2. www.iptp.net
CLEAN
PIPE VS
LATENCY1. BANDWIDTH3.
EXPENSES4.REACTION TIME2.
We compare 2 ways of mitigation of DDoS attack:
1. Traditional, known as Clean Pipe or Cleaning Center Solution
2 . Distributed Mitigation Managed Service (DMMS) by IPTP Networks.
The comparison will be based on 4 aspects associated with DDoS Mitigation:
IPTP
DMMS
NetwoRK
5. Volumetric distributed Denial-of-Service (DDoS) is a special type of denial of
service attack where the malicious traffic is generated from multiple sources
What is volumetric DDoS?
ISP2
ISP3
ISP1
Global
Internet
www.iptp.net
Target
Server
6. How Clean Pipe solution works?www.iptp.net
ISP2
ISP3
ISP1
Global
Internet
Target
Server
Cleaning
Center
FAKE TARGET
8. 1.1 Latency
ISP1 ISP2 CLEANING
CENTER
ISP3 TARGET
SERVER
WEB-SITE
VISITOR
+50 ms
www.iptp.net
CLEAN PIPE OR CLEANING CENTER
The route of an IP packet during a volumetric DDoS attack,
when redirected through the Cleaning Center.
+50 ms +50 ms +50 ms +50 ms
9. 1.2 Latency
• IP packets do not go any extra distances. They move from the web-site
visitor to the Target Server and back exclusively via our distributed firewalls.
• All our firewalls are geographically-dispersed across the globe, applying
distributed protection against volumetric DDoS while adding no latency.
www.iptp.net
The route of an IP packet during a volumetric DDoS attack,
when protected by IPTP DMMS Network
IPTP
NETWORKS
IPTP
FIREWALL
TARGET
SERVER
WEB-SITE
VISITOR
IPTP DMMS NETWORK
10. 2.1 Reaction Time
It can take from 30 minutes to 1 hour and even longer for
the mitigation to begin.
www.iptp.net
DDoS
Detect Report
to provider
Establish
a tunnel
CLEAN PIPE OR CLEANING CENTER
11. 2.2 Reaction Time
Reaction time is the time from detection of a DDoS
attack to a counter-reaction against it.
3600sec
up to
sec
≈VS
Cleaning
Center
IPTP DMMS
Network
www.iptp.net
0
12. 2.3 Reaction Timewww.iptp.net
Router IPTP
firewall
Target
server
Web-site
visitor
IPTP global
MPLS network
BOTNET
IPTP DMMS NETWORK
IPTP
Firewall
• The traffic is filtered directly at the border of IPTP DMMS Network.
• No manual set-up.
• No tunnel required
13. www.iptp.net 3.1 Bandwidth
• Cleaning Center is normally located within one geographical point,
with limited internet capacity.
• When the attack size exceeds Cleaning Centers capacity it results in
channel aggregation as the ports cease to withstand the traffic load.
CLEAN PIPE OR CLEANING CENTER
ISP1
ISP2
ISP3
Cleaning
Center
Target Server
ISP4
14. IPTP DMMS NETWORK
www.iptp.net 3.2 Bandwidth
• Network capacity of over 30 Tb/s allows to withstand heavy-bandwidth
DDoS attacks, without the risk of service degradation.
• Distribution of traffic among multiple points in our network - no combined
volume of traffic on one network node.
OVER
150010 Gbps
ports
total
capacity
30Tbps
DATA
CENTERS IN
22countries
15. • When additional bandwidth is required, the ISP will charge the DDoS
Mitigation Service Provider, increasing the mitigation costs.
www.iptp.net
CLEAN PIPE OR CLEANING CENTER
4.1 Expenses
ISP1
ISP2
ISP3
ISP4
$
$
Bill for bandwidth
Bill for traffic
Cleaning
Center
Target Server
16. 4.2 Expenseswww.iptp.net
IPTP DMMS NETWORK
• Can mitigate bandwidth-heavy DDoS attacks while
applying no additional charges for the traffic.
• Advanced firewalls can handle multi-gigabits of traffic and filter any
types of floods (ICMP, UDP, SYN and others).
17. Summary
No reaction time.
No added latency
Bandwidth limits higher
by an order of magnitude
No extra charges for
bandwidth overload
No volumetric DDoS
Distributed Mitigation Managed
Service against DDoS by
IPTP Networks is:
www.iptp.net
Geographical
destribution
Advanced
firewalls
Highnetwork
capacity
Zeroreactiontime
Noextra
trafficcharges
No additional
latency
IPTP
DMMS
Network