Cisco Cisco Catalyst 6500 Cisco 7600 Router Anomaly Guard Module 디자인 가이드
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 8 of 12
Figure 4. On-Premises Enterprise Deployment
A colocation deployment places the Anomaly Guard Module upstream of the Internet link at a service provider’s point of presence (POP), but the
Traffic Anomaly Detector Module can reside either at the colocation switch or on an enterprise premises switch.
Managed service arrangements have different deployment options, depending on the service provider. In any managed service option, the Anomaly
Guard Module will be deployed inside the service provider network. The Traffic Anomaly Detector Module can be deployed either in the service
provider network or on the enterprise premises, or can be replaced by other methods of attack detection using IDS- or NetFlow-based systems.
4. HOSTING PROVIDER MANAGED SERVICE DEPLOYMENT
A hosting provider deployment is one type of managed DDoS protection service. The other type, described below, is a managed service provided
by an access service provider. The goal of a hosting provider deployment is to offer a managed security service as a value-added enhancement to
the core Web hosting service. Anomaly Guard and Traffic Anomaly Detector modules can be easily incorporated into an existing hosting provider’s
Cisco Catalyst 6500 Series switching infrastructure to provide DDoS protection for any or all hosted customers.
Deployment Considerations
Shared Use of Anomaly Guard and Traffic Anomaly Detector
•
In hosting centers that service small to midsize customers, operators will deploy Anomaly Guard and Traffic Anomaly Detector modules that will
be shared among multiple hosted customers. This normally requires the configuration of individual zones for each protected customer. As hosting
providers design their DDoS detection and mitigation infrastructures, they need to be aware of the performance capacities—a total of 500 zones
can be configured, but only 30 can be concurrently active.
providers design their DDoS detection and mitigation infrastructures, they need to be aware of the performance capacities—a total of 500 zones
can be configured, but only 30 can be concurrently active.