Arbor APS STT - Unit 09 - Cloud Signaling - 25jan2018

Partner Technical Training
Engaging Cloud-based Mitigation via Cloud Signaling
Partner • Sales • Engineering

APS
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Release 5.12
Objectives
In this unit we will explore:
• Cloud-based mitigation and Cloud Signaling
• How APS Communicates with Cloud Signaling Services
• How to Configure Cloud Signaling
• Automatic Targeted Prefix Cloud Signaling
• Manual Targeted Prefix Cloud Signaling
• How to Understand the Cloud Signaling Widget
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2

SCENARIO:
A VOLUMETRIC ATTACK

Issue & Context
• A few weeks later another attack happens but this time it is a traffic flood
that is overwhelming the upstream link
• This makes the site to appear to be down from the perspective of a client
located anywhere in the Internet
• We crank up the protection level to high and Arbor APS still cannot mitigate
it, indicating it could be a L3/L4 volumetric attack

Issue: Volumetric Attack
• Arbor APS sees blocked traffic but the uplink is saturated and too many
packets are lost, breaking communications
DATA
ISP 1 CENTER
ISP
ISP 2
SATURATION
IPS
Firewall
Load
Balancer
Target
Arbor APS Applications
ISP ‘n’ Attack Traffic & Services
Good Traffic

Solution: Investigate & Mitigate Attack
• We confirmed that the issue is a UDP flood towards one of the servers, creating congestion
on the Data Center link
• Arbor APS reporting provides detailed information that allows the customer to reach out
to their ISP and request that they block UDP traffic to that IP
• The ISP is able to somehow GOOD
block the traffic from reaching ISP On-Premise
the datacenter and service is (Arbor APS)
reestablished.
• Still, it took them two hours
ISP / VERY GOOD
to mitigate the attack MSSP On-Premise + Cloud-based
(Arbor APS + Arbor SP / TMS)
BEST
ISP / On-Premise + Cloud-based
MSSP
& Cloud Signaling
(Arbor APS + Arbor Cloud)

Solution: Multi-Layered DDoS Defense
SCRUBBING CENTER Cloud-based
DDoS Protection
ISP 1
DATA
Cloud CENTER
Signaling
ISP 2 ISP
IPS
Firewall
Load
Balancer
Target
Arbor APS Applications
ISP ‘n’ & Services
On-premise
DDoS Protection

Arbor APS & Cloud Signaling Can Help
• While the attack was mitigated, it took several steps and a long time:
• Using the visibility provided by Arbor APS the customer determined
the characteristics of the attack
• Customer called the ISP’s help desk and reported the issue
• ISP’s support team researched their perspective of the issue to determine
traffic characteristics associated with the attack
• ISP mitigated the attack
• By identifying the increase in traffic before it reaches a certain threshold
(and traffic impact), Arbor APS can signal the attack to the ISP’s NOC /
SOC directly, allowing for a much faster reaction time, avoiding or
significantly reducing downtime to the site

CLOUD-BASED MITIGATION
& CLOUD SIGNALING

Cloud Signaling Accelerates Mitigation
Gain full protection from
a single console by Subscriber Network Subscriber Network
signaling to the cloud

Internet Service
Utilize Cloud Signaling Arbor SP /
Provider
TMS-based
Coalition or Arbor Cloud DDoS Service
for volumetric DDoS

SATURATION
protection 1. Service Operating Normally
• Immediate protection 2. Attack Begins & Initially

Arbor APS
Blocked by Arbor APS

with seamless handoff
Data Center Network

Firewall / IPS / WAF
3. Attack Grows Exceeding
to a Cloud-based DDoS Cloud Signaling Status
Bandwidth
Mitigation service 4. Cloud Signal Launched
Public Facing Servers

5. Service Reestablished!

Types of Cloud Signaling (1 of 3)
• Cloud Signaling is the process of requesting and receiving cloud-based
mitigation of volumetric DDoS attacks by an upstream provider.
• APS can send requests for the following types of cloud mitigations:
• Global – sends mitigation request for all IPv4 prefixes on the network
• Targeted Prefix – sends mitigation request for those targeted prefixes
which are configured
• Group – sends mitigation request for those IPv4 Protection Groups that
are configured

