F5 Guardian Unity Partner
Home » DDoS Mitigation

F5 Distributed Cloud DDoS Mitigation delivers DDoS and advanced security services to protect against L3-L7 attacks on enterprises and hosting and service providers.

Challenges

DDoS attacks remain the leading cause of app downtime. In the first quarter of 2021, researchers recorded nearly 3 million DDoS attacks, a 31% increase from the same period in 2020.1

Increasingly sophisticated attacks

Distributed and volumetric attacks cannot be handled by outdated on-premises security appliances.

New DDoS tactics outwit older tools

Low and slow-ramping application-layer attacks cannot be mitigated by legacy DDoS appliances.

Multiple security solutions cost time and money

Managing multiple on-premises devices and service providers is complex and expensive.

Slow response to fast moving attacks

Long lead times and contractual issues slow delivery of on-demand capacity expansion.

Today, DDoS mitigation is essential, and the quality and breadth of your solution matters.
You need protection against attacks at multiple layers across your network and application
ecosystem.

F5® Distributed Cloud DDoS Mitigation—a key offering in F5’s SaaS-based Web Application
and API Security (WAAP) solution—provides mitigation against a variety of denial-of-service
attacks across L3-L7. It does this through multiple layers of protection, from custom DoS rules and edge firewalls prescreening traffic, to deep packet inspection with advanced scrubbing for enterprises, hosting, and service providers.

KEY BENEFITS

Maximize uptime

Ensure the availability of critical applications and infrastructure against sophisticated volumetric and distributed attacks by leveraging F5’s global network and support.

Reduce total cost of operations

Lower CapEx and OpEx by moving to cloud-based network perimeter security and reduce reliance on appliances and legacy architectures.

On-demand scalability

Dynamically expand capacity and deploy new services on demand without adding appliances or network capacity in your data centers.

Increase productivity

Empower your network and DevOps via a SaaS security platform and central pane of
glass. Deliver more projects, new apps, and expanded capacity with existing resources.

KEY FEATURES

Multi-layer global DDoS protection

DDoS mitigation systems are distributed across a spectrum of F5’s PoPs worldwide to filter L3/L4 and advanced L7 attacks closest to the attack sources.

High-capacity defense

F5’s secured backbone and scrubbing infrastructure is designed to handle today’s largest and most complex DDoS attacks with more than 12+ Tbps of combined scrubbing capacity.

Centralized observability

F5 Distributed Cloud Console provides single-pane-of-glass management and is customizable
for threat visibility and real-time mitigation data.

Support for all sized customers

F5 on-demand capacity supports the needs of customers of all sizes and scale, including direct BGP connections as well as GRE tunnels.

Continuous attack monitoring/mitigation

F5’s Technical Assistance Center operates 24×7, with high business-continuity dependability when under attack.

High-Capacity, Cloud-Based, and Hybrid DDoS Mitigation

To protect customers against DDoS attacks, F5 Distributed Cloud DDoS Mitigation
leverages a globally secured network with points of presence (PoPs) deployed in Tier-1 IXCs
interconnected across a dedicated, multi-terabit redundant private backbone. F5’s PoPs
provide robust, cloud network-based infrastructure protection including DDoS mitigation, L3
firewall, and anomaly detection.

Cloud-Based DDoS Mitigation

Distributed Cloud DDoS Mitigation safeguards companies and service providers against
DDoS for both their network infrastructure and their web application services. F5® Distributed
Cloud Mesh—running in F5’s PoPs—provides an intelligent mitigation solution for both
network and application traffic, and is deployed upstream from customers’ Internet access. It
autonomously protects against public-access DDoS attacks.

Thanks to F5’s globally deployed and largescale network infrastructure, Distributed Cloud
Mesh supports direct Border Gateway Protocol (BGP) connections in addition to Generic
Routing Encapsulation (GRE) tunnels. The DDoS mitigation systems are distributed across a
spectrum of F5’s PoPs worldwide to filter L3/L4 and advanced L7 attacks (via on-demand or
always-on service) closest to the attack sources.

Hybrid DDoS Mitigations

Combining on-premises defense with F5’s cloud-based DDoS mitigation gives customers the
control to defeat targeted network and application-layer attacks. This approach is logical in
cases of operating multiple IP transit providers and massive DDoS attack protection when the
on-premises appliance cannot handle the full attack volume.

In the event of a volumetric attack overwhelming the capacity of the on-premises appliance
or Internet link, DDoS mitigation is activated by an administrator with an API call or directly in
the F5® Distributed Cloud Console. The IP prefix under attack is then announced by F5 and
mitigated. The scrubbed traffic is received from F5 Distributed Cloud Services either through
direct BGP peering or GRE tunneling.

Broad Platform and Cloud Provider Support

Distributed Cloud Services can be delivered to apps running on any platform, on any public/private cloud. Connect and secure apps running in VMs, containers, bare metal, or serverless.

Service Discovery and Service Mesh Integrations

Supports multiple service discovery protocols simultaneously: Consul, Kubernetes, and DNS work out of the box. Istio or Linkerd service mesh can integrate with a Distributed Cloud Services ingress/egress gateway.

Automation, Alerting, and SIEM Integration

F5’s native Terraform provider, vesctl CLI tool, and public APIs deliver to the automation needs of app teams. Support for tools like Opsgenie or Slack for alerting and Splunk or Datadog for SIEM simplifies life of DevOps and SecOps teams.

Conclusion

F5 Distributed Cloud’s secured backbone is designed to handle today’s largest and most
complex DDoS attacks of more than 3 Tbps. When the attack begins, Distributed Cloud Mesh
performs the following actions:

1. Cloud Detection
F5’s cloud detection equipment and software detect the attack. Detection is based on a
combination of static rules, such as volumetric attacks, and personalized rules per customer:

  • Distributed Cloud Mesh routers send NetFlow information to Distributed Cloud NetFlow collectors and analyzers.
  • NetFlow allows cloud detection to not miss any alert, with real-time polling and information collection (e.g., source |destination ASN, IP address, next-hop IP | ASN).

2. Customer Alerting
When an attack is detected, our 24/7/365 SecOps Team (Security Operations Center)
is alerted and will either notify you to trigger the mitigation or trigger the mitigation on
your behalf.

3. Cloud-Based DDoS Scrubbing
Customers can use a variety of service and connectivity options depending on the location
of apps, level of service, and protection needed. This includes always-on or always-available
scrubbing options and includes several routing choices for scrubbing—such as BGP or DNSbased redirection or via direct connections or peering.

You change your BGP announcements to have transit directed through Distributed Cloud
Mesh instead of the other transit providers. Distributed Cloud Services steers the traffic
using BGP and our scrubbing centers to block the attack, allowing only legitimate traffic to
go through.