Scaling DDoS Protection at the Edge

Published October 13, 2020

Attacks, like other Internet-borne traffic, are somewhat predictable. Monday morning rushes to log in after the weekend. After school bursts as kids log on to online games. Holiday-driven increases as shoppers frantically try to find "the perfect gift" online. Seasonal and industry-related patterns have been recognized by researchers and anticipated by security pros for years.

But 2020 bucked those trends and instead of the traditional seasonal decrease in DDoS attacks, reports showed an increase. To wit, the average number of attacks per day increased during the second calendar quarter of 2020, reaching almost 300 attacks per day (April 9). In the first quarter, the daily record was 242 attacks. This anomaly has been attributed to the abrupt shift to a remote workforce.

While it's true that there have been new DDoS attack patterns emerging, what is also true is that DDoS attacks at the infrastructure layer are still DDoS attacks. They are what we might call "traditional" attacks. What is changing are targets and opportunities that come with a distributed workforce.

Fears that a new generation of hyper-scale DDoS threats emerging along with 5G networks are extant. These concerns are compounded as Edge increasingly appears to be a strategic solution to the growing challenge of maintaining availability and performance of applications for what appears to be a more permanently remote and distributed workforce.

This is an existential challenge. Over 15% of remote workers experience issues with connectivity daily, with over half (52%) experiencing problems monthly. (Waveform, April 2020 report) The biggest challenge faced by CIOs in 2020 has been maintaining application performance (66%) and network reliability (63%). (Catchpoint, CIO New Normal Survey, 2020) Consumers face similar challenges with connectivity, performance, and availability of applications from the utilities, banking, retail, and culinary industries that have rapidly transitioned to a digital-first (or digital-only) model. The ability of a significant attack to exacerbate these frustrations is not trivial.

The scale of such attacks—the average size of a DDoS attack in 2019 was 12Gbps—is already overwhelming, there is a need for new technologies to address this growing threat. But space and resources are still limited. The Edge might be a utility room at the base of a remote cell tower, after all. This is not prime data center real estate. The constraints of space and remote nature of Edge compute makes the traditional "throw more hardware at the problem" approach a non-starter.

A modern approach is to throw smarter hardware at the problem.

There is already a growing market for solutions that are accelerated using specialized hardware. In the emerging AI and ML space, we see GPUs taking on the role of accelerating the complex mathematical computations necessary to fuel faster, smarter analytics. In the network space, we are seeing similar approaches that take the form of an FPGA. The Intel PAC N3000 is one such device that has enabled F5 to apply its more than ten years of FPGA programming expertise to more efficiently block incoming DDoS attacks.

Testing of our solution versus software-only options showed the FPGA-enabled option able to withstand a DDoS attack up to 300 times greater in magnitude.

Moreover, because the solution leverages what is commonly referred to as a SmartNIC, there's no need for additional rack space or hardware. There's no need for dedicated hardware to reap the benefits of a hardware-assisted solution. This makes it a better fit for service providers who are facing exponential growth in traffic from the shift in workforce and the ongoing 5G rollout.

A software option that pairs with a NIC also makes it an infinitely better choice for deployment at Edge locations, where space and resource constraints make large-scale hardware deployments untenable.

The issue of performance and reliability at the edge of the Internet—our homes and now, it seems, our workspaces—will continue to be a challenge. Addressing it will require new approaches to these traditional problems. Taking advantage of smarter hardware to scale solutions in resource-constrained Edge locations is one of those approaches.

You can learn more about how F5 is scaling security at the Edge in this blog.