K-Clean Filtering DDoS Attacks Using 500G Peering Network
Information
-
In the event of a DDoS attack, the traffic is redirected by K-Clean using the GRE tunneling technology for a filtering process, and only normal traffic is delivered to the original PoP.
-
This is recommended to companies operating servers above a certain scale.
Features
- Network bypass service using tunneling instead of proxy redirection
- Possible to directly block attacks from the IP address of the origin site
- Pre-configuration of the GRE tunnel and maintenance of the settings during normal time
(requires equipment supporting the GRE tunneling function) - Notification of network bypass using GRE tunnel in the event of an attack
Configuration Diagram and Method of Use
1. GRE tunnel using fixed IP addresses such as a serial number
2. External notification from target network band (BGP or Static) shelter in the event of an attack
3. Purification of the attack traffic entering the shelter through a two-step filtering process
4. Forwarding of purified service traffic to the customer’s server using the GRE tunnel
* It is necessary for the network equipment to provide the GRE protocol function.
Functions by Product
| Product | SOS | Anti-DDoS | GRE | Circuit |
|---|---|---|---|---|
| Product Details |
· Defense based on domain delegation · L7 caching function · WEB Service · UDP/ICMP 10G · Defense against TCP attacks (10G) · Blocking overseas attacks · Global service (Option) · Addition of domains |
· Installation of customer’s servers in the K-Clean Zone · UDP/ICMP 10G · Defense against TCP attacks (10G) · Detection and blocking of abnormal packets · Guaranteed server speed of 1Gbit/sec |
· Application of the GRE Protocol · Network bypass service · Defense against direct attacks from IP addresses · Notification for bypassing of the GRE tunnel |
· Direct connection with the DDoS interconnection network · Approval of application of customer’s own DDoS solution · Non-controlled for up to 100G · Traffic guaranteed |
| ICMP, UDP Filtering | ○ | ○ | ○ | ○ |
| Blocking of abnormal IP packets | ○ | ○ | ○ | |
| Blocking of abnormal TCP packets | ○ | ○ | ○ | |
| Blocking of abnormal UDP packets | ○ | ○ | ○ | |
| Blocking of abnormal ICMP packets | ○ | ○ | ○ | |
| Blocking of LAND attack packets | ○ | ○ | ○ | |
| Defense against UDP flooding | ○ | ○ | ○ | |
| Defense against ICMP flooding | ○ | ○ | ○ | |
| SYN Flooding | ○ | ○ | ○ | |
| TCP Flooding | ○ | ○ | ○ | |
| HTTP Flooding | ○ | ○ | ○ | |
| Defense against Fragment Flooding | ○ | ○ | ○ | |
| L7 pattern check | ○ | ○ | ○ | |
| Defense against spoofed IP addresses | ○ | ○ | ○ | |
| Defense against DRDoS | ○ | ○ | ○ | |
| URL Behavior Anomaly | ○ | ○ | ○ | |
| Caching Behavior Anomaly | ○ | ○ | ○ | |
| DNS Query Flooding | ○ | ○ | ○ | |
| Defense against DNS Amplification attack | ○ | ○ | ○ | |
| Defense against SYN flooding | ○ | ○ | ○ | |
| Blocking of abnormal IP addresses | ○ | ○ | ○ | |
| Improved SSL performance (SSL offload) | ○ | |||
| HTTP acceleration and optimization (compression, cache, TCP reuse) | ○ | |||
| Load Balancing | ○ | |||
| Health Monitoring | ○ | |||
| GRE Tunneling | ○ | |||
| Full subnet protection without changes to the IP address (using BGP) | ○ |
AWS Direct Connect
GCP Cloud Interconnect
Tencent Direct Connect
NBP Cloud Connect
MS Express Route
IBM Direct Link
Oracle FastConnect
IXcloud KDX
