International Journal of Sustainability and Innovation in Engineering (IJSIE)
2024
https://www.doi.org/10.56830/IJSIE202402
Author
Ashutosh Chandra Jha
Abstract
This study assesses the performance of low-latency protection against DDoS attacks in contemporary leaf-spine and hybrid-cloud datacenters, where queuing delays of milliseconds can violate SLO and broadcast attacks. It introduces a side-by-side approach to compare Arista DANZ and its use of DANZ Monitoring Fabric, sFlow/IPFIX, ERSPAN, and gNMI with Cisco Tetration (Secure Workload), which measures hosts using kernel-level sensors, and micro-segmentation can be enforced. The cure-to-end is examined: from the first anomalous telemetry window to the first verified drop/redirect. A more controlled testbed is used with PTP-synchronized hardware timestamps, synthetic (TRex/MoonGen) and replay first-trace replay, export scaling of 100-500 ms, and 1:512-1:2048 sampling. The features are comprised of SYN/ACK divergence, flow/packet rates, inter-arrival variance, source/port entropy, and five-tuple fan-in/out. Performance metrics have been detection time, enforcement time, p99-p99.9 one-way and overall-delay deltas, false-positive and false-negative rates, TCAM occupancy, controller/collector CPU and API throughput; verification has been coupled with mirrored packet captures and device counter information and policy acknowledgments. Fabric-first mitigation reduces time-to-mitigate in volumetric L3/L4 floods through ACLs, policers, BGP Flowspec or RTBH, whereas host-centric enforcement is more effective in app-layer low-and-slow traffic and intra-VLAN flood jumping; a hybrid trigger path offers the strongest blast-radius shortening and accuracy. Contributions encompass a vendor-neutral control-loop budget, a repeatable harness and failure-injection regimen, operational SLOs and rollback playbooks, and practical recommendations on sampling and export cadence and rule-churn limits; deployment recommendations are delivered. The scope is enterprise datacenters and hybrid clouds; forensics and external scrubbing will remain out of scope at the moment.
Keywords;
Low-latency DDoS mitigation, Arista DANZ (DANZ Monitoring Fabric), Cisco Tetration (Secure Workload), Streaming telemetry (sFlow/IPFIX/NetFlow, gNMI), BGP Flowspec (with RTBH).
Download Full Article 