Anycast Agility: Adaptive Routing to Manage DDoS

Rizvi, ASM and Cern, Joao and Bertholdo, Leandro and Heidemann, John
USC/Information Sciences Institute

citation

ASM Rizvi, Joao Cern, Leandro Bertholdo and John Heidemann 2020. Anycast Agility: Adaptive Routing to Manage DDoS. Technical Report arxiv:2006.14058v1. arXiv. [PDF]

abstract

IP Anycast is used for services such as DNS and Content Delivery Networks to provide the capacity to handle Distributed Denial-of-Service (DDoS) attacks. During a DDoS attack service operators may wish to redistribute traffic between anycast sites to take advantage of sites with unused or greater capacity. Depending on site traffic and attack size, operators may instead choose to concentrate attackers in a few sites to preserve operation in others. Previously service operators have taken these actions during attacks, but how to do so has not been described publicly. This paper meets that need, describing methods to use BGP to shift traffic when under DDoS that can build a “response playbook”. Operators can use this playbook, with our new method to estimate attack size, to respond to attacks. We also explore constraints on responses seen in an anycast deployment.

reference

@techreport{Rizvi20a,
  author = {Rizvi, {ASM} and Cern, Joao and Bertholdo, Leandro and Heidemann, John},
  title = {Anycast Agility: Adaptive Routing to Manage {DDoS}},
  institution = {arXiv},
  year = {2020},
  sortdate = {2020-06-24},
  project = {ant, ddidd, paaddos},
  jsubject = {routing},
  number = {arxiv:2006.14058v1},
  month = jun,
  location = {johnh: pafile},
  keywords = {ddos, anycast, bgp, tangled, peering},
  url = {https://arxiv.org/2006.14058},
  pdfurl = {https://arxiv.org/pdf/2006.14058.pdf},
  johnhpdfurl = {https://www.isi.edu/%7ejohnh/PAPERS/Rizvi20a.pdf},
  otherurl = {https://ant.isi.edu/~rizvi/published_papers/Rizvi20a.pdf},
  myorganization = {USC/Information Sciences Institute},
  copyrightholder = {authors}
}