Hi all,

I intend to replace my current TOR Cisco Stack in favour of a pair of SX1012 switches.

These will be used as TOR switches to connect to my current HP C7000 Blade Chassis’s using HP Flex10 Switches.

I’ve been getting hit with some recent DDOS attacks, see attached graphs.

I’m wanting to know with the new SX1012 switches, has any testing been done with the new Defense4All app as part of the new OpenDaylight Hydrogen Controller or any other OpenFlow DDOS protection ?

https://wiki.opendaylight.org/view/Defense4All:User_Guide https://wiki.opendaylight.org/view/Defense4All:User_Guide

Additionally can DDOS traffic be just dropped at the switch or does it need to go to Radware AMS or other IPS ?

I know this is all very new stuff but any info you can give me would be great in planing for the future etc…

Regards, Daniel

DDOS-traffic.JPG.jpg1253×399 117 KB

DDOS-PPS.JPG.jpg1262×380 111 KB

Hi Daniel,

Our switches supports OpenFlow 1.0, we did not check especially with Open Daylight beside doing some foo-foo tests.

Defense4All redirects traffic to an AMS (Radware’s DefensePro AMS) which cleans the traffic. Do you have the AMS appliance in your setup?

How many hosts do plan to protect agianst the DDOS? This affects the number of flows being monitored by Defense4All .

Do you know where Defense4All collects the flow statistics from? Does it install flows in the physical switches or in the edge (i.e. open vswitch)?

w/o knowing these details it would be hard to predict.

Regards,

Alon

Hi Daniel,

I’m marking this question as assumed answered, let me know if this is still an issue.

Thanks,

Ophir.

Hi thanks for that, I was really just looking at options. In my case the DC are going to put in some thunder tps boxes from a10networks which are specifically for ddos

But out of path ddos protection is very interesting , just hoping for more apps and doco to come out around openflow in this area

Regards Daniel