Internet Service Providers (ISPs) have established themselves as a vital segment of the national and global economy. As ISP networks continue to grow, it is an increasingly important responsibility for ISPs to proactively protect the physical, optical, and logical networking assets that underpin the services consumed by their customers. Most ISPs are responding to this challenge by investing time and money in new tools and techniques to ensure consistent, optimal service levels from their network assets. As a result, they are being rewarded by enhanced brand reputation and value.
I recently attended the ISPA UK annual conference, where I spoke to ISP industry professionals about defending their networks against Distributed Denial of Service (DDoS) threats. The conference drew a broad audience that included legacy providers, new providers, investors, government representatives, and industry players. Collectively, they are spending billions on the build-out of the next generation of full fiber Gigabit broadband networks. While there is a lot of industry talk about targets such as ‘number of homes or premises passed,’ attendees almost unanimously agreed that real progress should be measured by the number of homes and businesses that are in-service using gigabit capable full fiber connections.
The panel in which I participated discussed potential challenges to delivering and maintaining this “service” to both residential and business customers. We considered the following topics:
- Physical integrity and protection (e.g. accidental fiber cuts by human activity)
- Optical integrity and protection (e.g. degraded or inferior optical connectivity)
- Logical integrity and protection (e.g. service degradation or interruption by DDoS).
Physical Integrity
LSBUD (Linesearch Before U Dig) presented the case for the growing use of “Safe Digging Services” before excavation to protect Internet infrastructure. I have direct experience of the NorthEast US equivalent DigSafe. These non-profit or free services protect lives, utility services, and now telecommunications infrastructure by providing rapid approval for any significant physical excavation or demolition activities that could impact public and private infrastructure. In some jurisdictions it is now the law that these services must be consulted and clearance obtained before work begins.
Optical Performance
Viavi presented the case for improving and maintaining the delivered quality of optical infrastructure projects. For any ISP that owns or leases fiber assets, it is critical to proactively maintain the performance and availability of the optical backbone of their business. Our industry and our customers have moved beyond a tolerance of “failure and fix” towards an expectation of continuous availability. This requires the leverage of technology to intelligently predict, remediate or workaround problems before they can impact the delivered service.
DDoS Impact on ISP Networks
Corero presented the case that when assessing logical integrity, ISPs must consider the threat of DDoS attacks. In the logical IP networking domain, DDoS attacks are a critical risk factor, because customers associate internet downtime with poor quality. Meanwhile, DDoS attacks are increasing in sophistication and frequency. Throughout 2021, Corero’s Service Provider and Hosting Provider customers faced an average of 11 attacks per day, which was an increase of 29% over 2020. Corero threat intelligence research has also found that organizations face a 29% likelihood of a repeat attack within 7 days after the initial attack.
Defending Against DDoS
There will always be headline-grabbing DDoS attacks that garner social media and national media attention, but lower-level attacks are exponentially more common. If left unchecked, short duration, sub-saturating DDoS attacks consume valuable network bandwidth, which impacts customer service levels and brand reputation. This type of DDoS activity, which is endemic on the internet, bleeds away profits, creates customer trouble-tickets or help-desk calls, initiates unwarranted service visits, and ultimately leads to customer dissatisfaction and attrition.
Carpet Bomb DDoS Attacks Threaten Total IP Range
It is increasingly important that ISPs have visibility of DDoS activity on their networks so they can understand whether a network service problem is the result of malicious traffic or a technical issue. Modern DDoS solutions can inspect traffic in real time, and automatically drop the malicious packets while forwarding the legitimate traffic. The decades-old approach of “black-holing” or “null-routing” traffic has become an outdated workaround, since it essentially sacrifices good traffic along with the bad traffic, which degrades service and can take victim customers offline. Such workarounds for sacrificing DDoS victims are particularly ineffective for the new “sprayed” or “carpet-bomb” attacks, in which an ISP’s whole public IP address range is under simultaneous attack. Attacks that target broad network ranges often evade legacy DDoS mitigation solutions, which focus more on protecting isolated targets.
The aftershock of an unmitigated DDoS attack can be damaging. ISPs need to assure their customers that they are prepared for when, and if, an attack occurs. Corero’s recommendation is that ISPs can respond effectively to DDoS attacks and protect their service if they have always-on, automated, real-time DDoS protection that can mitigate attacks immediately, in seconds.