DDoS attack is very common in current network which will result in traffic growing up to several Gbps or more in seconds. It’s not easy to defense against these attack. Centec’s V series SDN switches have been used by a public cloud service provider in Japan as part of the DDoS solution. The mechanism of the DDoS filtering application is briefly described below:
After the attack is detected by the sever, the packets are sent to the SDN switches by BGP.
The SDN switch modifies the (DDoS targets’) IP DA of packets from legitimate sources and sends them back to the network. The purpose of the IPDA modification is to prevent loop to the core router.
Discard the illegal packets.
Recover the address to the original IPDA of the packets at SDN switches near the customer edge.