Customer Presentation Skasman2015v6
-
Upload
eric-albert -
Category
Documents
-
view
77 -
download
2
description
Transcript of Customer Presentation Skasman2015v6
vDDoS Solution: Arbor + Cisco Sachlany Kasman
Presales Consultant ASEAN [email protected]
2
Agenda – Arbor & Cisco ASR9000 / VSM
1. Arbor Introduc.on 2. DDoS Landscape 3. Cisco + Arbor Solu.on Overview 4. Deployment Scenarios and Use Cases 5. Configura.on and Availability 6. Arbor DDoS and Visibility Family 7. Q&A
3 3
ARBOR NETWORKS OVERVIEW 90%
Percentage of world’s Tier 1 service providers who are Arbor customers 107
Number of countries with Arbor products deployed
120+ Tbps
Amount of global traffic monitored by the ATLAS security intelligence iniAaAve!
#1
Arbor market posiAon in DDoS MiAgaAon Equipment in Carrier, Enterprise and Mobile markets [InfoneAcs Research, Dec. 2014]
Number of years Arbor has been delivering innovaAve security and network visibility technologies & products
14
$19B
2013 GAAP revenues [USD] of Danaher – Arbor’s parent company providing deep financial backing
4
DDoS Threat Landscape
5
DDoS Attacks: A Major Problem Getting Worse
DDoS attacks continue to increase in size, frequency and complexity.
Arbor Networks 10th Annual Worldwide Infrastructure Security Report
Ø NTP, DNS & SSDP reflection/amplification attacks are common. § Over 300Gbps in size. § 93 NTP attacks over
100Gbps and 5 over 200Gbps.
Ø Stopping DDoS attacks is becoming a normal part of running business. § 38% see more than 21
attacks/month, up from 25% in 2013
Ø Modern day DDoS attacks are a combination of volumetric and application layer attacks.
ALack Frequency
Source: Arbor Networks, Inc.
0
1-‐10
11-‐20
21-‐50
51-‐100
101-‐500
>500
6
DDoS Attacks: Impact Can Be Severe
Impact: (To You and Your Customers) Ø Availability of network and services. Ø Operational cost to mitigate attack. Ø Lost revenue and profitability. Ø Unwanted media attention and tarnished
brand/reputation. Ø Fees/Fines.
Legit Traffic
Your Customers
The Internet
Botnet
DDoS Traffic
Your Network
Impact Impact
Arbor Networks 10th Annual Worldwide Infrastructure Security Report
How much will downtime cost your business?
7
Pervasive Network Visibility View traffic across entire networks: • Backbone • Peering/Transit edge • Cloud/Datacenter • Mobile network • Customer
Threat Protection Detect and mitigate DDoS attacks & cyber threats before they impact services.
Service Enablement Monetize network infrastructure and technologies for revenue generating services & competitive differentiation.
Peakflow SP / TMS
8
Two Best of Breeds Combine For DDoS Protection
#1 in DDoS Attack Protection
Products
#1 in Network Infrastructure
Products
Industries Most Comprehensive
DDoS Attack Protection Solution
9
Network Embedded, Virtual DDoS Protection
Arbor Peakflow Threat Management
System (TMS)
ASR 9000 with Virtual Services Module (VSM) Up to 40 Gbps Mitigation per VSM
Cisco ASR 9000 vDDoS
Protection “Powered By Arbor
Networks”
vDDoS ProtecAon
10
Backbone Provider B
Provider A
Cisco/Arbor’s Comprehensive DDoS Protection Solution Peering/Transit
Edge
Peakflow Console
Data Center/ Customer Edge
Scrubbing Center
Provider C
TMS 4000
Data Center
Customer
Ø A single, Arbor Peakflow console used for Netflow analysis, DDoS attack detection (in as little as 1 second), alerting and reporting.
Ø Cisco vDDoS Protection embedded in Cisco ASR 9000 routers distributed in dedicated peering edge, data centers, customer edge, etc. (40 Gbps mitigation per VSM)
Ø Arbor TMS 4000 appliance in
regional scrubbing centers or where ASR 9000 does not exist. (40 Gbps mitigation per TMS4000)
DDoS Traffic Legit Traffic
Benefits: Ø Infrastructure & Service Protection: Comprehensive (up to 4 Tbps system wide), DDoS
protection solution that can stop DDoS attacks in multiple network locations. Ø Service Enablement: Increase revenue via new managed DDoS Protection Services.
