John Heidemann / Papers / Anycast Agility: Adaptive Routing to Manage DDoS

Anycast Agility: Adaptive Routing to Manage DDoS
ASM Rizvi, Joao Ceron, Leandro Bertholdo and John Heidemann
USC/Information Sciences Institute

Citation

ASM Rizvi, Joao Ceron, Leandro Bertholdo and John Heidemann. Anycast Agility: Adaptive Routing to Manage DDoS. Technical Report arxiv:2006.14058v1. arXiv. [PDF] [alt PDF]

Abstract

IP Anycast is used for services such as DNS and Content Delivery Networks to provide the capacity to handle Distributed Denial-of-Service (DDoS) attacks. During a DDoS attack service operators may wish to redistribute traffic between anycast sites to take advantage of sites with unused or greater capacity. Depending on site traffic and attack size, operators may instead choose to concentrate attackers in a few sites to preserve operation in others. Previously service operators have taken these actions during attacks, but how to do so has not been described publicly. This paper meets that need, describing methods to use BGP to shift traffic when under DDoS that can build a “response playbook”. Operators can use this playbook, with our new method to estimate attack size, to respond to attacks. We also explore constraints on responses seen in an anycast deployment.

Bibtex Citation

@techreport{Rizvi20a,
  author = {Rizvi, {ASM} and Ceron, Joao and Bertholdo, Leandro and Heidemann, John},
  title = {Anycast Agility: Adaptive Routing to Manage {DDoS}},
  institution = {arXiv},
  year = {2020},
  sortdate = {2020-06-24},
  project = {ant, ddidd, paaddos},
  jsubject = {routing},
  number = {arxiv:2006.14058v1},
  month = jun,
  jlocation = {johnh: pafile},
  keywords = {ddos, anycast, bgp, tangled, peering},
  url = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi20a.html},
  pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi20a.pdf},
  myorganization = {USC/Information Sciences Institute},
  copyrightholder = {authors}
}
Copyright © by John Heidemann