Protection of high-speed networks and successful mitigation of DDoS attacks, are the key external challenges faced by today’s ISPs and backbone operators. If a DDoS attack is successful, then the internet pipes are chocked off causing bandwidth starvation leading to service degradation and eventually, service disruption for the enterprise customers. This is unacceptable for service providers. Flowmon DDoS Defender together with F5® BIG-IP® Advanced Firewall Manager™ (AFM) can detect such volumetric DDoS attacks and help with subsequent mitigation.
With the integration, Flowmon DDoS Defender provides the option to select F5 BIG-IP mitigation solution option in dropdown menu. Flowmon then automatically redirects traffic via BGP and configures F5 device: virtual server (network segment under the attack) and DDoS profile (set of rules and thresholds how to mitigate the attack). Initial configuration is done based on attack baselines, volume and the signature created by Flowmon DDoS Defender. F5 then takes over the traffic and provides further analysis for precise cleaning.
Use Case Description
Flowmon DDoS Defender detects an attack in specific protected segment.
Flowmon DDoS Defender extracts the attack signature to mitigate the attack.
Based on the signature Flowmon DDoS Defender creates “Virtual server” and “DDoS Profile” on F5 DDoS Solution.
DDoS Defender diverts traffic to F5 BIG-IP AFM using existing mechanisms of PBR or BGP.
F5 DDoS Solution mitigates the DDoS attack.
When the attack is over F5 BIG-IP AFM Flowmon DDoS Defender that the attack is over.
Flowmon changes the routing back to normal and cleans the configuration on F5 BIG-IP device.
Compared to only in-line deployment of attack mitigation tools this approach provides higher scalability and significant cost efficiency especially for large networks with multiple peering partners and bandwidth of tens of gigabits per second. In-line deployment of DDoS mitigation appliances is irreplaceable for the protection of so called last mile to detect sophisticated attacks focused on application layer that do not expose themselves to high volume of network traffic.
The integrated multi-layered DDoS protection by F5 and Flowmon Networks benefit from combined approach. Out-of-band mitigation for volumetric attacks with in-line deployments is the most efficient method how to protect network infrastructure from DDoS attacks and ensure high quality and availability of network services.
F5 DDoS solutions are also available in standalone ‘F5 Herculon Hybrid Defender’ appliances and as part of F5 BIG-IP AFM product. More information on F5 DDoS solution is available here.
More information
- Implementation Guide is available at Flowmon Support Portal.
- F5 DevCentral Technical Blog article describing joint solution configuration.