• Global Mitigation
• Global – sends mitigation request for all IPv4 prefixes on the network
• Request is sent when traffic on the appliance exceeds a global threshold
for a specified amount of time.
• Request can be sent manually via the Cloud Signaling widget
• Targeted Prefix
• Mitigation for targeted prefixes can be configured and requested if supported
by the mitigation provider
• Request is sent when traffic exceeds the configured global threshold and
if at least 1 IPv4 prefix exceeds a targeted destination threshold
• Also can include prefixes that you add manually

• Group Mitigation
• Request is sent for specific IPv4 Protection Groups
• Must be supported by mitigation provider
• APS does support simultaneous mitigation for >1 Group
• Requested manually via the group’s Cloud Signaling widget

GRE Tunneling & Cloud Signaling
• APS can serve as a GRE Tunnel endpoint
• May be requested by the Cloud-based service provider
• APS provides a destination for cleaned traffic that the provider routes back
to the network
• Assumes that the traffic received is cleaned and does NOT re-inspect the traffic
Internet & Cloud

Service Provider
Cloud Signal
Total Traffic
Protected
ISP Network
GRE
Tunnel
APS

HOW APS COMMUNICATES
WITH CLOUD SIGNALING
SERVICES

Cloud Signaling Design
• Arbor APS can signal to a single Arbor SP deployment at a time
• Could be an upstream ISP or cloud-based MSSP
• Cloud Signaling Server Redundancy allows the configuration of up
to 5 Servers (all at the same ISP or MSSP)
• Multiple Arbor APS are required for multiple cloud signaling providers
• SP operator can associate multiple Arbor APS appliances
with a customer Managed Object

Cloud Signaling Operation Models
Public Local
ISP
Arbor APS • Ratio of Arbor APS to
Cloud Signaling Provider
• 1:1
Users
• N:1
• Arbor APS does not support
Public Local
more than one Cloud Signaling
Provider at the same time
ISP
• With Multiple Cloud Signaling
Users
Providers
• Each must have it’s
Public Local
ISP own Arbor APS
“A”
ISP
Users
“B”

Cloud Signaling Protocol Overview (1 of 3)
• Handshake
• Arbor APS establishes the connection to each configured Arbor SP server in the Cloud
• Negotiates heartbeat parameters
• Determines if group mitigation is supported
• Heartbeat
• Asynchronous UDP
• Arbor APS sends message every minute to each configured Arbor SP
• Signals whether cloud mitigation is wanted
• Each configured Arbor SP sends message every minute to Arbor APS
• Signals mitigation state and mitigation statistics
• Prefix Update
• If cloud service provider supports group-level or targeted prefix mitigation, APS sends
a list of the protected prefixes to each configured Cloud Signaling Server

• Blacklist / Whitelist sharing during Cloud Signaling
• Global Inbound Black / Whitelist items from APS can be shared with
your cloud mitigation service provider for use during cloud mitigations
• SP must be at least version 8.2
• Blacklist / Whitelist are synced using Handshake
communications when:
• Connecting to a new SP deployment
• Cloud-Signaling configuration settings are changed
• Every 12 hours (per normal handshake protocol key exchange)
• The Global Black / Whitelist is changed

• Blacklist / Whitelist sharing during Cloud Signaling
• Not Supported
• More than 1,000 URL in blacklist
• If more than 1,000 URL’s are configured, APS arbitrarily selects 1,000 URL’s to send
• IPv6 Hosts
• Items not assigned to All Protection Groups
• Domains on the inbound blacklist
• Other Regions under Blacklisted Countries

Handshake – General Principles
• Handshake connects Arbor APS to Arbor SP
• Uses standard TCP port 443 and emulates HTTPS to make firewalls happy
• Use of IPv6 transport not supported
• Authenticates via Arbor APS ID and password
• Repeated every 12 hours
• Can use HTTPS Proxy
• Arbor APS always connects to SP
• SP never initiates a connection to Arbor APS
• Always an upstream connection
• Handshake operates in three modes
• Test connection
• Disconnect
• Normal connect
Heartbeat – General Principles
• Uses UDP
• Avoid TCP congestion control
• Avoid TCP handshake delays in saturated networks
• Uses IANA-registered UDP port number 7550
• “cloudsignal” appears as port name in current packet analyzer software
• Use of IPv6 transport not supported
• Not a request-response protocol
• Each side proceeds independently
• Allows Arbor APS to signal upstream while flooded downstream
• Encrypted and authenticated
• Contains replay checks

Heartbeat – Arbor APS to SP
• Arbor APS sends a heartbeat to SP once every minute
• Multiple copies are sent
• Contains flag to request mitigation (yes/no)
• Mitigation request can be triggered by bps level
• Mitigation request can be triggered manually
• Contains a list of Protection Groups or IPv4 prefixes that request
mitigation (if applicable)

