Our usual traffic ratio to eyeball ISPs is around 1:20 inbound:outbound ● However the ratio from the previous slide was 10:1 inbound:outbound ● The attacks shown on the graph are highly likely part of a much bigger global DDoS How do we connect to this ISP? MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 14. DDoS look-and-feel 14 DNS Attacks look different ● Layer-7 attacks (hitting the application layer) ● Purpose: exhaust the CPU (vs. bandwidth) Malicious payload ● Request sent to exploit vulnerability on server ● Purpose: gain control or release sensitive data ● CloudFlare WAF blocks ~1.2 billion request per day Volumetric attack ● Send as many small packets as possible ● Purpose: overwhelm the router ports MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 15. Why run 1,000s and 1,000s of servers? 15 Geography ● Spread the load for both content delivery and DDoS processing ● Allows us to distribute the attack more effectively ● Allow specific attack sources to be isolated In-PoP load balancing ● Allows us to ensure no one server bears the entire brunt of an attack Externally presented IP addresses ● One IP can map to 100s (or 1000s) of servers This isn’t just one server MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 16. Anycast routing ● You can’t guarantee which path ISPs will take ● Routing is down to the eyeball ISP ● There are a small number of ways to influence it ○ Use BGP communities to adjust announcements (e.g. do not announce to ASN X) ○ Use AS-Path prepending ○ Peer with ISPs MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 16
  • 17. What if there was no peering? ● You are reliant on your transit carriers’ routing and interconnection with other providers ● Performance could be affected (long path, more hops etc.) ● Higher likelihood of sporadic changes MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 17
  • 18. Why is this so important in Asia? 18MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 19. Let’s test: Methodology ● Take an IP prefix it and announce it in multiple locations (anycast) ○ Singapore ○ Hong Kong ○ Toyko ○ Osaka ● Do this separately for each provider in use (NTT, Tata, Pacnet) ● Make RIPE Atlas measurement ○ Probes from HK, ID, JP, KR, MY, PH, SG, TH, VN MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 19
  • 20. Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 20
  • 21. Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 21
  • 22. Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 22
  • 23. Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 23
  • 24. Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 24
  • 25. Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 25
  • 26. How is this related to ingesting DDoS attacks? ● By utilising multiple transit carriers and peering extensively you have path diversity i.e. multiple ports that will ingest the attack ● You can geographically separate traffic ● There are less collateral issues caused to upstream backbones MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 26
  • 27. Thank you! Questions? Marty Strong, Network Engineer @martystronguk / @cloudflare marty@cloudflare.com https://www.cloudflare.com/ AS13335 http://as13335.peeringdb.com/ 27MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong