SlideShare a Scribd company logo

Combating DDoS and why peering is important in Asia

MyNOG
MyNOG

The document discusses CloudFlare's services for mitigating DDoS attacks and the importance of peering in Asia. CloudFlare works at the network level by routing traffic through its global network of data centers where it performs functions like DNS management, caching, and security. Peering is important because it improves performance, reduces costs, and helps CloudFlare better control routing and isolate attack traffic. The document demonstrates through tests how peering with different Asian providers results in traffic taking more optimal and local paths. Peering is especially important in Asia due to the region's network architecture and ensures CloudFlare can better ingest and mitigate DDoS attacks from multiple ports and locations.

Internet
1 of 27
Download to read offline
Combating DDoS and why peering is important in Asia Marty Strong MyNOG-5 - Kuala Lumpur 20th August 2015
What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics 2MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
How does CloudFlare work? 3 CloudFlare works at the network level ● Once a website is part of the CloudFlare community, its web traffic is routed through our global network of 30+ data centres. ● At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimisation and third party app installations. MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
How does CloudFlare work? How does it work? ● DNS Query - to anycast DNS address ● DNS result returned with Anycast IP ● Client makes connection to returned IP ● CloudFlare replies, session established What happens in the event of an outage? ● Anycast prefixes are withdrawn from problematic PoP ● Traffic re-routes to next closest PoP o TCP session resets at this point CloudFlare Amsterdam CloudFlare Frankfurt CloudFlare London ISP DNS server Visitor 4MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
CloudFlare works globally 5 CloudFlare protects globally ● DDoS attack traffic is localised and lets other geographic areas continue to operate MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why do we peer? 6MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why do we peer? 7 “In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network.” ● To improve performance (reduce hop count, reduce latency etc.) ● To reduce costs ● To ensure anycast traffic lands locally ● To gain more control over routing ● To gain more control of DDoS traffic MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Where do we peer? 8MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Where do we peer? 9 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● IX Australia (Melbourne, Sydney) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● MyIX (Kuala Lumpur) (soon) ● PIPE (Melbourne, Sydney) Plus many more @ http://as13335. peeringdb.com MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
What is a DDoS attack? 10MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
What is a DDoS attack? 11 According to WikiPedia: “In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. This could be CPU resources, but often involves efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where incoming traffic comes from more than one - and often thousands - of unique IPs, either from botnets or via various types of reflection attack.” https://en.wikipedia.org/wiki/Denial-of-service_attack Learn more here: https://www.cloudflare.com/ddos MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS network 12 60 Mbps peak 600 Mbps peak MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS network 13 ● Our usual traffic ratio to eyeball ISPs is around 1:20 inbound:outbound ● However the ratio from the previous slide was 10:1 inbound:outbound ● The attacks shown on the graph are highly likely part of a much bigger global DDoS How do we connect to this ISP? MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
DDoS look-and-feel 14 DNS Attacks look different ● Layer-7 attacks (hitting the application layer) ● Purpose: exhaust the CPU (vs. bandwidth) Malicious payload ● Request sent to exploit vulnerability on server ● Purpose: gain control or release sensitive data ● CloudFlare WAF blocks ~1.2 billion request per day Volumetric attack ● Send as many small packets as possible ● Purpose: overwhelm the router ports MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Why run 1,000s and 1,000s of servers? 15 Geography ● Spread the load for both content delivery and DDoS processing ● Allows us to distribute the attack more effectively ● Allow specific attack sources to be isolated In-PoP load balancing ● Allows us to ensure no one server bears the entire brunt of an attack Externally presented IP addresses ● One IP can map to 100s (or 1000s) of servers This isn’t just one server MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Anycast routing ● You can’t guarantee which path ISPs will take ● Routing is down to the eyeball ISP ● There are a small number of ways to influence it ○ Use BGP communities to adjust announcements (e.g. do not announce to ASN X) ○ Use AS-Path prepending ○ Peer with ISPs MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 16
What if there was no peering? ● You are reliant on your transit carriers’ routing and interconnection with other providers ● Performance could be affected (long path, more hops etc.) ● Higher likelihood of sporadic changes MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 17
Why is this so important in Asia? 18MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
Let’s test: Methodology ● Take an IP prefix it and announce it in multiple locations (anycast) ○ Singapore ○ Hong Kong ○ Toyko ○ Osaka ● Do this separately for each provider in use (NTT, Tata, Pacnet) ● Make RIPE Atlas measurement ○ Probes from HK, ID, JP, KR, MY, PH, SG, TH, VN MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 19
Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 20
Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 21
Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 22
Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 23
Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 24
Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 25
How is this related to ingesting DDoS attacks? ● By utilising multiple transit carriers and peering extensively you have path diversity i.e. multiple ports that will ingest the attack ● You can geographically separate traffic ● There are less collateral issues caused to upstream backbones MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 26
Thank you! Questions? Marty Strong, Network Engineer @martystronguk / @cloudflare marty@cloudflare.com https://www.cloudflare.com/ AS13335 http://as13335.peeringdb.com/ 27MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong

Recommended

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
MyNOG
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda Buwu
MyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric Leung
MyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
MyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
MyNOG
 

Recommended

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
MyNOG
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda Buwu
MyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric Leung
MyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
MyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
MyNOG
 
Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my Network
APNIC
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
MyNOG
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
Bangladesh Network Operators Group
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PROIDEA
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
APNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas Wilson
MyNOG
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
APNIC
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
Bangladesh Network Operators Group
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
APNIC
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Bangladesh Network Operators Group
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
APNIC
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
SolarWinds
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
MyNOG
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
Internet Society
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
allanjude
 

More Related Content

What's hot

Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my Network
APNIC
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
MyNOG
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
Bangladesh Network Operators Group
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PROIDEA
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
APNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas Wilson
MyNOG
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
APNIC
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
Bangladesh Network Operators Group
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
APNIC
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Bangladesh Network Operators Group
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
APNIC
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
SolarWinds
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
MyNOG
 

What's hot (20)

Why I should Model my Network
Why I should Model my NetworkWhy I should Model my Network
Why I should Model my Network
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas Wilson
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
 

Similar to Combating DDoS and why peering is important in Asia

DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
Internet Society
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
allanjude
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
Cloudflare
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
Cloudflare
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
Alexander Velikiy
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
Jimmy Lim
 
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TWD Industries AG
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
NetSecure Day
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
ThousandEyes
 
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o... "How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
Cohesive Networks
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
Cloudflare
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
Tom Paseka
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPs
APNIC
 
202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei
Ronald Hsu
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
Tom Paseka
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
SaiLinnThu2
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023
Chris Grundemann
 
Overlay Network Overview
Overlay Network OverviewOverlay Network Overview
Overlay Network Overview
Devang Badrakiya
 

Similar to Combating DDoS and why peering is important in Asia (20)

DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTrustLeap GWAN - The multicore Future requires Parallelism Programming tools
TrustLeap GWAN - The multicore Future requires Parallelism Programming tools
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
 
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o... "How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPs
 
202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei202104 technical challenging and our solutions - golang taipei
202104 technical challenging and our solutions - golang taipei
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023
 
Overlay Network Overview
Overlay Network OverviewOverlay Network Overview
Overlay Network Overview
 

More from MyNOG

MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIAMEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MyNOG
 
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s HotspotsMalaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
MyNOG
 
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICESHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
MyNOG
 
Building a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of InterconnectionBuilding a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of Interconnection
MyNOG
 
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIESCOHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
MyNOG
 
Strategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data LandscapeStrategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data Landscape
MyNOG
 
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya KaulSRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
MyNOG
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
MyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
MyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
MyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
MyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
MyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
MyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
MyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
MyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
MyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
MyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
MyNOG
 

More from MyNOG (20)

MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIAMEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
 
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s HotspotsMalaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
 
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICESHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
 
Building a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of InterconnectionBuilding a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of Interconnection
 
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIESCOHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
 
Strategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data LandscapeStrategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data Landscape
 
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya KaulSRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 

Recently uploaded

Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
narwatsonia7
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
Febless Hernane
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENTUnlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
rajesh344555
 
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. ITNetwork Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Sarthak Sobti
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 
DocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptxDocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptx
AmitTuteja9
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
Federico Ast
 
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
Web Inspire
 
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENTUnlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
rajesh344555
 

Recently uploaded (15)

Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENTUnlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
Unlimited Short Call Girls Mumbai ✅ 9833363713 FULL CASH PAYMENT
 
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. ITNetwork Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 
DocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptxDocSplit Subsequent Implementation Activation.pptx
DocSplit Subsequent Implementation Activation.pptx
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
 
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...
 