Heartbeat – Arbor SP to Arbor APS
• Arbor SP sends a heartbeat to APS every minute
• Contains a flag to indicate whether a mitigation is running for the customer
• List of the protection groups or IPv4 prefixes included in the cloud
mitigation, if applicable
• Mitigation could have been started by
• Arbor APS request
• A manual mitigation created by SP operator
• A traffic triggered auto-mitigation
• …
• Contains dropped bps and pps of any running mitigation(s)

Heartbeat - Cloud Signaling Redundancy
• Arbor APS sends three identical UDP heartbeats per minute to each
configured Cloud Signaling Server
• Arbor APS will send twelve heartbeats each minute if four Cloud Signaling
Servers are configured
• Arbor SP Managers respond with three identical UDP heartbeats to Arbor APS
• Arbor SP Leader uses the first legitimate heartbeat received via any Manager
• Arbor APS sends mitigation requests to and accepts mitigation statistics
from the Manager from which the first legitimate heartbeat is received
• There is no way to specify the Arbor SP Manager to be used
• All other heartbeats are de-duplicated by Arbor APS

Prefix Update – General Principle
• If your cloud service provider supports protection group-level or IPv4
protected prefix mitigation, APS sends a list of the protected host prefixes
to the Cloud Signaling Server
• Uses HTTPS
• Contains a list of the protected host prefixes that are associated with each
of your protection groups
• The prefix update is initiated in the following instances:
• When the initial connection handshake determines that your cloud service
provider supports protection group-level mitigation
• When a protection group is added or deleted, or a protection group’s prefix
list is updated

Alerts & Status
Cloud Signaling alerts are
generated if there is a
mismatch between APS
Protection Group and Service
Provider server Managed
Object definitions.
Cloud Signaling status shows

• Current status of the connection
• Length of time between last
communication with the server
• Status of global cloud mitigation

Arbor APS Cloud Mitigation Requests
• Mitigation requests are sent using Heartbeat messages
• Arbor APS makes the same mitigation request for Manual or Automatic
mitigations
• Arbor APS keeps separate state internally for Manual and Automatic
mitigation requests
• Arbor APS sends a mitigation request if either is active

Automatic Mitigation Hold-Down Timers
• Automatic Cloud Signaling Thresholds have delay timers for both start and
stop of mitigations
• Prevents upstream mitigation from occurring because of spurious traffic spike
• Prevents upstream mitigation from halting due to temporary pause in attack
• Prevents cycling of mitigation state when traffic levels fluctuate rapidly
• Automatic start delay timer is configurable from 5 seconds to 10 minutes
• Automatic stop delay timer is 10 minutes
• Uses 1 minute traffic data averaged over the Time Interval setting
Note: Mitigation requests will be sent with the next Cloud Heartbeat
which occur once per minute.

Arbor APS Cloud Mitigation Start Request
• Arbor APS automatically requests cloud signaling mitigation if Cloud

Signaling is enabled and if one of the following it true:
• Total incoming traffic has exceeded the global bps or pps threshold for the
configured Time Interval or longer
• Arbor APS also requests cloud mitigation if a manual mitigation is requested
• A protected prefix is added via the Active Cloud Signaling page
• Someone clicks the Cloud signaling “Activate” button
• On the “Summary” page
• On the “Administration > Cloud Signaling” page
• On the “View Protection Group” page

Arbor APS Cloud Mitigation Stop Request
• Arbor APS stops an existing automatic cloud mitigation if either
• Automatic Cloud Signaling Threshold is changed to disabled
• Total of incoming traffic over external interfaces and mitigated at SP/TMS has
not exceeded the threshold for 10 minutes or longer
• Sequential 1 minute measurements
• Arbor APS stops a manual mitigation if someone clicks a Cloud widget
“Deactivate” button
• On the “Summary” page
• On the “Administration > Cloud Signaling”
• On the “View Protection Group” page
• The “Deactivate” button does not need to be in the same page location as the
“Activate” button that started the mitigation

Arbor APS Cloud Mitigation Stop Request
• Arbor APS stops sending a Cloud Signaling mitigation request only if both
automatic and manual mitigations are not active
• All “Deactivate” buttons disappear during automatic mitigations
• “Deactivate” buttons stop only manual mitigations
• Automatic Threshold state and traffic level monitoring do not affect manual
mitigations
• If all protected prefixes are removed from the Active Cloud Signaling page

Cloud Signaling - Summary
• Cloud Signaling consists of two protocols:
• Handshake over TCP/443
• Heartbeat over UDP/7550
• It may be necessary to configure a static NAT, at the network edge, to associate
udp/7550 and the APS mgt interface (being used for Cloud Signaling)
to an available external ip address
• To configure Cloud Signaling, Arbor APS administrator needs to obtain
from their Cloud-based Mitigation Provider,
• Cloud Mitigation server IP address (or hostname)
• Arbor APS ID
• Cloud Signaling password

CONFIGURING
CLOUD-SIGNALING

Administration > Cloud Signaling

Configuring Cloud Signaling

Configuring Cloud Signaling
Enter server info sent by

Cloud Signaling Provider

Cloud Signaling Server Redundancy (1 of 2)
Enter server info sent by Cloud

Signaling Provider
Configure up to 5 Cloud Signaling Servers

• Redundant Cloud Signaling Servers must
be hosted by a single cloud service
provider running, at least, Arbor v7.0.3
• Cloud Signaling will function if at least one
configured Cloud Signaling Server is
reachable

Cloud Signaling Server Redundancy (2 of 2)
As one Server is added, the next set of

fields appears – up to a maximum of 5
All Servers use the

same Arbor ID &
Password
Hovering over an alert icon

will display the alert

Using Arbor Cloud?
Check if the Arbor Cloud
DDoS Protection service
is being used.
• This will provide an option
to enable automatic
whitelisting of proxy
servers used for the Arbor
Cloud Service DNS-based
traffic redirection

Cloud Signaling Additional Options
URL for a Cloud service provider

management portal. This value will be
used to provide a link on the Tools
menu of the Cloud Signaling widget.
Check box to Share the Inbound
Blacklist and Inbound Whitelist with
the Cloud Signaling provider (Enabled
by Default)

Cloud Signaling – Configuring Thresholds (1 of 2)
Check box to allow APS to request

cloud-based mitigation automatically.
Type a number and select a unit of measure

to specify the rate of traffic that triggers
Cloud Signaling.
• This rate applies to all of the traffic that
passes through the APS on all interfaces.
• Traffic rate ranges from 1 bps to 1 Tbps.
The default rate is 1 Gbps.
• Move the slider to specify the amount of

time over which to average the traffic to
meet the thresholds.
• You can specify an interval from 5 seconds
to 10 minutes.
Cloud Signaling – Configuring Thresholds (2 of 2)
Check box to allow APS to request cloud-

based mitigation for any IPv4 prefixes on
which traffic exceeds one of the specified
thresholds.
Type a number and select a unit of
measure to specify the rate of traffic that
triggers Cloud Signaling for an IPv4
prefix.
• Traffic rate ranges from 1 bps to 1
Tbps. The default rate is 1 Gbps.
• When this happens, APS replaces all
of the prefixes in the Global cloud
mitigation with the targeted prefixes.
Must be enabled in order to use Targeted

Destination Cloud Signaling
Cloud Signaling - Configuring Proxy Server
Note: Heartbeats do not utilize the
proxy server settings and these proxy
settings are separate from the AIF
feed proxy settings
Configure Proxy Settings for

Handshake
• Select this check box to enable
the configuration of proxy settings.
• Type the IP address or the
hostname of the proxy server.
• Type the port number in the box
to the right of the Proxy Server box.
• If necessary, type the user name
and the password required to
access the proxy server.
• Authentication can be selected if
APS is unable to detect it via the
Automatic option.
Testing Cloud Signaling Handshake
Arbor
Testing
• Test starts automatically when
Save button is pressed.
• Test uses TCP SSL handshake
“test” mode

Arbor
Simple error if the connection

does not complete.

Arbor
Time should be same on APS

and Cloud Service server.
• APS will convert local time
with time zone to UTC
• APS prefers the use of NTP

Cloud Signaling Configured
Arbor
Success!
• Cloud mitigation widget
indicates success
• Connection may be retested
at any time

