Cox Communications bolsters net defenses with anti-DDoS gear

Cox Communications said it has begun deploying equipment from Arbor Networks on its high-speed IP backbone to address the risk of massive distributed denial-of-service (DDoS) attacks that can flood IP-based networks and halt service.

Cox, which delivers multi-service broadband communications to customers nationwide, is installing Arbor’s PeakFlow SP equipment on its OC-48 national IP backbone network to detect unusual traffic patterns that may be DDoS attacks. In the event of a massive attack, the PeakFlow SP can immediately recommend defensive actions, such as blocking source IP addresses of the attack’s origination. Jay Rolls, vice president of telephone and data engineering at Cox, said the anti-DDoS gear is intended to “stay one step ahead of the threat of DDoS.”

Cox is deploying the Arbor security equipment across the entire Cox IP-based backbone network in about a dozen regional data centers where switching equipment is located. The service provider started looking hard at the problem of preventing DDoS last year after the carrier experienced a disruption it thought might have been a DDoS attack.

While that particular packet-loss incident likely wasn’t a full-scale DDoS attack, Cox engineers felt the issue needed to be addressed since Cox is involved in an important network transformation that will broaden its use of IP-based switching. Cox is planning to move from circuit-switched voice telephony service to IP-based switching for purposes of providing long-distance telephone service.

“Launching these other applications, including voice, makes it more and more critical to maintain the IP network,” Rolls notes. While crippling DDoS attacks are uncommon, lower-level attacks happen frequently, which the Arbor equipment should help monitor and mitigate. “There’s a lot of ‘ankle-biting’ going on all the time,” Rolls says about everyday nuisances often caused by automated attack tools.

The move to voice over IP (VoIP) will add an important new type of traffic to the Cox OC-48 national IP backbone. At present, Cox sells long-distance service by purchasing wholesale minutes from third-party long-distance carriers. By moving to IP-based switching for voice, Cox expects to save millions of dollars annually because it will be using its own capacity. Cox hasn’t yet announced the equipment vendor it will use for VoIP.

The goal is to have the quality of VoIP communications the same as that of circuit-switched voice, so that  the difference in technology shouldn’t be noticeable to the customer.

Rolls said that Cox began hearing about Arbor Networks through others in industry, and decided to test the anti-DDoS equipment along with competing gear from a handful of other vendors. The Arbor equipment has been good in detecting trouble on the network, Rolls points out, while time will tell how well it does in actual mitigation, should the worst kind of attacks occur.