Low-Latency DDoS Mitigation: Arista DANZ vs. Cisco Tetration
DOI:
https://doi.org/10.56830/IJSIE202402Keywords:
Low-latency DDoS mitigation, Arista DANZ (DANZ Monitoring Fabric), Cisco Tetration (Secure Workload), Streaming telemetry (sFlow/IPFIX/NetFlow, gNMI), BGP Flowspec (with RTBH)Abstract
This study assesses the performance of low-latency protection against DDoS attacks in contemporary leaf-spine and hybrid-cloud datacenters, where queuing delays of milliseconds can violate SLO and broadcast attacks. It introduces a side-by-side approach to compare Arista DANZ and its use of DANZ Monitoring Fabric, sFlow/IPFIX, ERSPAN, and gNMI with Cisco Tetration (Secure Workload), which measures hosts using kernellevel sensors, and micro-segmentation can be enforced. The cure-to-end is examined: from the first anomalous telemetry window to the first verified drop/redirect. A more controlled testbed is used with PTP-synchronized hardware timestamps, synthetic (TRex/MoonGen) and replay first-trace replay, export scaling of 100-500 ms, and 1:512-1:2048 sampling. The features are comprised of SYN/ACK divergence, flow/packet rates, inter-arrival variance, source/port entropy, and five-tuple fan-in/out. Performance metrics have been detection time, enforcement time, p99-p99.9 one-way and overall-delay deltas, falsepositive and false-negative rates, TCAM occupancy, controller/collector CPU and API throughput; verification has been coupled with mirrored packet captures and device counter information and policy acknowledgments. Fabric-first mitigation reduces time-to-mitigate in volumetric L3/L4 floods through ACLs, policers, BGP Flowspec or RTBH, whereas host-centric enforcement is more effective in app-layer low-and-slow traffic and intraVLAN flood jumping; a hybrid trigger path offers the strongest blast-radius shortening and accuracy. Contributions encompass a vendor-neutral control-loop budget, a repeatable harness and failure-injection regimen, operational SLOs and rollback playbooks, and practical recommendations on sampling and export cadence and rule-churn limits; deployment recommendations are delivered. The scope is enterprise datacenters and hybrid clouds; forensics and external scrubbing will remain out of scope at the moment.
References
[1] Aijaz, A., & Stanoev, A. (2021). Closing the loop: A high-performance connectivity solution for realizing wireless closed-loop control in industrial IoT applications. IEEE Internet of Things Journal, 8(15), 11860-11876. DOI: https://doi.org/10.1109/JIOT.2021.3073505
[2] Arora, A., Pandey, M., Siddiqui, M. A., Hong, H., & Mishra, V. N. (2021). Spatial flood susceptibility prediction in Middle Ganga Plain: comparison of frequency ratio and Shannon’s entropy models. Geocarto International, 36(18), 2085-2116. DOI: https://doi.org/10.1080/10106049.2019.1687594
[3] Chavan, A. (2023). Managing scalability and cost in microservices architecture: Balancing infinite scalability with financial constraints. Journal of Artificial Intelligence & Cloud Computing, 2, E264. http://doi.org/10.47363/JAICC/2023(2)E264 DOI: https://doi.org/10.47363/JAICC/2023(2)E264
[4] Chowdhary, A. (2020). Software-defined Situation-aware Cloud Security (Doctoral dissertation, Arizona State University).
[5] Clancy, B. M., Theriault, B. R., Turcios, R., Langan, G. P., & Luchins, K. R. (2023). The effect of noise, vibration, and light disturbances from daily health checks on breeding performance, nest building, and corticosterone in mice. Journal of the American Association for Laboratory Animal Science, 62(4), 291-302. DOI: https://doi.org/10.30802/AALAS-JAALAS-23-000002
[6] Dyer, M. J. (2020). A telescope control and scheduling system for the Gravitationalwave Optical Transient Observer. arXiv preprint arXiv:2003.06317.
[7] Finstad, R. (2020). Implementation of network moving target defense in embedded systems (Master's thesis, Iowa State University).
