F5 Cloud Services Adopted for Robust DDoS Protection After Major Attack

Based in Ogaki City, Gifu Prefecture, Mirai Communication Network Co., Ltd. provides a wide range of services, including internet service provider (ISP), rental server services, data center operation and management, domain acquisition, operation, and management, as well as business support networks utilizing the Gifu Prefecture-wide optical fiber network and the Gifu Information Superhighway. To counter DDoS attacks, the company has implemented F5 Distributed Cloud DNS. We spoke with Mr. Yuki Kano and Ms. Atsuko Tanaka from the Technology Department at Mirai Communication Network about the specific requirements, functionalities, and expected benefits unique to their company during the implementation.

The Need

With the concept of being an "internet service provider with a human face," Mirai Communication Network Co., Ltd. offers a wide range of network-related services, not only to private companies but also to local governments and public agencies. "For hosting services, we serve customers nationwide, but our distinct feature lies in our regionally-focused business approach. In that sense, we are an internet service provider with a 'human face,'" explains Mr. Yuki Kano from the company's Technology Department. "Unlike many typical server providers who primarily offer remote services and whose staff remain unseen, our technical and maintenance staff, including myself, visit customer offices. We work directly with our customers on a per-project basis to build tailored solutions," he adds. The trigger for Mirai Communication Network to re-evaluate its system architecture came in December 2023, following a large-scale DDoS attack. "Our DNS servers were targeted, rendering name resolution extremely difficult. While we immediately blocked queries from IP addresses identified as the attack source and restored services promptly, we realized that even if the network is operational, a DNS server outage makes communication impossible. This incident reinforced the importance of protecting DNS servers against attacks," Kano reflects. Before the attack, the company had already implemented measures such as monitoring network traffic to detect potential DDoS attacks and allowing only legitimate traffic. However, the incident highlighted the necessity of implementing more specialized countermeasures for DNS servers. This led the company to consider introducing a dedicated DDoS protection service.

The Transformation

After approximately three months of consideration following the attack, Mirai Communication Network decided to adopt F5's Distributed Cloud DNS. According to Ms. Atsuko Tanaka from the company's Technology Department, who was directly involved in evaluating the various tools, "Due to the urgency of the situation, we focused on solutions that could be easily deployed via cloud services. Initially, F5's service was not among our candidates. However, during our evaluation process, F5 made a proposal, and we determined that their service had advantages in terms of cost and ease of integration with our existing environment." Some of the competing services required reconfiguring both the primary and secondary DNS servers on the SaaS side, while others only provided a primary DNS solution that couldn’t integrate with a secondary DNS. "With other services, you needed to decide at the contract stage whether to apply measures to the primary or secondary DNS. Additionally, costs varied depending on the volume of queries, making budget management a challenge," Mr. Kano elaborated on the reasons for selecting F5. For public sector clients such as local governments, procurement is often done through a bidding process, and the budget is fixed annually. As a result, any price adjustments due to unexpected attacks cannot be passed on to the service price. F5 Distributed Cloud DNS employs a pricing model based on the number of zones and features a flexible structure: even if the number of zones exceeds the contracted amount, there are no additional charges during the contract period. Adjustments, if needed, can be made during the re-contracting process in subsequent fiscal years. Mirai Communication Network built a Proof of Concept (PoC) environment to test F5 Distributed Cloud DNS. Kano explained, "At the stage where the decision was made to introduce F5’s service, we were provided with both a PoC account and a purchaser account. The UI is intuitive and easy to understand, and with the detailed support from F5 engineers, the verification process has been progressing smoothly."

The Outcome

"DNS changes require thorough testing, as well as tasks like registering the necessary records on the destination server and transferring the WHOIS information. However, the post-migration operations will remain the same as our existing environment. We don’t expect the need for any additional human resources," says Mr. Kano. With F5 Distributed Cloud DNS, the primary DNS can be set to Hidden, keeping it concealed from the internet to protect against DDoS attacks. The existing DNS server can remain in use for configuration purposes, while the secondary DNS is placed on F5's Distributed Cloud side to handle all DNS queries. "Not only does it fulfill our initial requirement of DDoS protection, but it also improves response times through a geographically distributed cloud-based secondary DNS. Moreover, we can transfer version upgrade tasks and similar operations to F5, further reducing our operational workload," adds Mr. Kano.

F5 Distributed Cloud DNS enables the configuration of Primary/Secondary DNS. The existing Primary DNS is utilized exclusively for configuration purposes, while Secondary DNS is placed on F5's cloud to handle DNS queries. This setup provides protection against DDoS attacks and improves response times through a geographically distributed cloud network.

F5 offers various network and security functionalities as part of F5 Distributed Cloud Services, including Distributed Cloud DNS, which was adopted this time, as well as load balancers, firewalls, API gateways, WAFs, API security, bot protection, and managed Kubernetes platforms. "Currently, we’re considering offering DNS load balancing as a service. With an increasing number of companies operating systems across multiple environments, such as on-premises and cloud, the need for DNS-based load balancing definitely exists," says Ms. Tanaka, mentioning the potential adoption of services beyond Distributed Cloud DNS. Mr. Kano also highlights the advantages experienced during hands-on training with F5’s Distributed Cloud Services: "We found the service offers detailed configuration options while maintaining excellent usability. In considering service expansion, monitoring features such as HTTPS and DNS monitors seem highly useful, and we’re also eager to try proof of concepts (PoCs) for managed Kubernetes in the future." F5 Distributed Cloud Services supports the management and secure operation of applications and networks distributed across various environments, as well as rapid application development and deployment through Kubernetes platforms. "The existing services we offer via physical and virtual appliances can be transitioned to SaaS solutions, which are easy to deploy and scale. We anticipate more use cases for F5 Distributed Cloud Services going forward," says Mr. Kano. He also sees potential in collaborating with F5 to address challenges faced by local governments, boards of education, and regional businesses. "By further utilizing F5’s solutions and integrating them with our services, I believe we can uncover new needs among our existing customers and provide enhanced value," adds Mr. Kano.