ASR 9000 vDDoS
ProtecAon
ASR 9000 vDDoS
ProtecAon
Peakflow SP NetFlow Collector
1
1
2
2
3 3
11
Overview & Goals
• Arbor Peakflow TMS available on the Virtualized Services Module March 2015 – VSM Blade available for Cisco’s
ASR9000 Router Series
• Sold by Cisco with support by Arbor Networks – New ISP’s & Enterprises – Expansion within Existing Accounts – Cisco SKU, Support by Cisco / Cisco
partner – Backend Cisco to Arbor support in
place
• Up to 40Gbps throughput on a single blade
12
Virtualized Services Module (VSM)
• Replacement for the Integrated Services Module (ISM)
• Supported ASR’s can have one or more blades – Each blade can run one or
more virtualized services • Incl multiple TMS’
• Currently supported services: – Wireless Security Gateway – IPSec – Carrier Grade NAT
Virtualized Services Module (VSM) Launched February 2014
Supported Routers
ASR 9904 ASR 9006 ASR 9010 ASR 9912 ASR 9922
Processing 40 physical CPU cores
Memory 128G
Front-panel Ports
Four 10 Gigabit Ethernet SFP+ module
Management Port(s)
1
Backplane Connectivity
120Gbps
13
Deployment Scenarios
ASR within ISP • ASR at customer edge
– Scrub traffic for one/multiple customer(s) • ASR located at network (upstream)
edge – VSM/TMS protecting customer(s)
• Scrub traffic going to downstream customers – VSM/TMS preserving core bandwidth
• Scrub traffic entering ISP (regardless of target)
• ASR located at data center edge – VSM/TMS protecting ISP Data / Hosting
center • Scrub traffic going to data center
ASR9K + VSM/TMS
Peakflow SP
SP/TMS communication
Clean traffic
Attack traffic
14
Selective Diversion / Re-Injection Inspection on demand
Local Diversion • SP detects attack based on
Netflow from routers – Configures VSM/TMS to divert traffic
• Redirection of traffic to TMS – TMS use BGP to divert traffic
• Clean traffic re-injected to ASR – Sent back from VSM to ASR – Loop avoidance strategy dependent
on ISP – ASR configuration. • VRF, GRE, LSP, PBR etc..
• Counter-Measure Challenge traffic
– Configurable • ASR Located in ISP or Customer • VSM/TMS can handle one/more
customers concurrently ASR9K + VSM/TMS
Peakflow SP
SP/TMS communication
Clean traffic
Attack traffic
15
Selective Diversion / Re-injection Inspection on demand
Long Diversion
• Detection as per Local Diversion • Re-direction of traffic to TMS
– TMS use BGP to divert traffic – LSP long path provisioned by ISP
• LSP used to carry traffic through routers that do not receive the diversion route.
• Good traffic re-injection as per Local Diversion
• Counter-Measure Challenge traffic – Configurable
• ASR Located in ISP or Enterprise • VSM/TMS can handle one/more
customers concurrently • Local and long diversion can be
used concurrently.
ASR9K + VSM/TMS
Peakflow SP
SP/TMS communication
Clean traffic
Attack traffic
16
Always on “nailed up” Permanent diversion
Traffic always inspected • Done via permanent BGP
redirects • Works like local and long
diversion • Can be combined with normal
(on-demand) diversion – For same and/or multiple customers
ASR9K + VSM/TMS
Peakflow SP
SP/TMS communication
Clean traffic
Attack traffic
17
Solution Features: Peakflow SP § Netflow collection & BGP/Peering § Anomaly / DDoS detection § Flex licensing ASR 9000 vDDoS Protection § Out-of-band, stateless mitigation § 40G mitigation modules per VSM § Multiple countermeasures § Updated threat intelligence
(Atlas Intelligence Feed)
Solution Benefits: § Visibility into backbone, peering/transit traffic for more cost effective network design. § Stop DDoS attacks at edge of network before impacting backbone and customers. § Out-of-band mitigation used only when needed and shared across multiple customers.