[8] Ghit, R. (2021). Monitoring serverless applications: an SLO-based approach (Doctoral dissertation, University of Stuttgart).
[9] Huang, W., Yin, K., Ghorbanzadeh, M., Ozguven, E., Xu, S., & Vijayan, L. (2021). Integrating storm surge modeling with traffic data analysis to evaluate the effectiveness of hurricane evacuation. Frontiers of Structural and Civil Engineering, 15(6), 1301-1316. DOI: https://doi.org/10.1007/s11709-021-0765-1
[10] Kappal, S. (2019). Data normalization using median median absolute deviation MMAD based Z-score for robust predictions vs. min–max normalization. London Journal of Research in Science: Natural and Formal, 19(4), 39-44.
[11] Karwa, K. (2023). AI-powered career coaching: Evaluating feedback tools for design students. Indian Journal of Economics & Business.
https://www.ashwinanokha.com/ijeb-v22-4-2023.php
[12] Keskinen, S. (2022). Cloud services utilization in Pension Insurance business.
[13] Kim, T., Kwon, T., Lee, J. U. N., & Song, J. (2021). F/wvis: Hierarchical visual approach for effective optimization of firewall policy. IEEE Access, 9, 105989106004. DOI: https://doi.org/10.1109/ACCESS.2021.3100141
[14] Konneru, N. M. K. (2021). Integrating security into CI/CD pipelines: A DevSecOps approach with SAST, DAST, and SCA tools. International Journal of Science and Research Archive. Retrieved from https://ijsra.net/content/role-notificationscheduling-improving-patient
[15] Kosek, M., Doan, T. V., Granderath, M., & Bajpai, V. (2022, March). One to rule them all? A first look at DNS over QUIC. In International Conference on Passive and Active Network Measurement (pp. 537-551). Cham: Springer International Publishing. DOI: https://doi.org/10.1007/978-3-030-98785-5_24
[16] Kumar, A. (2019). The convergence of predictive analytics in driving business intelligence and enhancing DevOps efficiency. International Journal of Computational Engineering and Management, 6(6), 118-142. Retrieved from https://ijcem.in/wp-content/uploads/THE-CONVERGENCE-OF-PREDICTIVEANALYTICS-IN-DRIVING-BUSINESS-INTELLIGENCE-AND-ENHANCINGDEVOPS-EFFICIENCY.pdf
[17] Lin, Y. B., Tseng, C. C., & Wang, M. H. (2021). Effects of transport network slicing on 5G applications. Future Internet, 13(3), 69. DOI: https://doi.org/10.3390/fi13030069
[18] Liu, D., & Abdelzaher, T. (2023). Self-Supervised Learning from Unlabeled IoT Data. In Artificial Intelligence for Edge Computing (pp. 27-110). Cham: Springer International Publishing. DOI: https://doi.org/10.1007/978-3-031-40787-1_2
[19] Liu, M., Cui, T., Schuh, H., Krishnamurthy, A., Peter, S., & Gupta, K. (2019).
Offloading distributed applications onto smartnics using ipipe. In Proceedings of the ACM Special Interest Group on Data Communication (pp. 318-333).
[20] Ma, Y., Gu, M., Chen, L., Shen, H., Pan, Y., Pang, Y., ... & Sun, L. (2021). Recent advances in critical nodes of embryo engineering technology. Theranostics, 11(15), 7391. DOI: https://doi.org/10.7150/thno.58799
[21] Nyati, S. (2018). Revolutionizing LTL carrier operations: A comprehensive analysis of an algorithm-driven pickup and delivery dispatching solution. International Journal of Science and Research (IJSR), 7(2), 1659-1666. Retrieved from https://www.ijsr.net/getabstract.php?paperid=SR24203183637 DOI: https://doi.org/10.21275/SR24203183637
[22] Nyati, S. (2018). Transforming telematics in fleet management: Innovations in asset tracking, efficiency, and communication. International Journal of Science and Research (IJSR), 7(10), 1804-1810. Retrieved from https://www.ijsr.net/getabstract.php?paperid=SR24203184230 DOI: https://doi.org/10.21275/SR24203184230
[23] Owens, D., Abeysirigunawardena, D., Biffard, B., Chen, Y., Conley, P., Jenkyns, R., ... & Thorne, M. (2022). The oceans 2.0/3.0 data management and archival system. DOI: https://doi.org/10.3389/fmars.2022.806452
Frontiers in Marine Science, 9, 806452.
