Forum Discussion
Wasfi_Bounni
Cirrocumulus
CirrocumulusCan DDOS Hybrid Defender be used with Akamai cloud?
Can DDOS Hybrid Defender be used with Akamai cloud? In the same way it can be used with the Silverline Cloud? I mean I want the Hybrid Defender on the BIG-IP to do the signalling to Akamai? is this possible?
Kindly
Wasfi
> Ok. In this case, if the protection is only "volumetric" based on a bandwidth-based threshold, and if this is the only protection needed, I guess the BIG-IP with Hybrid defender does not need to decrypt any traffic, right?
If it is just Volumetric protection, then yes. But the DHD can do layer 7 traffic analysis as well, if encrypted traffic terminates on the DHD.
> Hybrid defender on the BIG-IP signals the maximum threshold to the BGP router or to Silverline and that's it I am guessing?
No - For BGP signalling, Hybrid Defender identifies the attacking IPs, and uses BGP to publish a blackhole route for the attacking /32 (or larger subnet). Basically the volumetric attack is then dropped at the upstream router (preferably prior to any congested links). This relies on the upstream router trusting the BGP advertisements from the DHD, and being able to accept /32 subnet routes (some routers don't, or may not have table-space for a large number of /32 routes).
Silverline signalling is completely different and more complex - when the threshold is reached, Silverline makes a combination of BGP routing updates and/or Global DNS updates which are used to rapidly direct all the traffic targeted at the DHD directly to the Silverline scrubbing center, and only scrubbed traffic is sent from Silverline back to the DHD.
Simon_BlakelyEmployee
Does Akamai support BGP scrubbing via BGP blackhole route advertisement?
As detailed in
- Configuring network bandwidth and scrubbing
- You can configure general network protections, such as maximum bandwidth and scrubbing details, for all traffic on DDoS Hybrid Defender. When the maximum bandwidth and scrubbing thresholds are reached, you can configure the system so that traffic is scrubbed by sending it to a BGP router or, if you have an account, to Silverline.
Wasfi_BounniThank you for your answer.
Ok. In this case, if the protection is only "volumetric" based on a bandwidth-based threshold, and if this is the only protection needed, I guess the BIG-IP with Hybrid defender does not need to decrypt any traffic, right?
Hybrid defender on the BIG-IP signals the maximum threshold to the BGP router or to Silverline and that's it I am guessing?
Kindly
Wasfi
- Simon_Blakely
> Ok. In this case, if the protection is only "volumetric" based on a bandwidth-based threshold, and if this is the only protection needed, I guess the BIG-IP with Hybrid defender does not need to decrypt any traffic, right?
If it is just Volumetric protection, then yes. But the DHD can do layer 7 traffic analysis as well, if encrypted traffic terminates on the DHD.
> Hybrid defender on the BIG-IP signals the maximum threshold to the BGP router or to Silverline and that's it I am guessing?
No - For BGP signalling, Hybrid Defender identifies the attacking IPs, and uses BGP to publish a blackhole route for the attacking /32 (or larger subnet). Basically the volumetric attack is then dropped at the upstream router (preferably prior to any congested links). This relies on the upstream router trusting the BGP advertisements from the DHD, and being able to accept /32 subnet routes (some routers don't, or may not have table-space for a large number of /32 routes).
Silverline signalling is completely different and more complex - when the threshold is reached, Silverline makes a combination of BGP routing updates and/or Global DNS updates which are used to rapidly direct all the traffic targeted at the DHD directly to the Silverline scrubbing center, and only scrubbed traffic is sent from Silverline back to the DHD.
- Wasfi_Bounni
Perfect. Thank you.