BACKBONE INTERNET
Transit Peer Edge
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
MOBILE NETWORK
Attack Traffic Legit Traffic
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
CUSTOMER EDGE
Peakflow SP (Core + Edge)
Arbor Cloud
ASR 9000 vDDoS
Protection
Backbone, Peering/Transit Edge
18
ASERT § Dedicated, industry respected, security research team. § Best Practices, Threat Portal
ATLAS § Global threat intelligence § 290+ Providers participating § 120+ Tbps of Internet traffic processed (40% of the Internet’s traffic) § Deep intelligence of DDoS attacks, Botnets, Malware, Hacktivism, etc…
ATLAS Intelligence Feed § “Local” Arbor products automatically armed with latest “global” threat intelligence
Solution Benefits: § Arm your security teams with the latest global threat intelligence. § Reduced time to threat detection and mitigation.
CUSTOMER EDGE
BACKBONE INTERNET
Transit Peer Edge
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
MOBILE NETWORK
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
Arbor Products
SERT
AIF
Security Intelligence
19
Customer Benefits
• Leverage your Cisco ASR 9000 and VSM investment for virtualized DDoS Protection.
• Distribute DDoS protection to edges of network and avoid backhaul to regional scrubbing centers.
• Combine Arbor appliances and Cisco vDDoS for comprehensive DDoS protection.
• Detect and stop DDoS attacks to maintain availability and performance of infrastructure and services.
• Quickly bring new, virtualized DDoS Protection services to market.
Virtualized, Network
Embedded, DDoS Protection
20
Use Cases
• Protect service and network infrastructure from attack – Ensure service availability – Reduce back-hauls costs and risk of network congestion during attack
• Launch MSSP DDoS Protection Services – Leverage investment in infrastructure protection – ‘Sticky’ service. – Provide customers with instant protection from volumetric flood attacks
• Fast flood detection coupled with auto mitigation • Stops attacks in less than 30 secs
• Protect Data-Centre – Magnet for attack activity – Collateral damage if a large attack isn’t quickly dealt with
• Augment existing scrubbing capacity – Deploy addition mitigation capacity at key locations – Address changes in:
• DDoS threat landscape • Customer expectation / requirement
21
Configurations of VSM with TMS
• Dedicated VSM – 40Gbps – One VM image – 4 CPU sockets
• 12*10Gbps ports (2 mgmt, 8 traffic, 2 unused)
• Licensing of throughput capacity – Available for dedicated and shared VSM – Options for 10,20,40Gbps – Upgrades from 10->20, 10->40Gbps etc.
available also.
22
Availability Release 1.0 • Delivered to Cisco: January 12, 2015 • EFT Available now, Commercial release expected March 2015 • HW used for development - ASR 9006, VSM 500 • SW releases:
– ASR: 5.3.0 officially (might also be tested on 5.2.2 or 5.2.3) – KVM 1.7.0 – Windriver 4.3 – TMS 7.0.1 in 64-bit mode for additional memory / pktengine – SP 7.0.1
• TMS per VSM: 1 • Configured for optimized use of HW • 4 CPU sockets, 10*10Gbps ports (2 mgmt, 8 traffic) • VM per VSM: 1 (full board) • VSM-TMS <-> ASR communication: Backplane only • Performance - 40Gbps
Release 1.1 • Q2 2015 • Fully virtual SP / TMS solution • Blacklist offload to ASR • Openflow / OnePK
23
Summary
24
Arbor’s Solution for Service Providers
“We see things others can’t”
25
Peakflow Enables True Pervasive Network Visibility and Threat Protection
INTERNET
MOBILE SUBSCRIBERS
& DEVICES
Transit Peer Edge
BACKBONE
DATA CENTER & CLOUD SERVICES
CUSTOMER EDGE
MOBILE NETWORK
BUSINESS CUSTOMERS
BROADBAND SUBSCRIBERS
(Core + Edge)
(Core + Edge)
TMS4000
(Edge)
(Edge)
(Edge)
TMS4000
(Core + Edge)
TMS2300
Greater performance, scalability and flexibility enable less costly, more optimized deployment across entire network.
