Akamai Prolexic Routed DDOS Protection

So what is Akamai prolexic routed DDOS protection?

Prolexic Routed is a simple and effective approach for businesses to secure all online and IP-based applications in their data center against DDoS assaults. Prolexic Routed, a customizable and comprehensive service, blocks DDoS attacks in the cloud far before they reach the data center. It protects against the broadest spectrum of DDoS attack types, including today’s high-bandwidth, long-lasting web attacks and the growing threat of potentially crippling DDoS attacks that target individual applications and services.

Prolexic Routed is built on a DDoS mitigation solution that uses 19 worldwide scrubbing centers to minimize latency and improve network robustness. Traffic is sent to the nearest scrubbing facility, and proactive mitigation processes are in place to prevent attacks. The remaining DDoS traffic is assessed by Akamai SOC experts, who quickly and effectively apply the most effective mitigation for each attack vector. Clean traffic is routed to your apps and data centers, while outbound traffic is returned to customers.

Customers can connect to any scrubbing center via virtual tunnels, which provide over 50 traffic delivery channels for three tunnels and considerably improve global network resiliency, even in network events outside Akamai’s control. Akamai’s Prolexic Routed Service uses the Generic Routing Encapsulation (GRE) protocol to establish virtual circuits to the customer’s router. The GRE tunnel appears to connect Akamai and client routers directly. To improve robustness and reliability, unique GRE technology produces many-to-one virtual tunnels from each scrubbing center (19 Scrubbing Centers), giving clean traffic extra bandwidth. Akamai’s Prolexic Routed (GRE) Service employs traditional IP routing protocols to intercept incoming client data and inspect it for distributed anomalies associated with distributed denial of service (DDoS) attacks. The Routed service provides security across protected subnets to Akamai client networks. In asymmetric routing, only inbound traffic is examined. Outbound traffic is routed directly to the end-user. During traffic inspection, legitimate traffic is discovered and passed on, while attack traffic is discreetly rejected.

The customer uses the Border Gateway Protocol to transmit network advertisements to Akamai. Customers can use these network advertisements to activate and deactivate the service as needed. Akamai’s activation is complete when its scrubbing facilities transmit these ads to upstream carriers and peers, usually taking seconds. The service is available as an Always-On solution, which routes traffic via the Prolexic platform at all times and has a 0-second SLA, or as an On-Demand alternative, which does not route the customer’s normal flow through the Prolexic platform.

Below is an example diagram for data flow:


Below is an example for the Akamai scrub centers:
Akamai will be able to dynamically update the list of scrubbing centers advertising client routes in order to improve platform traffic flow, mitigation efficiency, and collateral damage.


Some Key Features:

Scrubbing Centers: Today, Akamai’s Prolexic network contains 19 globally distributed scrubbing centers with a total bandwidth of 8.0 Tbps. Amsterdam (Netherlands), Ashburn (USA), Chicago (USA), Dallas (USA), Frankfurt (Germany), Hong Kong (China), London (UK), Los Angeles (USA), Melbourne (Australia), Miami (USA), New York (USA), Osaka (Japan), Paris (France), San Jose (USA), Singapore (Singapore), Stockholm (Sweden), Sydney (Australia), Tokyo (Japan), and Vienna (Austria) (Austria).

Your network traffic is routed via Akamai’s 19 globally dispersed scrubbing centers using the Border Gateway Protocol (BGP). I have an example configuration post here on how to set up BGP:

Akamai DDOS Template

Support for DDoS attacks: Prolexic Routed is a fully managed security service that assists enterprises in responding to DDoS attacks. Akamai employees analyze current assaults in real-time and react to shifting attack vectors and multi-dimensional threats.

Always-On vs. On-Demand: Prolexic Routed is available as an Always-On service, which provides the quickest detection and mitigation capabilities, or as an On-Demand service, allowing enterprises to tailor and apply DDoS mitigation as needed. I recommend you use Always-On.

Safeguard IP Subnets: Organizations may safeguard entire IP subnets, including all web and IP-based applications within those subnets. It can also do any supporting network and data center equipment by routing the network traffic through Prolexic Routed and their data center’s network bandwidth.

Dynamic Protection: Prolexic Routed provides active protection against various possible DDoS attack types, regardless of complexity and even as they alter throughout an assault. This protection encompasses both network-layer and application-layer DDoS assaults, such as UDP and SYN floods and HTTP GET and POST floods.

Zero-second mitigation – By tailoring proactive mitigation measures to your network traffic, you can lock down your attack surface and quickly neutralize the bulk of DDoS attacks instantly.