Cloud Mitigation Alliance

Let’s Unite for a Safer Internet

2

Trend of DDoS Attacks

0

50

100

150

200

250

300

350

400

450

1999 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

100Gbps

10Gbps 334Gbps

400Gbps

Personal Attack Organized Attack Commercial or Political Attack

300Gbps

DDoS Attacks History

• DOS Attacks/Spoofed DDoS • L7 DDoS • 2015 Q1，100G+ Global Attacks >25 Times • Mainly Reply Flood Attack：DNS/NTP/SSDP

4 Attacker increase the traffic to 300G

Multiple European ISP pipeline congestion

5

Tier-2/3

Tier-1

1 Attacker launched DNS attack

75G global DNS attack traffic to the target server

2

3

Zombie Host

Attacker

DNS Server

CDN

Target Server

CDN Provider mitigate the traffic

Large Traffic Attack Frequently

• DDoS attack develop into

Commercial or Political

attack gradually.

• Low cost, automatic

tools, technical

simplicity is the

important reason for the

frequent Attack.

3

Weakness of current mitigation solution

Global-oriented MSSP

Limited bandwidth

Limited territory

Limited resource

Carrier

Only mitigate internal DDoS attack

Ignore outbound DDoS traffic

Lack for solution to international customer

4

Cloud Mitigation Alliance (CMA)

CMA unites carriers and managed security service providers to coordinate global mitigation resources to carry out near source mitigation by open API

• Open，non-vendor centric • Better utilization of existing resources • Information collaboration

5

Core Components of CMA

Cloud Coordination

Center

Scrubbing Centers

Emergency Response

Center

The CCC communicates with cloud instructions

among the alliance members evaluated by IPOP

position, cost and SLA, and in order to select the best

scrubbing resource to mitigate the attack traffic.

Scrubbing center must have global deployments,

big mitigation capacity, and establish GRE tunnels

in advance.

Expert teams of Huawei and the alliance members

are distributed in major regions across the globe,

providing 24/7 emergency response services.

6

Architecture of Cloud Mitigation Alliance (CMA)

① Alliance member detects volumetric attacks exceed its mitigation capacity ② Cloud signal to CCC (Cloud Coordination Center) to request global near source mitigation ③ CCC dispatch alliance members to initiate near-source mitigation

Cloud Coordination Center（CCC） including Big Data

Member Mitigation System

Scrubbing Center

Member under attack（e.g. Tier-2/3 IGW）

CMA unites carriers and MSSPs to coordinate global mitigation resources to

carry out near source mitigation by open API and Data.

7

Cloud Mitigation Alliance

Cloud Mitigation Alliance

Process of CMA near source mitigation

Tier-2/3 Member Network

Cloud signal

Member’s Mitigation Center

CCC

Member’s Mitigation Center

Member’s Mitigation Center

Tier-2/3 Member Network

Member’s Mitigation Center

CCC

Member’s Mitigation Center

Member’s Mitigation Center

8

Cloud Mitigation Alliance features

Near-Source Scrubbing Cloud Dispatch Globally

Global attack trend presentation

Global near-source cleaning within minutes

Open ： API & Data

Compatible, reduce TCO

Open and Win-Win Connect quickly, Profit share

Global Coverage Cleaning Center

10+ cleaning centers

4 Continents

9

Benefits of Alliance Member Analysis

Alliance Member's Own Network

Internet

A member can provide global inbound DDoS attack defense services for customers(esp multinational).

Internet

A member can provide outbound DDoS attack mitigation services for other members

Alliance Member's Own Network

10

Social Value & Governance of CMA solution

Awareness of global DDoS

Attack, information sharing between “islands”.

Protect customer’s business

and Reduce carrier operation cost .

60+

Saving energy and global carrier pipeline

resource to the utmost via near source

mitigation, so as to reduce global carbon

emissions.

Make cutting outbound attack become a

social responsibility .

Governance Work Group elected by members to establish an Open, Collaborative and Secure based line operation for Alliance members to counter Global DDoS attacks

11

Global DDoS Attacks Map form CCC

12

DDoS Attacks Event form CCC

13

Cloud Mitigation Scrubbing center Maps

SAN JOSE

LOS ANGELES

ASHBURN

MIAMI

LONDON

HONGKONG

SINGAPORE

AMSTERDAM

SAN FRANCISCO

GUANGZHOU

SHANGHAI

BEIJING

Scrubbing Center

FRANKFURT

LANGFANG TOKYO

Cloud Coordination Center

Scrubbing Center

Cloud Coordination Center

10+ Scrubbing Center 6 + Members Corporate with CCC

3 DateCenters ,in Europe/Asia/China

Coordinate with Member’s scrubbing center with Open API

Operated by Huawei

14

Cloud Mitigation Resources and Members

Member capacity Region percentage Mitigation Center

North America

Alliance Members 1.2T

USA 23.62%

• San Jose

• Miami

• Los Angeles • Ashburn

Europe 20.84% • London

Asia 31.92% • Singapore • Hong Kong

QSSEC 580G

China 19.09%

• Quanzhou

• Dongguan480

• Shenyang

• Luoyang

ChinaTelecom 500G

• Beijing

• Shanghai

• Guangzhou • Hong Kong

• Global Mitigation Capacity 2T+

15

Progress Of CMA

May June July August

China Telecom QSSec Huawei

GSM Meeting Tlf Communication O2 Communication CCSA to set up standard

September

Orange Meeting NA Partner trial China Unicom

Now…

Staminus NDA DoSarrest NDA Micron21 NDA

16

How to join CMA

Stage 1 - Join

Member joins CMA by signing a MOU with Huawei, which would allow member to

use CMA Brand and attend CMA’s routine workshops and seminars. Member

would obtain the global DDoS research achievements.

Stage 2 – Connect (Optional)

Member signs the formal contract with Huawei and its mitigation system technically

connects to CCC. Member mitigates outbound DDoS traffic and requests inbound

DDoS traffic mitigation service by communication with CCC. Huawei would make

settlement with member according to how much service member contributes and

obtains.

17

Huawei’s on-premise device features

Big Data Analytics High Performance Hardware Platform

All Traffic, Packet-by-

Packet Detection

Analysis Based on

60+ Traffic Models

60+

Full-Scale Reputation

System Fingerprint

Protection

1.44T

Service Processor

with 4 CPUs

10 X Linear Expansion

Capability

1.44T capability

Attack response time < 2s

8X industry

Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without limitation, statements regarding the

future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could

cause actual results and developments to differ materially from those expressed or implied in the predictive statements.

Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei

may change the information at any time without notice.