DDoS Volumetric Mitigation Service
Volumetric, Cloud-Based Solution
Our cloud-based, volumetric DDoS mitigation service was procured on behalf of the community.
Cloud-based volumetric Distributed Denial of Service (DDoS) Mitigation Service procured on behalf of the community from Radware.
How does the service work?
DDoS Mitigation Service Subscribers procure 1G of clean pipe capacity and clean traffic is returned on their Internet2 connection. At setup time a VLAN will be configured on the Subscriber’s existing Internet2 connection over which the Subscriber will peer (via BGP) with Internet2’s Scrubbing VRF. This VRF, in turn, is configured by Internet2 to peer with the DDoS Mitigation service provider.
Using BGP, the Subscriber will provide to the VRF the set of address prefixes that should be scrubbed should the need arise. When an attack is detected, the Subscriber or Tenant will signal, using a BGP community, the specific subnet (a /24) to be scrubbed.
The DDoS Mitigation service provider upon receiving the BGP community indicating the need for scrubbing will advertise the prefix to the greater internet. Traffic will then come into the DDoS Mitigation service provider, which will scrub that traffic and return clean traffic over the VLAN configured at setup time on the Subscriber’s existing Internet2 connection.
Subscriber’s downstream members (e.g., a university or K-12 district) have the option to obtain the same direct access services from the provider as the subscriber by choosing the Tenant option, with an associated fee structure.
The features available to Subscribers and Tenants are:
- Direct access to the Security Operations Center (SOC) of the provider to initiate mitigation
- Access to a portal to review mitigation efforts and subsequent reports
- A direct VLAN on the Internet2 network used to:
-Peer with Internet2’s Scrubbing VRF
-Carry clean traffic back to the Subscriber’s routers
An organization that is downstream from a Subscriber and/or Tenant and that has its own publicly registered Autonomous System Number (public ASN) and does not choose the option to be a Tenant is considered to be a Subtenant of the Subscriber, with associated fees. A. Subtenant will not have access to the SOC or Portal. Subtenant fees are not applicable to any organization eligible to receive USF E-Rate funds such as K-12 schools and Libraries.
We want to hear from you.