Corsa, the startup offering a programmable data-plane appliance, has found an additional line of work in security.
At last week's SDN World Congress in The Hague, Netherlands, the company was showing off its hardware as a hedge against distributed denial-of-service (DDoS) attacks. The use case hasn't been officially announced, but there's no reason a customer couldn't put the concept into practice right now.
The key is that Corsa's DP2000 and DP6000 series appliances, which use field-programmable gate arrays (FPGAs) to forward traffic in terms of flows, can handle the DDoS firehose at 100-Gb/s speeds.
A DDoS attack throws huge volumes of packets at a router or switch, preferably small packets (64 bytes) to increase the amount of processing the router has to do. The attack doesn't have to cause the router to crash; just crowding the device with requests is enough to create a severe bottleneck for any legitimate traffic.
A gateway router's normal line of DDoS defense is to block particular IP addresses, working in conjunction with a DDoS mitigation appliance from a company like Arbor.
The problem is that the router isn't always able to do this at 100 Gb/s. If the attack is broken into 64-byte packets, the router has to process roughly 150 million packets per second to keep up. "They're not always able to cope at 100 Gb/s," says Carolyn Raab, Corsa's vice president of marketing.
Corsa can't prevent a DDoS attack from starting, obviously. But it can alleviate that bottleneck problem by absorbing 100-Gb/s traffic like a sponge. Corsa's suggestion is that its device can sit between the WAN and a gateway router. The box would essentially be a guard sitting at the mouth of the 100-Gb/s line.
Speed and volume are two factors that are boosting DDoS attack power to headline-making levels. A DDoS attack of record-setting size was unleashed on the KrebsOnSecurity site last month, driven by an Internet of Things (IoT) botnet that, in part, exploited a default password in Internet-connected cameras.
And just today, a DDoS attack hit Dyn, a major Domain Name Service (DNS) provider, temporarily knocking out some big-name services including Twitter and Reddit. (At press time, it appeared this attack had caught a second wind and was causing outages again.)
So far, Corsa is talking about tackling DDoS in a volumetric way — that 100-Gb/s sponge. Because its appliances organize traffic by flows, the company could go a step further by applying security policies to those flows. That could be useful against an attack targeting a specific application, such as a mail server, Raab says.
DDoS mitigation is a sideline to Corsa's normal business — flow-based packet forwarding, especially for WAN and metro networks. That's still the main line of work for the 3-year-old company, which raised a $16.5 million Series B last year.