[24] Paparrizos, J., Liu, C., Barbarioli, B., Hwang, J., Edian, I., Elmore, A. J., ... & Krishnan, S. (2021, January). VergeDB: A Database for IoT Analytics on Edge Devices. In CIDR.
[25] Raheem, M. (2019). Mitigation of inter-domain Policy Violations at Internet eXchange Points.
[26] Raju, R. K. (2017). Dynamic memory inference network for natural language inference. International Journal of Science and Research (IJSR), 6(2). https://www.ijsr.net/archive/v6i2/SR24926091431.pdf DOI: https://doi.org/10.21275/SR24926091431
[27] Rios, V. D. M., Inácio, P. R., Magoni, D., & Freire, M. M. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10, 7664876668. DOI: https://doi.org/10.1109/ACCESS.2022.3191430
[28] Sardana, J. (2022). Scalable systems for healthcare communication: A design perspective. International Journal of Science and Research Archive. https://doi.org/10.30574/ijsra.2022.7.2.0253 DOI: https://doi.org/10.30574/ijsra.2022.7.2.0253
[29] Sardana, J. (2022). The role of notification scheduling in improving patient outcomes. International Journal of Science and Research Archive. Retrieved from https://ijsra.net/content/role-notification-scheduling-improving-patient
[30] Sharp, R. (2023). Network Security. In Introduction to Cybersecurity: A Multidisciplinary Challenge (pp. 171-233). Cham: Springer Nature Switzerland. DOI: https://doi.org/10.1007/978-3-031-41463-3_8
[31] Shi, X., Liu, W., He, L., Jin, H., Li, M., & Chen, Y. (2020). Optimizing the SSD burst buffer by traffic detection. ACM Transactions on Architecture and Code Optimization (TACO), 17(1), 1-26. DOI: https://doi.org/10.1145/3377705
[32] Singh, V. (2021). Generative AI in medical diagnostics: Utilizing generative models to create synthetic medical data for training diagnostic algorithms. International
Journal of Computer Engineering and Medical Technologies. https://ijcem.in/wpcontent/uploads/GENERATIVE-AI-IN-MEDICAL-DIAGNOSTICS-UTILIZINGGENERATIVE-MODELS-TO-CREATE-SYNTHETIC-MEDICAL-DATA-FORTRAINING-DIAGNOSTIC-ALGORITHMS.pdf
[33] Singh, V. (2023). Enhancing object detection with self-supervised learning: Improving object detection algorithms using unlabeled data through self-supervised techniques. International Journal of Advanced Engineering and Technology. https://romanpub.com/resources/Vol%205%20%2C%20No%201%20-%2023.pdf
[34] Souza, P. S. S. D. (2023). Minimizing latency and maintenance time during server updates on edge computing infrastructures.
[35] Thompson, M. J., Bennett, A. R., Williams, D. K., Carter, E. A., & Martin, S. (2020). Role of Machine Learning in Predicting Downtime During Data Migration.
[36] Vanzomeren, C. M., Acevedo-Mackey, D., Murray, E. O., & Estes, T. J. (2019). Maintaining Salt Marshes in the Face of Sea Level Rise-Review of Literature and Techniques. DOI: https://doi.org/10.21079/11681/33297
[37] Wan, Y., Song, H., Xu, Y., Zhang, C., Wang, Y., & Liu, B. (2021, May). Adaptive batch update in TCAM: How collective optimization beats individual ones. In IEEE INFOCOM 2021-IEEE Conference on Computer Communications (pp. 1-10). IEEE. DOI: https://doi.org/10.1109/INFOCOM42981.2021.9488758
