Knowledge in one place.
DDoS (Distributed Denial of Service) attacks are a growing cyber threat that aims to overwhelm a system's resources, making them unavailable to its users. Internet Service Providers (ISPs) are at particularly high risk as they host a large amount of critical data and services. Disruption of these services can have serious consequences, including service interruption, financial loss and reputational damage.
As a provider of ISP solutions, we are proud to share this case study that highlights how our partnership with ALT Telecom resulted in an innovative solution to mitigate these attacks.
In this case study, we will highlight how ALT Telecom used the DM-SV01 OCP server to implement the DDoS attack protection solution called Wanguard, developed by Andrisoft Network Security.
Wanguard solution
Wanguard is a robust Linux-based application designed for the detection and mitigation of DDoS attacks. Consisting of a Management Console, a Flow Sensor that monitors network traffic, and a Filter that determines the filtering rules for each identified anomaly, this solution offers bandwidth monitoring, IP accounting, and in-depth traffic analysis.
In addition, Wanguard supports automated response tools such as RTBH, BGP Flowspec, traffic diversion, scripting and clustering, improving responsiveness and adaptability to emerging threats. All of this is managed through a web-based console, independent of the operating system, which provides unified reporting.
Implementation on ALT Telecom
ALT Telecom chose to implement the Wanguard solution on a Datacom bare metal server, specifically the DM-SV01 model. This server combines high performance and efficiency, being able to support the processing and storage demands of the Wanguard solution.
Considering the hardware requirements for each Wanguard component - the Console, the Flow Sensor, the Filter and others - the choice of the Datacom server proved to be the right one. Each component demands different levels of performance, and the DM-SV01 server was able to meet all these requirements efficiently, offering high processing capacity, memory and storage.
The components of the solution were divided as follows:
The Console and Flow Sensor collect information from 10 network edges;
The Filter determines the filtering rules and distributes them to the edges via the BGP Flowspec, allowing the installation of ACLs directly on the network edges themselves.
The components of the Wanguard solution constantly monitor the external traffic entering the ALT Telecom network, which reaches around 1.1Tbps. They identify traffic anomalies and generate filtering rules, which are also exported to some upstreams that support the same functionality. This allows malicious traffic to be filtered as close to its source as possible.
System Hardware and Performance
Meeting the specific needs presented by ALT Telecom, the selection of hardware for this project was carefully chosen by the client's specialists. Datacom provided:
For system management, DEBIAN LINUX 11.7 was used and the allocation of process data on NVME disks was done in order to increase efficiency. The distribution was as follows:
This arrangement resulted in a significant performance improvement. They have been observed:
To exemplify the improvements, we compared the input and output wait time (IOWAIT) between the old server and the new Datacom server. In the graphs below, you can see that the IOWAIT has been drastically reduced on the new server - from seconds to milliseconds.
Old Server Graph - IOWAIT (in seconds)
New Server Graph - IOWAIT (down to milliseconds)
The data clearly show that the hardware provided by Datacom, combined with the correct distribution of data by ALT Telecom specialists, provided a more efficient and faster response against DDoS attacks.
Conclusion
The results demonstrate that the implementation of the Wanguard solution on a Datacom server resulted in an effective and efficient DDoS protection system. In addition, ALT Telecom already plans to test the 'Packet Sensor' and 'Packet Filter' components on a second Datacom server, using DPDK technology to further accelerate packet processing.
We hope this case study serves as an inspiration for more ISPs to consider implementation of robust DDoS mitigation solutions, such as Wanguard, on Datacom servers. This type of strategy can significantly increase the security and stability of your networks.
If you have any questions or are interested in learning more about how a Datacom server can support your DDoS mitigation needs, we are here to help. Our account managers are always ready to help you find the best solution for your case. Please contact us via the link below. We look forward to helping you strengthen your network security.
