NSE7000 Red Armor Platform Performance Tests show <60-second mitigation of an IoT-generated volumetric DDoS attack
OTTAWA, ON (Canada) – March 30, 2017 – Corsa Technology, the leader in performance SDN switching and network security enforcement, announced the results of comprehensive NSE7000 hardware performance testing showing the 100 Gbps system performed flawlessly under varied traffic conditions.
The Corsa Red Armor DDoS mitigation appliance, NSE7000, is designed to quickly and easily shut down 100 Gbps DDoS attacks, especially those generated by Internet-of-Things (IoT) botnets. Line rate performance and capacity to programmatically store large numbers of enforcement rules are very important to deal with IoT vulnerabilities and attacks that are rising at an alarming rate. In October 2016 the massive DDoS attack that affected major global websites including Twitter, Netflix, and Reddit was powered by the Mirai botnet made up of hundreds of thousands of insecure IoT devices.
Tweet This: Corsa NSE7000 Red Armor Platform shows <60-second mitigation of volumetric #DDoS attack: http://hubs.ly/H06QjxR0
Back-to-back burst tests (RFC2544) were run to study the line rate performance. This test measured line rate performance by sending bursts of fixed length frames with minimum legal separation between the frames.
Results of testing showed:
- 100G line rate, with zero packet loss for all frame sizes at 100 percent load (148.8 Mpps with 64-byte frames per 100 Gbps).
- Line rate performance is not impacted by huge numbers of mitigation rules loaded into the system.
- Rule insertion rate tests measured 200,000 mitigation rules being applied into the system in less than 60 seconds.
- RFC2544 latency and jitter tests show minimal latency introduced by the system. Latency was extremely consistent over all tests and averaged 18 µsec.
- Minimal variance between the minimum/average/maximum latency for all frame sizes was measured, resulting in minimal jitter (< 5 ns) being introduced.
Red Armor delivers 100G line rate with low latency and minimal jitter and can store hundreds of thousands of rules. The powerful hardware and flexible software provides performance that does not degrade regardless of the number of rules. This was fully evaluated during the performance tests and detailed in the performance report Figure 1 and Tables 1 and 2. Whatever the shape of network traffic, Red Armor measured at full 100 Gbps line-rate including demonstrating 148.8 Mpps with 64 byte frames per 100 Gbps of throughput. When a threat is detected, the system can respond in real-time to changing management requirements, quickly dropping attack traffic while preserving normal network traffic.
The core of the Corsa Red Armor DDoS solution has the ability to quickly receive and act upon rules to deal with attack traffic. Red Armor is market-leading with its ability to mitigate an IoT generated volumetric DDoS attack in under 60 seconds. To measure this, a rule insertion rate test was performed. A commercial traffic generator was used to produce two streams of traffic: Network traffic (normal baseline traffic) and Attack traffic (originating from 200,000 source IPs). The time required to use BGP Flow Spec to insert 200,000 rules to block the attack traffic was measured at only 59 seconds, corresponding to a rule insertion rate of 3,389 rules per second. In addition, the results clearly show that the rule insertion rate is very consistent and is completely independent of the number of rules already inserted.
In summary, the performance test results show the Corsa Red Armor NSE7000 DDoS mitigation appliance forwarding traffic at 100G line-rate under very aggressive volumetric DDoS attack scenarios with no interruption of legitimate traffic and zero collateral damage.
NSE7000 is shipping worldwide. The full Corsa NSE7000 Performance Report is available online at bit.ly/2okN35o
About Corsa Technology
Corsa Technology develops high-performance infrastructure to connect the world’s biggest networks simply and securely. With switching, routing and enforcement equipment specifically designed to economically scale networks, Corsa is expert at high throughput networking. For more information, please visit www.corsa.com.
To learn more, please contact: