What is F5 Silverline™ DDoS Protection?

F5 Silverline DDoS Protection is a service delivered via the Silverline cloud-based platform that provides detection and mitigation to stop even the largest of volumetric DDoS attacks from reaching your network. In addition, F5 security experts are available 24/7 to keep your business online during a DDoS attack with comprehensive, multi-layered L3-L7 protection.

Q:  How can Silverline DDoS Protection help when my site is under attack?

Within minutes the Silverline DDoS Protection service can be configured to protect a customer’s network. The attack will be stopped and the clean traffic from legitimate users will be passed on to the customer’s site.

Q:  How does Silverline DDoS Protection stop the attack?

F5’s fully redundant and globally distributed data centers and scrubbing centers are built with advanced systems and tools engineered to deal with the increasing threats, escalating scale, and complexity of DDoS attacks. Silverline DDoS Protection offers multi-layered L3–L7 protection with fully automated cloud-scrubbing technologies to detect, identify, and mitigate threats in real time, returning clean traffic back to your site. It can run continuously to monitor all traffic and stop attacks from ever reaching your network, or it can be initiated on demand when your site is under DDoS attack.

Q: How much capacity does Silverline DDoS Protection have to stop attacks?

F5 maintains five (5) high-capacity scrubbing centers with a combined total of 1.8Tbps of bandwidth dedicated to fighting DDoS attacks.  F5's scrubbing centers are located in:

  • Ashburn, Virginia, USA
  • San Jose, California, USA
  • London, United Kindom
  • Frankfurt, Germany
  • Singapore, Singapore

Q:  How can a customer leverage the Silverline DDoS Protection service?

A customer can leverage the Silverline DDoS Protection service via the following configurations:

  • Proxy Mode:  Silverline DDoS Protection will provide a new set of IP addresses and a customer can simply change their DNS record(s) to point to those new addresses. After the DNS change, the attack traffic will flow through the Silverline DDoS Protection scrubbing facility and the clean traffic will be passed back to the customer’s site.
  • Routed Mode:  A customer can authorize Silverline DDoS Protection to advertise a route to their existing IP addresses / subnets. Using BGP (Border Gateway Protocol), Silverline DDoS Protection will inform the global Internet’s routers that the customer’s site is now accessible via its network. The good and bad traffic directed at the customer will be directed to Silverline DDoS Protection first where it will be filtered and the legitimate traffic will be returned to the customer’s servers via a configured tunnel.
Q:  Can a customer utilize Silverline DDoS Protection all the time?  Or just during attacks?

The Silverline DDoS Protection service offers two separate methods of consumption depending on a customer’s specific needs:

  • Always On™ - Primary protection as the first line of defense. This method continuously stops bad traffic from ever reaching a customer's network.
  • Always Available™ - Primary protection available on demand. This method runs on standby and can be initiated when a customer is under attack.

Q:  How long does it take for Silverline DDoS Protection to stop an attack?

The Silverline DDoS Protection service can begin mitigating an attack within minutes depending on the integration method selected by the customer. A Silverline DDoS Protection engineer will work with the customer to determine the best integration method and coach them through configuration as needed.

Q:  What are the steps in stopping an attack?

  1. A customer under attack should contact a Silverline DDoS Protection representative now:  Dial 866-329-4253 or +1 (206) 272-7969. 
  2. Exchange electronic signatures.
  3. Speak with an experienced and trusted engineer at Silverline DDoS Protection who will assist the customer in choosing the best way to leverage the Silverline DDoS Protection’s service.
  4. Configure the way Silverline DDoS Protection will deliver the clean traffic back to a customer’s servers.
  5. Follow the Silverline DDoS Protection DDoS engineer’s instructions to leverage attack mitigation.
  6. Start receiving clean traffic.
  7. Monitor the attack and Silverline DDoS Protection’s mitigation activities through your own AttackView Portal.

Q:  What visibility does a customer have as Silverline DDoS Protection stops the attack?

When a customer is enrolled in the service, they will receive access to the Silverline DDoS Protection AttackView portal. Within the portal, a customer may view the characteristics of all the traffic that is being directed at their site, the mitigation techniques used to stop the attacks, and the resulting clean traffic volumes. The AttackView portal includes visibility over time to monitor how DDoS attack patterns change in response to the Silverline DDoS Protection mitigations as well as detailed event, mitigation actions, traffic capture samples and consolidated reporting.

Q:  Can Silverline DDoS Protection find out who the attackers are?

One of the challenges of DDoS attacks is that the perpetrators usually hide behind botnets of compromised home machines or a batch of compromised commercial servers and all a customer can see are the addresses of the machines sending the DDoS traffic. Nonetheless, if the attackers make a mistake and do expose themselves, Silverline DDoS Protection is able to detect those mistakes and assist in tracking down the attackers.

Q:  How much does Silverline DDoS Protection cost?

Pricing varies based on the amount of clean traffic that a customer typically uses. Contact your local F5 Sales Representative or Call 866-329-4253 or +1 (206) 272-7969 to discuss your needs and to get pricing that fits.

Support for Amazon AWS

Q:  Can Silverline DDoS Protection be used with Amazon AWS?

Yes, the Silverline DDoS Protection service can be configured via "proxy mode" to protect customer applications that are hosted within AWS.  The configuration would be similar to a solution where the customer's application were hosted in their own data center.

Q:  How can Silverline DDoS Protection stop the attack on my AWS service if Amazon can’t stop it?

Amazon AWS does have a very large network and uses some basic techniques to resist DDoS attacks. However, AWS has a lot of services to provide to 1000’s of its customers. They don’t specialize in stopping sophisticated DDoS attacks, and if one of their clients gets hit by an attacker they need to focus on protecting thousands of other customers from being collaterally damaged by the effects of the attack. They can’t focus their resources on stopping the attack on just one customer. Silverline DDoS Protection is entirely focused on stopping the DDoS attack and protecting customers.

Other DDoS Questions

Q:  How long do DDoS attacks last?

That depends on the attacker and the reasons for the attack. Attacks can range from a few minutes to a few weeks though the longer attacks usually come in waves. As a general rule attacks which don’t succeed in keeping the target shut down tend to stop quicker because attackers are looking to make an impact or to make news and they tend to quit when their efforts are not succeeding. They’ll look for a new, less protected target.

Q:  When the DDoS attack began some traffic was still getting through to a customer’s website and then suddenly EVERYTHING WENT DEAD, not just the website, but all of the other Internet services are down, too. What happened?

Most likely the customer's Internet Service Provider shut down their connection. If an IP address or a set of addresses draws more traffic than the customer is subscribed to, that traffic flows through the customer's ISP, even though it can’t be delivered to the customer’s site. From the ISP’s perspective, that attack on their customer becomes an attack on their network and interferes with their ability to serve other clients. So, they defend their network by blocking traffic coming to the customer's IP addresses at the edge of their network. If a customer's other services use that same IP Address (or same firewall address) range then those services will lose internet access until the attack goes away and the ISP stops blocking traffic.

Q:  Can Silverline DDoS Protection help if an ISP has blocked a customer’s addresses?

Yes, Silverline DDoS Protection works with ISPs all the time to assist in mitigating attacks. ISPs prefer when a customer gets Silverline DDoS Protection configured because they know that it’s larger mitigation network will stop bad traffic coming across the ISP’s network on its way to the customer. Once the DDoS mitigation is in place, ISPs will unblock the customer's addresses because they know they will not be burdened with DDoS attack traffic.