Power of NFV: Sandvine Enables “Pay-As-You-Protect” for Tier-1 CSPs


Sandvine, a global provider of intelligent broadband network solutions for fixed and mobile operators, has announced results of tests that demonstrate how dynamic scaling of Virtual Network Functions (VNFs) can be used to protect tier-1 communications service provider (CSP) networks against DDoS attacks and other malicious threats, with dramatically lower costs and higher efficiency.

The tests were conducted at the Austin, Texas lab of Dell EMC.

The scale of malicious attacks against communications service providers (CSPs) is increasing rapidly. At their peak, DDoS attacks reach hundreds of gigabits per second (Gbps). Meanwhile the average size of an attack is still less than 1Gbps.

Tier-1 CSPs understand first-hand that legacy network protection solutions, such as those for DDoS attacks, create enormous inefficiencies, as they require proprietary hardware that is scaled for rare peaks and that otherwise sits idle, consuming operational resources for no gains. Even then, a CSP can’t ever be sure that the scale will be sufficient when the next attack comes.

The costs associated with such large-scale attack mitigation (or “scrubbing”) platforms, including those related to hardware, network resources, IT personnel, and routing infrastructure, are an incredible burden for any network operator, particularly Tier-1 CSPs, given their size. Sandvine’s tests show that the answer may lie in VNFs that can automatically scale up only when needed, and to the exact size needed. Resources are paid for only when used and to the extent used.

The results are detailed in Sandvine’s Technology Showcase on the topic and demonstrate how Sandvine’s DDoS scrubbing and QuickSand Threat Deception features can be auto-scaled as VNFs to protect against attacks. The tests showed new VNFs being automatically instantiated when the scale of an attack surpassed existing protection capacity, to add the necessary level of defense.

“For both CSPs and vendors like Sandvine, NFV and the closely-related notion of Software-Defined Networking likely represent the biggest technological and strategic shift in telecommunications this decade,” said Don Bowman, Sandvine’s Chief Technology Officer. “Sandvine’s tests show how this shift can result in meaningful, real-world benefits: a network that is smarter, more responsive, more efficient and more economical.”

The tests were run using a variety of products from leaders in the NFV ecosystem, including:

•Sandvine’s Policy Traffic Switch (PTS) Virtual Series v7.30 and Traffic Steering Engine v1.00
•Dell EMC DSS 9000
•Intel ® RSD Pod Manager
•RIFT.ware by RIFT.io