DDoS Mitigation Services FAQ

• Execution of contract documents between CENIC and the associate.
• Participation in a one-hour kick-off meeting for new DMS customers.
• Completion of onboarding documentation by the associate, which includes:
  • Acceptance of Radware’s terms of service.
  • Completion and submission of “on-boarding” forms (detailing customer administrative contacts, technical contacts, and in-scope network information).
  • Letter of authorization (LOA) for Radware to provide technical mitigation support.

Associates who opt for the Self-Service solution will have direct interaction with Radware on mitigation while associates who opt for the Managed Service solution will rely on CENIC's expertise to handle mitigation with Radware on their behalf. In addition, the Managed Service also provides associates with additional monitoring from CENIC's network monitor tools by use of NetFlow analysis.

Yes, both IPv4 and IPv6 are supported.

CENIC does not scrub any of the traffic. This is performed by re-routing all return traffic through Radware scrubbing centers that are located in Ashburn, VA, and San Jose, CA. Radware servers scrub DDoS traffic, and then clean traffic is returned to CENIC’s California Research and Education Network (CalREN).

The smallest prefix that can be diverted for IPv4 is a /24 and for IPv6 is a /48.

Complete the following linked form and CENIC will follow-up with you about pricing and estimated timelines for the DMS solution for which you are interested.- DMS Inquiry Form

This is not an "always-on" service since normal traffic is not always being routed and scrubbed through Radware servers. When a DDoS attack has been identified, traffic will need to be diverted into the scrubbing centers by making routing changes on the devices.

If you believe that you are experiencing an attack, please contact the NOC by phone at (714)-220-3494 or by email at noc@cenic.org. Operations engineers can validate and identify the attack using network tools, as well as initiate diversion into the scrubbing centers if needed.

Mitigated traffic is diverted towards the Radware scrubber and then back to your site, but the overall impact on traffic should be transparent. In other words, end-users should not notice any difference between normally routed traffic and mitigated traffic.

The total scrubbing capacity is currently 4 Gbps. This capacity is shared between both the Self and Managed Service offerings. The 4-Gbps limit is not a hard cap and is capable of bursting higher if needed. CENIC engineers will analyze normal traffic usage patterns for a /24 being mitigated before diverting. Diversion will also be dependent upon the number of participants actively mitigating at that time.

Radware has scrubbing centers established worldwide with a total capacity of 7 Tbps. Traffic from CENIC will only be scrubbed within US-based scrubbing centers that are located in San Jose, CA, and Ashburn, VA. These two scrubbing centers have a combined capacity of 2 Tbps.

Traffic is re-routed to Radware by tagging traffic with a specific BGP community. For the Managed Service offering, CENIC engineers will reconfigure devices to tag specific prefixes with the Radware scrubbing community in order to divert traffic. For the Self-Service offering, the campus will need to tag the prefixes at their border devices in order to initiate diversion into Radware scrubbing centers.

Yes. Once the attack has ended and no further attacks have occurred for 48 hrs, CENIC will begin its process of closing out the case, which includes compiling a summary of the attack.

The tools used by CENIC operations are not available to associates. These are internal tools only that CENIC has developed in-house to support not only DMS services, but other applications within the CENIC network environment.

Associates will need to be directly connected to CENIC’s network.

Complete the following linked form and CENIC will follow up with you: DMS Inquiry Form

Cyberattacks such as ransomware/malware, SQL injection, and cross-site scripting attacks that target application-layer vulnerabilities would not generally be protected by DDoS mitigation techniques.

Subscribers of the DMS Managed Service will be set up to generate alerts to the NOC when there is a potential DDOS attack. Associates are also encouraged to contact the NOC when they suspect there is an attack happening to their site so CENIC engineers can investigate further.

Radware’s DMS product mitigates volumetric attacks that operate at the network and transport layer of the Open Systems Interconnection (OSI) model. Therefore, protection is offered against DDoS attacks that target network infrastructure and equipment in an effort to overwhelm bandwidth and session handling capacity. DMS does not protect against other types of cyberattacks, such as ransomware/malware, SQL injection, and cross-site scripting attacks, all of which target application-layer vulnerabilities.

DMS does not protect against other types of cyberattacks, such as ransomware/malware, SQL injection, and cross-site scripting attacks, all of which target application-layer vulnerabilities.

When a DDOS attack is detected by CENIC’s detection tools or is reported by the site, the CENIC operations team will reach out to the site to request approval for activating mitigation. If the DDOS attack has an impact on the CENIC’s backbone, the CENIC operations team will activate mitigation prior to reaching out to the site for approval.

• Yes, for the Self-Service solution.
• No, for the Managed Service solution.

Nearly immediate; in the order of seconds.

There is no impact on performance.

Yes. For the service to be most effective, the path through CENIC needs to be configurable as the best path.