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENTUnlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
Unlimited Short Call Girls Navi Mumbai ✅ 9967824496 FULL CASH PAYMENT
 

Combating DDoS and why peering is important in Asia

  • 1. Combating DDoS and why peering is important in Asia Marty Strong MyNOG-5 - Kuala Lumpur 20th August 2015
  • 2. What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics 2MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 3. How does CloudFlare work? 3 CloudFlare works at the network level ● Once a website is part of the CloudFlare community, its web traffic is routed through our global network of 30+ data centres. ● At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimisation and third party app installations. MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 4. How does CloudFlare work? How does it work? ● DNS Query - to anycast DNS address ● DNS result returned with Anycast IP ● Client makes connection to returned IP ● CloudFlare replies, session established What happens in the event of an outage? ● Anycast prefixes are withdrawn from problematic PoP ● Traffic re-routes to next closest PoP o TCP session resets at this point CloudFlare Amsterdam CloudFlare Frankfurt CloudFlare London ISP DNS server Visitor 4MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 5. CloudFlare works globally 5 CloudFlare protects globally ● DDoS attack traffic is localised and lets other geographic areas continue to operate MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 6. Why do we peer? 6MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 7. Why do we peer? 7 “In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network.” ● To improve performance (reduce hop count, reduce latency etc.) ● To reduce costs ● To ensure anycast traffic lands locally ● To gain more control over routing ● To gain more control of DDoS traffic MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 8. Where do we peer? 8MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 9. Where do we peer? 9 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● IX Australia (Melbourne, Sydney) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● MyIX (Kuala Lumpur) (soon) ● PIPE (Melbourne, Sydney) Plus many more @ http://as13335. peeringdb.com MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 10. What is a DDoS attack? 10MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 11. What is a DDoS attack? 11 According to WikiPedia: “In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. This could be CPU resources, but often involves efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where incoming traffic comes from more than one - and often thousands - of unique IPs, either from botnets or via various types of reflection attack.” https://en.wikipedia.org/wiki/Denial-of-service_attack Learn more here: https://www.cloudflare.com/ddos MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 12. DDoS network 12 60 Mbps peak 600 Mbps peak MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 13. DDoS network 13 ● Our usual traffic ratio to eyeball ISPs is around 1:20 inbound:outbound ● However the ratio from the previous slide was 10:1 inbound:outbound ● The attacks shown on the graph are highly likely part of a much bigger global DDoS How do we connect to this ISP? MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 14. DDoS look-and-feel 14 DNS Attacks look different ● Layer-7 attacks (hitting the application layer) ● Purpose: exhaust the CPU (vs. bandwidth) Malicious payload ● Request sent to exploit vulnerability on server ● Purpose: gain control or release sensitive data ● CloudFlare WAF blocks ~1.2 billion request per day Volumetric attack ● Send as many small packets as possible ● Purpose: overwhelm the router ports MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 15. Why run 1,000s and 1,000s of servers? 15 Geography ● Spread the load for both content delivery and DDoS processing ● Allows us to distribute the attack more effectively ● Allow specific attack sources to be isolated In-PoP load balancing ● Allows us to ensure no one server bears the entire brunt of an attack Externally presented IP addresses ● One IP can map to 100s (or 1000s) of servers This isn’t just one server MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 16. Anycast routing ● You can’t guarantee which path ISPs will take ● Routing is down to the eyeball ISP ● There are a small number of ways to influence it ○ Use BGP communities to adjust announcements (e.g. do not announce to ASN X) ○ Use AS-Path prepending ○ Peer with ISPs MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 16
  • 17. What if there was no peering? ● You are reliant on your transit carriers’ routing and interconnection with other providers ● Performance could be affected (long path, more hops etc.) ● Higher likelihood of sporadic changes MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 17
  • 18. Why is this so important in Asia? 18MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong
  • 19. Let’s test: Methodology ● Take an IP prefix it and announce it in multiple locations (anycast) ○ Singapore ○ Hong Kong ○ Toyko ○ Osaka ● Do this separately for each provider in use (NTT, Tata, Pacnet) ● Make RIPE Atlas measurement ○ Probes from HK, ID, JP, KR, MY, PH, SG, TH, VN MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 19
  • 20. Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 20
  • 21. Let’s test: NTT (AS2914) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144281&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 21
  • 22. Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 22
  • 23. Let’s test: Tata (AS6453) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2144631&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 23
  • 24. Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 24
  • 25. Let’s test: Pacnet (AS10026) https://marmot.ripe.net/openipmap/tracemap?msm_ids=2176427&show_suggestions=1&max_probes=274 MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 25
  • 26. How is this related to ingesting DDoS attacks? ● By utilising multiple transit carriers and peering extensively you have path diversity i.e. multiple ports that will ingest the attack ● You can geographically separate traffic ● There are less collateral issues caused to upstream backbones MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong 26
  • 27. Thank you! Questions? Marty Strong, Network Engineer @martystronguk / @cloudflare marty@cloudflare.com https://www.cloudflare.com/ AS13335 http://as13335.peeringdb.com/ 27MyNOG-5 - Combating DDoS and why peering is important in Asia - Marty Strong