Customer Success Story
Real-Time DDoS Mitigation Gives Linode a Competitive Edge
Developers can get virtual servers running in seconds at Linode, and that agility has driven the cloud provider’s growth to global scale. It now offers security with the same agility, with the ability to mitigate devastating DDoS attacks in real time.
Ensured
Service quality and created a competitive service differentiator with automated DDoS mitigation
Eliminated
The need for stressful and ineffective manual intervention for DDoS attacks
Added
DDoS detection while maximizing network infrastructure investment
Developers can deploy, boot, resize, and clone virtual servers with just a few clicks. Linode calls its infrastructure “drool worthy,” with native solid-state drive (SSD) storage, a 40GbE network, and blazing fast processors.
Linode has added real-time DDoS mitigation services to its list of drool-worthy features. DDoS attacks are a scourge for any business, as criminals, nation-states, and protesters disrupt the digital operations of the intended target as well as wreaking havoc on other customers at the same provider.
“Customers have told us that DDoS protection is a top priority,” says Dan Spataro, director of infrastructure operations at Linode.We aren’t seeing an uptick in the frequency of attacks, but we’re seeing greater complexity and volume in DDoS attacks,” says Spataro. “The potential impact of DDoS attacks is increasing as attacks get smarter.”
After a DDoS attack a few years ago that disrupted operations, Linode rearchitected its Internet edge to use the Juniper Networks MX960 5G Universal Routing Platform for high-performance scalable routing. But as DDoS attacks continued to pummel the cloud provider, manual DDoS mitigation was no longer effective.
“We needed more granular control over DDoS attacks,” Spataro says. “With static DDoS mitigation, we could keep our data centers up, but our customers would still feel the pain. We wanted to limit collateral damage.”
Spataro discovered a solution at Juniper’s 2018 NXTWORK conference. The addition of Corero SmartWall Threat Defense Director, in combination with the MX960 routing platforms that Linode already used, would provide real-time DDoS mitigation. “We were one of the first proof-of-concept tests of the combined solution,” says Spataro. Linode can dynamically scale DDoS mitigation to the size of the attack.
Linode’s MX960 routers monitor ingress traffic via sampled. The routers forward the sampled traffic to Corero, which inspects every packet in search of a DDoS attack. All of this occurs in seconds.
If an attack is detected, Corero automatically generates firewallmatch filters so the MX960 routers can mitigate the event. Once normal operations resume, network telemetry continues to flow from the Juniper routers to monitor for the next attack. And because MX960 can filter traffic in real time, legitimate traffic flows on to its destination without any performance degradation.
Linode’s automated DDoS protection scales to thwart multiterabit attacks. “We still see about 1000 attacks over a threemonth period,” says Spataro. “But those attacks don’t take customers down because we can successfully mitigate them with Juniper and Corero”.
Linode is a big believer in automation as the company continues to grow. The network team uses automation to speed the setup of new data centers and make ongoing configuration changes.
“Automation enables us to scale our footprint globally without needing to hire more people,” Spataro says. “Automation is also beneficial for our customers because we can react to events programmatically. They don’t have to wait for humans to get to a keyboard. If a link is failing in the middle of the night, we can automatically take traffic off the link so customers aren’t affected, and then engineers can troubleshoot the problem in the morning.”
Scaling the business efficiently is key. Building on the company’s recent expansion to Toronto and Mumbai, Linode plans to open its newest data center in Sydney in the fall of 2019. “We’re looking at new geographies and exploring edge deployments to support 5G services or broadband providers,” he says.
With the high levels of performance, reliability, and capacity of a Juniper network, now with real-time DDoS mitigation, Linode can scale its business with a simple, highly efficient network.
Related Content
Visit our Elevate Speaker Series podcast to hear a candid discussion with Linode about the company's strategies, best practices, and more.
Published October 2019