Scenario
DDoS is an attack where multiple compromised systems are used to target a single system causing a DoS attack. Barring/throttling of traffic sources causing malicious attack or large call volumes using the SBC to ensure the network continues to process its design-rated capacity of calls as long/ close as possible.
Refer to the background information in Denial of Service (DoS) Protection.
Description
Figure 1: DDOS Protection
During a high-load event, it is important to prioritize traffic and accept high-priority traffic in favor of low priority traffic. Emergency calls should take precedence and not get rejected in favor of a normal call. However, if a very high volume of emergency calls exists, then inevitably some of these must be throttled to ensure the success of those admitted.
- Many sources start to generate traffic far beyond the design parameters for the network. This can be an intentional and coordinated attack. However in most cases this is actually an uncoordinated spike in demand caused by some event, such as an natural disaster/emergency, a tele-vote for a reality TV show or some other "mass calling" event.
- The AS is generally a COTS platform with minimal hardware assist to protect against very high packet/request rates. It gets overloaded and becomes unresponsive with rates much higher than its rated capacity.
- For mass calling events, the SBC reduces the total traffic down to a level that can be managed by the Application Servers / core network. All subscribers are impacted, based on the traffic prioritization.