DDoS test Cisco anti-DDoS attack system

Source: Internet
Author: User

DDoS (Distributed denial of service) attack is a simple and fatal network attack using TCP/IP protocol vulnerability, because the TCP/IP protocol is unable to modify the session mechanism, so it lacks a direct and effective defense method. A large number of examples prove that the use of traditional equipment passive defense is basically futile, and the existing firewall equipment will be paralyzed due to limited processing capacity, become a network operation bottleneck. In addition, the target host is bound to be paralyzed during the attack.

China has more and more websites (Discuz, IM286, etc.) in the Strokes of the Lok Ma, so the newspaper reviewers, in collaboration with the local XX telecom operators in Chongqing, the establishment of the Internet Exchange Center (IXC), Cisco Riverhead Anti-DDoS attack system was tested ( At present, the system has only two sets of testing equipment in China. Provide you with a professional solution.

I. BACKGROUND information

The Cisco anti-DDoS attack solution used in this test was Cisco's acquisition and integration of products called Riverhead, which made a very important innovation in dealing with DDoS, and presented the concept of "guidance" and the two key defenses against DDoS attacks: anti-deception defense lines and statistical analysis lines.

The system is composed of intelligent DDoS protection system detector detector and protective device guard. In foreign telecom operators, portals, online gaming companies and online payment companies are widely used, its end users include the world's 5 major application software manufacturers, media companies and financial enterprises, At&t, Sprint, Rackspace, DataPipe and other ISPs are their customers.

This test, we will be XX telecom operators existing network structure and environment for example. As the customer of XX telecom operators to the network security, reliability and other indicators requirements, and network application types are also diverse, so, how to optimize the existing network scheme and improve the Internet Data Center (IDC) on the current popular DDoS attack defense capabilities, To become an IDC need to focus on the subject, the IDC topology structure as shown in Figure 1.

Figure 1

Ii. Principle of the scheme

To address these needs, Cisco Systems recommend DDoS defense based on guard and detector as the world's largest and strongest company in network security, as shown in Figure 2.

Figure 2



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.