Back to Search Start Over

Empowering DDoS Attack Mitigation with Programmable Switches

Authors :
Chen, Xiang
Liu, Hongyan
Zhang, Dong
Huang, Qun
Zhou, Haifeng
Wu, Chunming
Yang, Qiang
Source :
IEEE Network; 2023, Vol. 37 Issue: 3 p112-117, 6p
Publication Year :
2023

Abstract

Distributed denial-of-service (DDoS) attacks have long been the most severe and destructive attack on modern networks. Some solutions place several middleboxes that run security-oriented network functions (SNFs) in the network to defend against DDoS attacks. However, middleboxes are proprietary and fixed-function, making them costly and inflexible when handling attack dynamics. Another class of solutions exploits the capability of software-defined networking (SDN) and network function virtualization (NFV) to run virtualized SNFs on commodity servers. This reduces the cost of DDoS attack mitigation while enabling high flexibility by dynamically removing or adding SNF instances. However, this class of solutions sacrifices packet processing performance and incurs non-trivial end-to-end latency, which is unacceptable for many latency-sensitive internet services. Recently, the emergence of programmable switches brings a promising alternative solution: arbitrary SNFs can be directly performed in line-rate ASIC pipelines of programmable switches, enabling low-cost, flexible, and high-performance DDoS attack mitigation. In this article, we present an illustrative survey of recent solutions that leverage programmable switches to provide DDoS attack mitigation. Our survey can help understand how to make full use of the benefits of programmable switches to defend against DDoS attacks.

Details

Language :
English
ISSN :
08908044 and 1558156X
Volume :
37
Issue :
3
Database :
Supplemental Index
Journal :
IEEE Network
Publication Type :
Periodical
Accession number :
ejs63863726
Full Text :
https://doi.org/10.1109/MNET.107.2100643