GRE Tunnel Termination Configuration (1/3)
• In order to terminate GRE tunnels, we need to configure a logical IP interface
on a Arbor APS mitigation interface pair.
• This IP will be used as the GRE tunnel endpoint (must be a public IP)
• Note: Currently there

is no support for:
• IPv6 GRE tunnels
• IPv6 traffic encapsulated
inside IPv4 tunnels
GRE endpoint
ext0 int0
Arbor APS
• Configure “GRE Remote IPs" to remote IP addresses of GRE tunnel
ext0 int0
Arbor APS
• Configure static routing table to route traffic after de-encapsulation
ext0 int0
Arbor APS
GRE Tunnel Termination Notes
• GRE traffic is immediately forwarded to Next Hop. It:
• is NOT inspected by protection groups
• is not available to Packet Capture
• is counted only for interfaces and throughput
• GRE over LACP is not supported
• Logical GRE endpoint is bound to a single protection interface pair and cannot
be shared between pairs
• It is recommended to configure at least one post-GRE route of 0.0.0.0/0
• Next-hop for de-encapsulated traffic can be located on any interface pair

TARGETED CLOUD
SIGNALING

Automatic Targeted Cloud Signaling
• APS must exceed the Global Cloud
Signal Threshold before targeted
cloud signaling thresholds are used
• APS starts a targeted cloud mitigation
if one or more IPv4 prefixes exceeds
Example
a targeted destination threshold
Configuration
• Targeted Cloud Signaling Actions
• For a Targeted Cloud
mitigation, APS replaces all prefixes
in the global cloud mitigation with the
targeted IPv4 prefixes

Auto. Targeted Cloud Signaling Workflow
(1 of 5)
• APS detects a large SYN flood attack at 80Mbps,
which is nearly the data center’s capacity
• The attack continues for the
configured 5 minute interval
• One IPv4 prefix (100.0.0.20/32)
is receiving 45Mbps of traffic,
which exceeds the 25Mbps
targeted destination threshold
• APS takes no action on these
prefixes because a global Cloud
Signaling threshold has not been
exceeded

(2 of 5)
• Total traffic increases to 100Mbps which exceeds the global threshold
• APS takes the following actions:
• Sends a targeted Cloud Signaling
request to the Cloud Signaling
server for prefix 100.0.0.20/32
• Adds the prefix to the list on
the Active Cloud Signaling
Requests page
• The Cloud Signaling server starts
the mitigation for the prefix and APS
creates a change log entry

(3 of 5)
• Summary
Page View

(4 of 5)
• Active Cloud
Signaling
Requests Page
Targeted Duration of Rate Automatic

Host(s) cloud-based which mitigations
mitigation triggered cannot be
mitigation manually
removed

(5 of 5)
• After the attack traffic rate falls below the 25 Mbps threshold,
the mitigation stops
• APS removes the prefix from the Active Cloud Signaling Requests page
and creates a change log entry

MANUAL TARGETED
CLOUD SIGNALING

Active Cloud Signaling

Manual Configuration of Targeted Prefixes
• If you’ve configured destination traffic thresholds, APS also can add
additional IPv4 prefixes
• This manually configured targeted prefix will be added to the mitigation
request when traffic exceeds the defined threshold

Active Cloud Signaling Requests Page
• Lists all prefixes included in a targeted Cloud Signaling Request
• Global
mitigation may
be in process
• Empty list means

that there are no
active requests

Active Cloud Signaling Request Page Operation
Search for IPs in the list
Click to remove
Add targeted IPs • Prefixes that APS

• Use commas to separate multiple entries. adds automatically
• You can enter one or more prefixes in the will not have this icon
following forms: and will remain active
until the automatic
• IP address, such as 192.0.2.2
mitigation ends
• Use commas to separate multiple entries
• CIDR, such as 192.0.2.0/24
• Host name, such as myserver.mycompany.net

Manual Targeted Prefix Cloud Signaling
• Active Cloud Signaling Requests page displays all prefixes that are included
in a request for targeted Cloud Signaling
Pu l
l Do
wn
Automatic Manual Targeted

Targeted Prefix Prefix

Manual Targeted Cloud Signaling Request
• Results of manually adding a prefix:
Request State Action
No active requests APS sends a targeted prefix
request
Active targeted request APS adds the prefix to the
request
Active global request Global request must be
deactivated before APS can
send a targeted request*
* Note: Arbor recommends that prefixes be added to the Active Cloud Signaling Request page prior
to deactivating a global request.

