Last week’s DDOS (Distributed Denial of Service) attack may have caused companies up to $110 million in lost revenue and sales . As a result, throughout the day on Friday the 21st October, many users were unable to connect to popular sites like Twitter, Netflix, Spotify, Financial Times and many more in various parts of the U.S. as depicted on outage map above . This was unprecedented, since attack vectors were non-traditional and according to different reports ranged from 500-700 Gbps attack traffic volume. Adding to misery, most of the attack traffic originated from discrete IP’s from vulnerable IoT end points like IP camera’s and DVR’s.
How all of this mess could have been avoided or effectively countered with SDN (Software Defined Networking)? To better understand, lets first start out by understanding what SDN is. SDN or Software Defined Networking essentially allows for network/infrastructure behavior change from a programmatic perspective leveraging orchestration and automation which in turn enables optimizations, scalability and innovation. Notice the emphasis is on programmability. How you programmatically change device behaviors, protocols etc. or how to programmatically extract actionable information from traffic flows and perform intelligent decisions based on that information.
This programmatic aspect has far deeper implications than what one might superficially can think of. Most immediate of which is that learning or mastering a particular vendor’s device syntax is no longer necessary. You no longer would need to learn Cisco IOS, Juniper's Junos or Arista’s EOS in order to be able to communicate to them or provision / manage them programmatically. Instead you’d be better off learning python and REST based interfaces for these device management functions. Most of these vendors and their likes have been quick to adopt Python and opening up device access via API’s as well. Automation tools like Ansible, Puppet and Chef can significantly improve repeatability and scale for commonly occurring problem sets.
As a result of broad industry adoption now there’s a plethora of material (examples ) on how to perform your day to day functions with out having to worry about the device command line syntaxes and automating the heck out of it. This introduces tremendous efficiencies and scale: a troubleshooting, diagnosis and break fix task that took hours can now be boiled down to a matter of minutes or even seconds.
While DNS innovations like those of Cisco’s OpenDNS’ SmartCache exist to keep DNS queries to websites humming along, there are still measures that need to be taken in order to effectively deter and recover from a DDoS attack. Let’s see what are the possible options for configuring your network (manually) while facing a DOS/DDOS situation:
- Re-configure your DNS server to point to a different provider if your current provider is under attack
- Ensure / Configure DNSSEC
- Ensure / Configure anti IP spoofing
- Configure BGP for traffic diversion and/or traffic black holing
- Blocking specific regional IP blocks e.g. from different countries
- Reconfigure your Access Control Lists (ACL's)
- Optimize load balancer settings
- Reconfigure your server’s IP address
All of these (albeit non-exhaustive) steps require manual intervention and multiple sub configuration steps. Some of the steps are required at your end while others at your service provider’s end. However, measures which could be under your control would still require significant investigation and time investment in order to manually configure network infrastructure. To complicate things further each passing hour your network or resources are inaccessible it can cost you any where from $60,000 to $100,000 per hour depending on the size of your company .
Now imagine if these measures that constitute of multiple steps and sub-steps are all automated and orchestrated across different processes. Your IT staff would be able to configure and manage diverse devices with a single user interface : Python . The diversity could range from F5 load balancers to Cisco or Juniper firewalls, routers and switches, to WAF’s (Web Application Firewalls) from Barracuda or Imperva etc . But it would not matter since you’d be able to automate/orchestrate them via their open API’s, a core tenet of SDN or network programmability. Yes, it sounds like nirvana but we’re closer to bridging the gap between it and today’s (network) realities then one might would imagine.