Realtime DoS mitigation with VELOS BX520 Blade

Table of Contents

Demo Video

DoS attacks are a fact of life

Detect and mitigate large-scale, volumetric network and application-targeted attacks in real-time to defend your businesses and your customers against multi-vector, denial of service (DoS) activity attempting to disrupt your business.

DoS impacts include:

  • Loss of Revenue
  • Degradation of Infrastructure

Indirect costs often include:

  • Negative Customer Experience.
  • Brand Image

DoS attacks do not need to be massive to be effective.

 

F5 VELOS: Key Specifications

  1. Up to 6Tbps total Layer 4-7 throughput
  2. 6.4 Billion concurrent connections
  3. Higher density resources/Rack Unit than any previous BIG-IP
  4. Flexible support for multi-tenancy and blade groupings
  5. API first architecture / fully automatable
  6. Future-proof architecture built on Kubernetes
  7. Multi-terabit security – firewall and real-time DoS

Real-time DoS Mitigation with VELOS

Challenges

  • Massive volume attacks are not required to negatively impact “Goodput”.
  • Shorter in duration to avoid Out of Band/Sampling Mitigation.
  • Using BIG-IP inline DoS protection can react quickly and mitigate in real-time.

 

Simulated DoS Attack

  • 600 Gbps
  • 1.5 Million Connections Per Second (CPS)
  • 120 Million Concurrent Flows

Example Dashboard without DoS Attack

Generated Attack

  • Flood an IP from many sources
  • 10 Gb/s with 10 Million CPS DoS Attack launched (<2% increase in Traffic)

Impact

  • High CPU Consumption: 10M+ new CPS
  • High memory utilization with Concurrent Flows increasing quickly

Result

  • Open connections much higher
  • New connections increasing rapidly
  • Higher CPU
  • Application Transaction Failures

Enable Network Flood Mitigation

Mitigation Applied

  • Enabling the Flood Vector on BIG-IP AFM Device DoS
  • Observe “Goodput” returning to normal in seconds as BIG-IP mitigates the Attack

Conclusion

Distributed denial of service (DDoS) attacks continue to see enormous growth across every metric. This includes an increasing number and frequency of attacks, average peak bandwidth and overall complexity. As organizations face unstoppable growth and the occurrence of these attacks, F5 provides organizations multiple options for complete, layered protection against DDoS threats across layers 3–4 and 7. F5 enables organizations to maintain critical infrastructure and services — ensuring overall business continuity under this barrage of evolving, and increasing DoS/DDoS threats attempting to disrupt or shut down their business.

Related Articles

F5 VELOS: A Next-Generation Fully Automatable Platform

F5 rSeries: Next-Generation Fully Automatable Hardware

Accelerate your AI initiatives using F5 VELOS

Updated May 27, 2025
Version 2.0
application delivery
Verified Designs
No CommentsBe the first to comment