26
BACKBONE
0
Private Peering Links
Transit Peer Edge
Manage Private Peering / CDN Traffic
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
CUSTOMER EDGE
MOBILE NETWORKS
Attack Traffic Legit Traffic
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
§ Use SP to monitor BGP & traffic over private peering links
§ SP transit reports tell you where and how CDN and Content traffic is being delivered from private peering links
§ Ensure locality of content delivery § Know when CDN providers are gaming
traffic distribution to use your network for free transit
(Core + Edge)
§ Monitor for private peering policy compliance
§ Detect and block DDoS attacks being proxied through CDNs or sent from compromised CDN servers
ASR 9000 vDDoS
Protection
27
Solu.on Features: Peakflow SP § Visibility § Flex Edge Licenses § Anomaly / compromised customer / customer –customer DDoS detecAon
Cisco ASR 9K VSM module § Out-‐of-‐band, surgical miAgaAon of network and applicaAon layer aaacks § Scalable miAgaAon opAons:
VSM: 40Gbps modules/chassis REST API : Support miAgaAon capacity up-‐to
terabytes Flowspec : Support open standard BGP filter distribuAon into Cisco VirtualizaAon technology, up to Terabytes capacity. § Updated threat intelligence (Atlas Intelligence Feed)
BACKBONE
0
INTERNET
Transit Peer Edge
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
MOBILE NETWORK
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
CUSTOMER EDGE
(Edge)
(Edge)
(Edge)
TMS2300
(Core )
Legit
Volumetric Application
Solution Benefits: § Cost effecAve visibility into East -‐West traffic flow enables more intelligent network design. § Ability to stop mulA-‐vector and customer-‐customer aaacks, without backhauling over backbone. § ProtecAon of BRAS and other customer edge devices /services.
ASR 9000 vDDoS
ProtecAon
Arbor’s Solution: Customer Edge
28
BACKBONE
0
INTERNET
Transit Peer Edge
Edge Use Case: Customer Accounting
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
CUSTOMER EDGE
MOBILE NETWORKS
Legit Traffic
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
§ Accurately measure per-customer traffic for service billing and SLA verification
§ Generate reports for customers to show their traffic utilization over time
§ Can use Transit reports to do distance-based billing for customer traffic – charge your customers more for traffic you have to carry to distant POPs and peers!
Volumetric Attack Application Attack
( Edge)
(Edge)
(Core + Edge)
29
BACKBONE
0
INTERNET
Transit Peer Edge
Edge Use Case: Infrastructure Monitoring
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
CUSTOMER EDGE
MOBILE NETWORKS
Legit Traffic
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
§ Edge infrastructure is often sensitive to traffic spikes
§ Customers are deploying SP to monitor DSLAM and other sensitive infrastructure
§ Detect spikes and outages quickly, understand why services are down and how to fix them
§ Improve overall service quality and reduce support costs, especially for broadband customers
Volumetric Attack Application Attack
( Edge)
(Edge)
(Core + Edge)
30
BACKBONE
0
INTERNET
Transit Peer Edge
Edge Use Case: Network Planning
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
CUSTOMER EDGE
MOBILE NETWORKS
Legit Traffic
BROADBAND SUBSCRIBERS
BUSINESS CUSTOMERS
§ Understand how customer traffic impacts your enAre network
§ Ensure efficient rouAng of customer traffic to other customers, data centers, and peering links
§ Understand traffic growth to anAcipate capacity increases before network congesAon starts
Volumetric Attack Application Attack
( Edge)
(Edge)
(Core + Edge)
31
Solution Features: Pravail APS § Customer Premises Protection from application layer attacks § Cloud Signaling (“Call for Help” to TMS for Volumetric attack) Peakflow SP & TMS § In-Cloud Protection from Volumetric DDoS attacks § Support for multi-tenancy, API, customized user portal
Solution Benefits: § Revenue from new comprehensive DDoS Protection Service. (In-Cloud and on-Premise) § Competitive differentiation.
Legit
Volumetric Application
BACKBONE INTERNET
Transit Peer Edge
MOBILE SUBSCRIBERS & DEVICES
DATA CENTER & CLOUD SERVICES
CUSTOMER Premises
MOBILE NETWORK
TMS
Pravail APS
Cloud Signal
(User) (Core + Edge)
(Edge)
Managed Security Services