Use cases for Wanguard Filter


If you intend to mitigate DDoS attacks only by RTBH (Remote Triggered Black-Holing), you do not necessarily need to use Wanguard Filter. Wanguard Sensor is sufficient to detect attacks, collect information about the attacked destinations and execute actions.
Unlike Wanguard Sensor, Wanguard Filter can detect attackers and attack patterns. It can isolate the anomalous traffic in the following cases:
  • When your border routers support BGP-based traffic redirection and the server running Wanguard Filter is in the same broadcast domain with the border router. In this case, only the traffic towards the attacked addresses is re-routed towards the server running Wanguard Filter.
  • When the server running Wanguard Filter is deployed in-line. The deployment is simpler since the server is basically a Layer 2 bridge / Layer 3 router. The main disadvantage is that switching / routing packets at multi-gigabit speeds takes a lot of resources, and it might cause packet drops and delays. Also, any in-line server is a single point of failure.



Author
Andrisoft Team
Date Created
2014-02-06 11:29:19
Date Updated
2017-12-10 01:51:22
Views
3190