Flood Defender Example w/ Automatic Blackhole (optional)

Scenario:

- SPA engine to protect company ABC LTD from Volumetric DDoS attack.
- SPA engine has been installed on ISP with 100Gbits internation bandwidth.
- Company ABC LTD is connected to the internet using a DSL connection with max capacity of 20Mbits.
- SPA engine's purpose is to block an attack coming from International links (abroad) targeting company ADC LTD. The local connections (within the country) should NOT be affected.
 

Configuration:

- Max allowed pkts/s : 4000
- Flood Defender protection enabled. Max connections : 40 per second
- Automatic Blackhole enabled. Delay : 30 seconds
 

Expected Result:

- SPA engine to detect and stop the attack in 2 stages.
  > Stage 1 : the Flood Defender mechanism will slow down the attack by allowing only 40 active connections per second.
  > Stage 2 : If the attack continues for more than 30 seconds the 'Automatic Blackhole' mechanism will activated and blocks all inbound traffic from abroard.
 

Traffic Flow

Traffic Flow (from abroad):
International Link ----> Main ISP Router  ---> SPA Engine ---> ISP Router for Company ABC LTD ---> DSL (20Mbits) Line --> Company ABC LTD
 
Traffic Flow (from other ISPs within the country):
ISPs --> ISP Router for Company ABC LTD
 
At the end of the attack the Blackhole will be automatically removed.

 

Video TimeLine
0:00 --> 0:09 - NORMAL 0:10 --> 0:43  - START OF ATTACK 0:45 --> 1:13 - SYSTEM IN BLACKHOLE  1:13 --> - BACK TO NORMAL
FLOOD DEFENDER: Monitoring Traffic FLOOD DEFENDER : Defending Mode FLOOD DEFENDER : Defending Mode FLOOD DEFENDER : Monitoring Traffic
BLACKHOLE : Idle BLACKHOLE : Waiting & Analyzing (30 secs delay) BLACKHOLE : Activated BLACKHOLE : Cancelled, Idle

 

 

Flood Defender Example w/ Automatic Blackhole (optional)

Scenario:

- SPA engine to protect company ABC LTD from Volumetric DDoS attack.
- SPA engine has been installed on ISP with 100Gbits internation bandwidth.
- Company ABC LTD is connected to the internet using a DSL connection with max capacity of 20Mbits.
- SPA engine's purpose is to block an attack coming from International links (abroad) targeting company ADC LTD. The local connections (within the country) should NOT be affected.
 

Configuration:

- Max allowed pkts/s : 4000
- Flood Defender protection enabled. Max connections : 40 per second
- Automatic Blackhole enabled. Delay : 30 seconds
 

Expected Result:

- SPA engine to detect and stop the attack in 2 stages.
  > Stage 1 : the Flood Defender mechanism will slow down the attack by allowing only 40 active connections per second.
  > Stage 2 : If the attack continues for more than 30 seconds the 'Automatic Blackhole' mechanism will activated and blocks all inbound traffic from abroard.

Traffic Flow

Traffic Flow (from abroad):
International Link ----> Main ISP Router  ---> SPA Engine ---> ISP Router for Company ABC LTD ---> DSL (20Mbits) Line --> Company ABC LTD
 
Traffic Flow (from other ISPs within the country):
ISPs --> ISP Router for Company ABC LTD
 
At the end of the attack the Blackhole will be automatically removed.
Video TimeLine
0:00 --> 0:09 - NORMAL 0:10 --> 0:43  - START OF ATTACK 0:45 --> 1:13 - SYSTEM IN BLACKHOLE  1:13 --> - BACK TO NORMAL
FLOOD DEFENDER: Monitoring Traffic FLOOD DEFENDER : Defending Mode FLOOD DEFENDER : Defending Mode FLOOD DEFENDER : Monitoring Traffic
BLACKHOLE : Idle BLACKHOLE : Waiting & Analyzing (30 secs delay) BLACKHOLE : Activated BLACKHOLE : Cancelled, Idle
Powered by DigiSpace Platform 4.9-1