Forum Discussion
Can DDOS Hybrid Defender be used with Akamai cloud?
- Dec 12, 2019
> Ok. In this case, if the protection is only "volumetric" based on a bandwidth-based threshold, and if this is the only protection needed, I guess the BIG-IP with Hybrid defender does not need to decrypt any traffic, right?
If it is just Volumetric protection, then yes. But the DHD can do layer 7 traffic analysis as well, if encrypted traffic terminates on the DHD.
> Hybrid defender on the BIG-IP signals the maximum threshold to the BGP router or to Silverline and that's it I am guessing?
No - For BGP signalling, Hybrid Defender identifies the attacking IPs, and uses BGP to publish a blackhole route for the attacking /32 (or larger subnet). Basically the volumetric attack is then dropped at the upstream router (preferably prior to any congested links). This relies on the upstream router trusting the BGP advertisements from the DHD, and being able to accept /32 subnet routes (some routers don't, or may not have table-space for a large number of /32 routes).
Silverline signalling is completely different and more complex - when the threshold is reached, Silverline makes a combination of BGP routing updates and/or Global DNS updates which are used to rapidly direct all the traffic targeted at the DHD directly to the Silverline scrubbing center, and only scrubbed traffic is sent from Silverline back to the DHD.
Perfect. Thank you.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com