GenieATM: Advanced Traffic Mining Product for IP Networks
Genie Networks has recently been deployed by i3D.net, providing DDoS (Distributed Denial of Service) protection and network-wide traffic visibility.
i3D.net is a prominent hosting provider headquartered in the Netherlands that specializes in low-latency networking. It has been listed as one of the fastest growing profitable companies since its founding in 2002 and up to now has expanded its Internet backbone across Europe and the US, linking over 1,600 peers on some of the world’s largest Internet exchanges. Furthermore, i3D.net has backbone presence in São Paulo, Tokyo and Sydney with peering/transit routers which are being monitored by the GenieATM.
The primary purpose of i3D.net was to seek a DDoS detection solution that can cooperate with their scrubbing devices and deliver a holistic DDoS mitigation solution. GenieATM fits the requirement seamlessly since it is specifically designed to be compatible with other 3rd party devices. The joint solution enables GenieATM to recognize suspicious traffic in the network, and then redirect it to the scrubbing device. After clearing the malicious traffic, the scrubbing device will reinject the “cleaned” traffic back to its original destination, and also report the results back to GenieATM with raw data backup for further analysis.
Martijn Schmidt, Network Architect at i3D.net, explains that "we needed a flexible platform which can detect DDoS attacks based on sFlow data, and automatically inject BGP routes to off-ramp the traffic to a scrubbing device or a blackhole when certain configurable thresholds are met. The GenieATM fulfills those requirements and has even been selected as officially supported anomaly detection solution by several 3rd party scrubbing hardware vendors."
Being satisfied with GenieATM’s anomaly detection abilities, i3D.net found much more features of GenieATM can be sought to reinforce its current network performance. As a trusted network service provider, i3D.net has to ensure an optimized and uncongested traffic, which requires rigorous network capacity planning. GenieATM aids operators in decision making by providing detailed breakdown reports on sub-network, origin autonomous system (AS), neighbor AS, along with rule-based reports of BGP community and AS-path factors. With these reports, network operators can maximize the entire network performance by utilizing available resources.
Martijn Schmidt further states that: "The capacity planning features of the GenieATM easily allow us to monitor the purchasing cost for high-volume bandwidth customers using sub-networks, estimate traffic that would be exchanged with a new peering partner before the sessions go live thanks to rule-based reports, and even provide insight in the way our transit providers route our traffic thanks to the ability to graph traffic based on informational BGP communities which are tagged on each prefix."