Nexusguard Relieves DDoS Pains for Hong Kong Service Provider
A leading telecommunication/Internet service provider in Hong Kong that provides data and hosting services to its customers.
While DDoS attacks are certainly problematic for the targets of the attack, they are particularly challenging for service providers. Unlike the individual end user, service providers need to tackle this problem on a much larger scale, since they are always part of the traffic delivery pipeline—which means they must be able to handle all the DDoS attacks every one of their customers get hit by.
In most cases, service providers also have limited infrastructure, so resources are shared between customers—there is a limit to how much a service provider can segregate customers. When their customers are hit by an attack that is so large that even the service provider’s resources are threatened, it is possible that the service provider’s other customers will be affected by the attack as well. This type of collateral damage creates dissatisfaction among customers that are sharing the resources, which leads to an increased customer turnover rate.
Just a decade ago, the leading telecommunication/Internet service provider was able to ignore DDoS attacks, since they were small in scale and infrequent. That’s no longer possible. Since 2004, the number of DDoS attacks has increased rapidly year after year. Not only are they growing in frequency, they are also growing in scale and sophistication. Today, the ISP sees hundreds of DDoS attacks daily—it is an increasingly heavy burden for the ISP, causing excessive bandwidth costs, damaged equipment, and tarnished reputation
One way the ISP could counter the effect is through acquiring additional resources. However, both appliances and bandwidth are expensive, and it is difficult to predict the capacity needed to mitigate the attacks.
Nexusguard’s first step was to set up GRE tunnels with redundancy between Nexusguard and the ISP’s data center. The GRE tunnels facilitate the transfer of data back to the ISP after DDoS attacks have been mitigated. Since the ISP had already installed a DDoS monitoring appliance manufactured by Arbor, Nexusguard helped the ISP configure the appliance to better identify DDoS attacks
When the appliance detects a DDoS attack, it announces the particular prefix to Nexusguard and sends Nexusguard the IP address of the victim. Once Nexusguard receives the attack route, Nexusguard broadcasts the prefix to the Internet while also null-routing all traffic directed toward the victim’s IP address.
All non-victim traffic passes through Nexusguard cloud and back to the ISP via the aforementioned GRE tunnel. Nexusguard will continue to monitor the network on behalf of the ISP; if another IP in that prefix is attacked, Nexusguard will identify the attack and null-route the newly targeted IP address.
Nexusguard will check the status of the attack every two hours until it has completely stopped. If Nexusguard detects that the attack is still taking place, the targeted IP address will continue to be null-routed—if it has stopped, Nexusguard returns the prefix back to the ISP
Today, Nexusguard mitigates more than 500 attacks per month for this ISP. With Nexusguard protecting their infrastructure, the ISP has seen a noticeable increase in service reliability and customer satisfaction.
Moreover, the ISP has also reduced the monetary burdens they would likely face without proper protection, since they are no longer burdened by attacks that choke their pipelines or damage their equipment. With Nexusguard working around the clock to ensure the ISP’s customers are not affected by DDoS attacks, they can focus their energy and resources on other core business projects for growth and expansion.Download
“Our services have increased in stability and the number of complaints has decreased dramatically over the past couple of years with the help of Nexusguard’s InfraProtect. Offloading this responsibility has also helped in freeing up internal resources to focus on other projects,”
Product Manager, Hong Kong Service Provider