CLOUD-SIGNALING
WIDGET

Cloud Signaling Widget
• Real-time monitoring of the status of Cloud Signaling
• Widget appears on the Summary page and Configure Cloud Signaling
Settings page
• Special Group Cloud Signaling widget appears on the View Protection
Group Page if the cloud scrubbing provider supports Protection Group-level
mitigation.
Note: Cloud Signaling

is not supported for
IPv6 Protection Groups

Widget Status & Control
6
1. Your Network
2. Communication between
your network and the Cloud
Service Provider
3. The Cloud Signaling Server
4. Status and error information
5. Action button 6
6. Tools Menu

Widget Tools Menu
• Contains the following options only after Cloud Signaling is configured:
• Configure – opens the Configure Cloud Signaling Settings page
• Management Portal – opens the provider’s management portal
• Only appears if a url is specified for the management portal on the Configure Cloud
Signaling Settings page

Cloud Signaling – Deactivation
• When you deactivate an active mitigation request,
only the current request is affected.
• When mitigation is requested manually, you must
stop it manually.
• When a mitigation is requested automatically, it
stops automatically, unless you stop it manually first.
• The Arbor Cloud DDoS Protection service is always
stopped manually, whether the Cloud Signaling was
triggered manually or automatically

Automatic Triggers – SP Activation
• An event occurred in the Cloud
Provider network
• Arbor SP system triggered
a mitigation
• Information about mitigation
is important to Arbor APS
• Traffic statistics calculated into
total traffic seen for Automatic
Cloud Signaling trigger
Mitigation started on SP
without Cloud Signaling

Cloud Mitigation Blocked Traffic Graphs
Clicked on
mini-graph
• Widget mini-graph shows amount of traffic blocked by cloud mitigation

• Click on mini-graph for larger graph in pop-in

Cloud Mitigation Traffic Reported to Arbor APS
Traffic blocked by
cloud mitigation
• Cloud Mitigation reports traffic bps blocked to Arbor APS

• Arbor APS includes bps blocked by Cloud Mitigation in traffic total for
Automatic Cloud Signaling Activation and Deactivation decisions
• If multiple APS’s are deployed that all use the same Cloud Signaling
Server, the widget displays data for all those installations combined

Arbor Cloud DDoS Protection
• Arbor Cloud DDoS Protection service
• Arbor Sold & Supported
• Recommend bundling with Arbor APS or TMS Arbor Cloud Cloud Signaling
• Accepts Cloud-signaling capable Cloud DDoS
service
• Volumetric & Application attacks
• Pricing based on volume of
peace-time (clean) traffic Cloud Portal
available for under-
• Global Cloud Scrubbing Capacity attack reporting Cloud Signaling
• 4 Global Scrubbing Centers

• 100% Arbor mitigation equipment Arbor APS
• BGP or DNS Diversion Options

Enterprise
• SSL decryption option
• Only with DNS Service

Lab Exercise
• Review Lab 6
• Using Cloud Signaling
• Perform Lab 6
• Estimated Time 30 Minutes
• Review Lab Questions
https://portal.training.arbor.net

Unit Summary
In this unit we have learned:
• About Cloud-based mitigation and Cloud Signaling
• How APS Communicates with Cloud Signaling Services
• How to Configure Cloud Signaling
• About Automatic Targeted Prefix Cloud Signaling
• About Manual Targeted Prefix Cloud Signaling
• How to Understand the Cloud Signaling Widget

Q&A / THANK YOU

Arbor APS STT - Unit 09 - Cloud Signaling - 25jan2018

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Arbor APS STT - Unit 09 - Cloud Signaling - 25jan2018

Transféré par

Droits d'auteur :

Formats disponibles

Partner Technical Training

Engaging Cloud-based Mitigation via Cloud Signaling

Partner • Sales • Engineering

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 3

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 4

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 5

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 6

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 7

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 8

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 9

signaling to the cloud

for volumetric DDoS

• Immediate protection 2. Attack Begins & Initially

Blocked by Arbor APS

Data Center Network

Public Facing Servers

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 10

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 11

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 12

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 13

Internet & Cloud

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 14

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 15

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 16

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 17

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 18

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 19

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 20

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 22

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 23

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 24

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 25

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 26

Cloud Signaling status shows

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 27

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 28

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 29

• Arbor APS automatically requests cloud signaling mitigation if Cloud

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 30

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 31

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 32

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 33

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 34

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 35

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 36

Enter server info sent by

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 37

Enter server info sent by Cloud

Configure up to 5 Cloud Signaling Servers

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 38

As one Server is added, the next set of

All Servers use the

Hovering over an alert icon

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 39

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 40

URL for a Cloud service provider

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 41

Check box to allow APS to request

Type a number and select a unit of measure

• Move the slider to specify the amount of

Check box to allow APS to request cloud-

Must be enabled in order to use Targeted