K-Clean Filtering DDoS Attacks Using 500G Peering Network
Information

-
In the event of a DDoS attack, the traffic is redirected by K-Clean using the GRE tunneling technology for a filtering process, and only normal traffic is delivered to the original PoP.
-
This is recommended to companies operating servers above a certain scale.
Features
- Network bypass service using tunneling instead of proxy redirection
- Possible to directly block attacks from the IP address of the origin site
- Pre-configuration of the GRE tunnel and maintenance of the settings during normal time
(requires equipment supporting the GRE tunneling function) - Notification of network bypass using GRE tunnel in the event of an attack
Configuration Diagram and Method of Use
1. GRE tunnel using fixed IP addresses such as a serial number
2. External notification from target network band (BGP or Static) shelter in the event of an attack
3. Purification of the attack traffic entering the shelter through a two-step filtering process
4. Forwarding of purified service traffic to the customer’s server using the GRE tunnel

* It is necessary for the network equipment to provide the GRE protocol function.
Functions by Product

Product | SOS | Anti-DDoS | GRE | Circuit |
---|---|---|---|---|
Product Details |
· Defense based on domain delegation · L7 caching function · WEB Service · UDP/ICMP 10G · Defense against TCP attacks (10G) · Blocking overseas attacks · Global service (Option) · Addition of domains |
· Installation of customer’s servers in the K-Clean Zone · UDP/ICMP 10G · Defense against TCP attacks (10G) · Detection and blocking of abnormal packets · Guaranteed server speed of 1Gbit/sec |
· Application of the GRE Protocol · Network bypass service · Defense against direct attacks from IP addresses · Notification for bypassing of the GRE tunnel |
· Direct connection with the DDoS interconnection network · Approval of application of customer’s own DDoS solution · Non-controlled for up to 100G · Traffic guaranteed |
ICMP, UDP Filtering | ○ | ○ | ○ | ○ |
Blocking of abnormal IP packets | ○ | ○ | ○ | |
Blocking of abnormal TCP packets | ○ | ○ | ○ | |
Blocking of abnormal UDP packets | ○ | ○ | ○ | |
Blocking of abnormal ICMP packets | ○ | ○ | ○ | |
Blocking of LAND attack packets | ○ | ○ | ○ | |
Defense against UDP flooding | ○ | ○ | ○ | |
Defense against ICMP flooding | ○ | ○ | ○ | |
SYN Flooding | ○ | ○ | ○ | |
TCP Flooding | ○ | ○ | ○ | |
HTTP Flooding | ○ | ○ | ○ | |
Defense against Fragment Flooding | ○ | ○ | ○ | |
L7 pattern check | ○ | ○ | ○ | |
Defense against spoofed IP addresses | ○ | ○ | ○ | |
Defense against DRDoS | ○ | ○ | ○ | |
URL Behavior Anomaly | ○ | ○ | ○ | |
Caching Behavior Anomaly | ○ | ○ | ○ | |
DNS Query Flooding | ○ | ○ | ○ | |
Defense against DNS Amplification attack | ○ | ○ | ○ | |
Defense against SYN flooding | ○ | ○ | ○ | |
Blocking of abnormal IP addresses | ○ | ○ | ○ | |
Improved SSL performance (SSL offload) | ○ | |||
HTTP acceleration and optimization (compression, cache, TCP reuse) | ○ | |||
Load Balancing | ○ | |||
Health Monitoring | ○ | |||
GRE Tunneling | ○ | |||
Full subnet protection without changes to the IP address (using BGP) | ○ |