Internet, as we know it, is a global system of interconnected networks usually operated by carriers. These carriers are interconnecting their networks at internet exchanges, these exchanges are located at major data-centers, usually close to the major cable systems hubs. The rationale of these interconnections is to enable their customers to access content and services located outside of their network (e.g. a cloud service provider (CSP) or a SaaS vendor). All the above are usually accompanied by complex commercial agreements, depending on how deep the relationship is between the two parties (i.e. peering, NNI etc.).
DDoS traffic transfers
Within this context, carriers want to make sure that their interconnections are utilized meaningfully and for their commercial benefit. There are many cases where carriers just transfer “trash”, in other words DDoS traffic, which impacts both their core infrastructure and their interconnections.
In an ideal world and in order to minimize the impact of these DDoS attacks, carriers should exchange intelligence regarding the source IPs of the attacks and the targeted IPs. This way, the originating carrier can take actions and block the malicious traffic at is source, saving capacity both on their own core network but also on their interconnections. Unfortunately, this is not happening at scale, out of fear that the other carriers’ sales teams would use that info in order to “steal” customers (i.e. the targets of the attack).
Use case for a DLT-based architecture
This challenge alone creates a unique use case for a DLT-based architecture, utilizing zero knowledge proof techniques to overcome this constraint.
Under such a scenario, carriers could initially build a DLT architecture to exchange threat intelligence, i.e. communicate among the carriers the sources of DDoS and then each one can take action on their network, ad-hoc. This would make perfect sense if it could include a bonus/malus rating system, based on who is the provider of threat intel and who was just a consumer, creating a dynamic commercial model around it.
Those that provide threat intel could have access to the service for a reduced price, while those that are just consuming the threat intel would have to pay a premium to continue getting access to it. In such a way carriers would be incentivized to share the sources of DDoS happening in their networks. The service access fees could be used to support the development, operation, maintenance and expansion of the platform.
Automation for the DDoS mitigation infrastructure
The second phase would include the automated activation of the originating Carrier(s) DDoS mitigation infrastructure, to minimize the volume of “trash” traveling over the IP core, transit and peering ports. The fees for using each others' Anti-DDoS infrastructure could be netted on agreed regular intervals. Such a business model is very familiar for carriers and is similar to how they settle today voice and data usage.
Such a federated approach on DDoS mitigation comes with a number of benefits both for participating carriers and the industry overall.
- This exchange of intel and anti-DDoS services provides new revenue streams for carries, while in parallel increases the ROI & utilization of the investments made on anti-DDoS infrastructure.
- Facilitates major savings on the volume of DDoS traffic in transit over carriers core network and NNI/peering ports (including the relevant mitigation costs).
- Improves customers’ experience & satisfaction, given the shortest time to identify & respond to DDoS attacks.
- Aligns with existing initiatives like those on network automation (e.g. MEF) and DLT-based services exchange & settlement (e.g. GLF’s CBN).
PCCW Global is actively participating in all such initiatives and highlights the value derived through successful proof of concepts around voice settlement, data on-demand and more. Such activities align with PCCW Global’s long strategy around automated ordering, provision & settlement based on Console Connect ecosystem.
