Author: Anupam Vij Principal PM Manager, Azure Networking.
DDoS attacks are rapidly evolving in complexity and frequency. As we highlighted in our 2021 Q1 and Q2 DDoS attack trends review, we see that attacks in Azure have been trending toward shorter durations, mostly short-burst attacks. Workloads that are highly sensitive to latency, such as those in the multiplayer online gaming industry, cannot tolerate such short burst DDoS attacks, which can cause outages ranging from two to 10 seconds that result in availability disruption.
Today, we are announcing the preview of inline DDoS protection which will be offered through partner network virtual appliances (NVAs) that are deployed with Azure Gateway Load Balancer and integrated with Azure DDoS Protection Standard in all Azure regions. Inline DDoS protection mitigates even short-burst low-volume DDoS attacks instantaneously without impacting the availability or performance of highly latency-sensitive applications.
Azure DDoS Protection Standard is the recommended product to protect your resources against L3/4 attacks in Azure. Third-party inline L7 DDoS protection, combined with Azure DDoS Protection Standard, provides comprehensive L3 to L7 protection against volumetric as well as low-volume DDoS attacks. Azure customers using third-party DDoS protection services for inline mitigation now have the option to use the marketplace offering along with Azure DDoS Protection Standard. This solution enables comprehensive inline L7 DDoS protection for high performance and high availability scenarios using different providers.
Gateway Load Balancer enables the protection of such workloads by ensuring the relevant NVAs are injected into the ingress path of the internet traffic. Once chained to a Standard Public Load Balancer frontend or IP configuration on a virtual machine, no additional configuration is needed to ensure traffic to and from the application endpoint is sent to the Gateway Load Balancer.
Deployment of inline DDoS NVA can be done in a few easy steps:
Gateway Load Balancer provides transparent flow (bump in the wire) using an overlay network with low latency, preserving the health of the host as well as the NVAs during the DDoS attacks.
Inbound traffic is always inspected with the NVAs in the path and the clean traffic is returned to the backend infrastructure (gamer servers).
Traffic flows from the consumer virtual network to the provider virtual network and then returns to the consumer virtual network. The consumer virtual network and provider virtual network can be in different subscriptions, tenants, or regions enabling greater flexibility and ease of management.
Enabling Azure DDoS Protection Standard on the VNET of the Standard Public Gateway Load Balancer frontend or VNET of the virtual machine will offer protection from L3/4 DDoS attacks.
A10 network will be our launch partner for this new solution, learn more about their inline 7 DDoS protection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.