Deployment of cleaning equipment-experience of DDOS-proof deployment 01/29 Update SLTechnology News&Howtos

Deployment of cleaning equipment-experience of DDOS-proof deployment

2025-01-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

10 years to sharpen a sword, give back to the Internet, life does not bring, death does not take away. We don't produce technology, just Internet porters.

-Foshan Xiaoxi

Network DDOS***, is a big headache. With the expansion of network bandwidth (various upgrades of ADSL, fiber to the home), our traffic is getting cheaper and cheaper, and it is more and more difficult to do IT services.

Considering the cost-performance ratio, executives will not buy well-known brands (X is, X League, etc.), mainly depends on the size of the company.

From a technical point of view, stable network, easy management does not need too much personnel intervention. Finally get a good night's sleep.

In the past half a year, I began to do the network security deployment in this area, and came into contact with many manufacturers. It is found that the market for cleaning equipment is already very familiar, but it is more expensive and chooses a cost-effective one.

Briefly tell us how the manufacturer feels when using it:

Some are: full score for appearance, 60 points for service (problems need e-mail, some problems can't be solved in 1-3 days), some can't be prevented.

Some shield: 80 points for appearance, 70 points for service (online response), some of them can't be prevented, often use remote assistance, check logs, restart.

A general shield: 60 points for appearance (server), 80 points for service (1-3 days to solve problems, within half a day), and the new model will be updated quickly.

Compare with NTP reflection * *:

Some for: cleaning is not clean, solve with speed limit.

Some shield: the cleaning is not clean, it is prohibited by strategy.

A general shield: clean, new * *, provide data features can be quickly updated features.

Because in more than half a year, I have used several equipment and made a comparison of the data of several manufacturers:

A general shield

Some for

A shield

A certain alliance

Device Web management

Support

Not supported

Support

Command configuration management

Not available

Support

Number of U per device (cabinet space)

5U~1 cabinet

10g cleaning bandwidth for a single device

Support

20g cleaning bandwidth for a single device

Support

Not supported

Support

30g cleaning bandwidth for a single device

Support (main tweet)

Support

Not supported

Support

40G cleaning bandwidth for a single device

Support

Not supported

Support

More than 40g per unit

Not supported (but with ensemble scheme)

Support

Multiple inspection equipment corresponding to single cleaning

Support

Not supported

Single testing equipment corresponds to multiple cleaning

Not supported

Support

Each node needs a management machine.

No need

Need

10g optical module access

Yes

Whether port trunking is supported

Yes

Does the product support scalability?

Support (modular, framed)

Power supply power

502/717W

1368W/3231W/6195W

Product size

42.6 × 482.4 × 772mm

Product weight

18kg

Automatic packet capture function | Analysis

Support

Automatic learning feature library function

Not supported

Support

Not supported

Defense against NTP reflection | Zoom in *

Support

Not supported

Filtering rules

Support

Blacklist and whitelist

Support

Not supported

Support

Unified multi-node management

Support

Not supported

Serial mode deployment

Support

Not supported (change model)

Not supported

Bypass mode deployment

Support

Feature library update

At any time

Regular-official website

Do not update-solve with filtering rules

DDOS traffic * cleaning

Support

Basic flood defense

Syn;dns et al.

Support customer custom agreement negotiation

Support

Not supported

Detect and issue cleaning command-reaction time

3 seconds

2 seconds

Support the maximum blocking time of black holes

Unlimited-user customization

Up to 10 hours

Unlimited-user customization

Download the original capture package file

Support

Exception / exclusion of IP function

Support

Custom personalized blocking threshold

Support

Not supported

Whether to remind you when the exception IP is *.

Support

Not supported

Release the customer's autonomous agreement / negotiation

Support

Not supported

IPv4/IPv6 dual stack defense

Not supported

Support

SYN FLOOD

Support

Slicing *

Support

CHARGEN REPLY FLOOD

Support

SSDP REPLY FLOOD

Support

NTP REPLY FLOOD

Support

DNS REPLY FLOOD

Support

DNS FLOOD

Support

ACK FLOOD

Support

HTTP FLOOD

Support

ICMP FLOOD

Support

UDP FLOOD

Support

TCP FLOOD

Support

Finally, because of the ratio of performance to price and suitability for use, we chose a universal shield.

Flexible deployment method: do not work does not affect the network, melon does not affect the original network:

At present, I have deployed 18 node computer rooms, and the leaders no longer have to worry that I have to get up at night to block IP.

Deployment logic:

Administration page:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.