Logo of NSFOCUS
English Version Chinese Version
Products & Solutions Services Support Reaserch Careers About Us
Solutions
Products
SP MAN Core Network Traffic Sanitization
 
Solution Overview
Business Challenge

With the deepening of competition among operators, access users have an increasingly higher demand for Service Level Agreement (SLA). Telecom service providers shall be liable and obliged to guarantee the availability, security of MAN network and utilization of bandwidth in order to occupy an important part in the increasingly furious competition. The anti-DoS solution in MAN backbone has a higher demand for traffic sanitization than that for attack protection. Anti-DoS attacks against a MAN backbone network mainly involve traffic attack defense, because large traffic blocks network bandwidth and compromise the processing capability of network devices, hence decreasing the overall utilization ratio of network bandwidth and posing a great threat to businesses. Impacts of large scale DDoS attacks on a MAN core network are mostly shown in the following:

  • Communication links of core network are occupied by DDoS attack traffic
  • Network devices in links are overloaded resulted from DDoS attacks
  • Service of key client business decreases dramatically

Solutions
NSFOCUS has always been dedicating to DDoS traffic defense in a MAN. Taking advantage of the COLLAPSAR Anti-DoS system, which enjoys favorable fame in the security industry, NSFOCUS has implemented the NC2M solution, NSFOCUS Collapsar CleanMatrix. The NC2M solution could guarantee the smooth operation of a core network by adopting multi-layered attack traffic detection, protection and sanitization mechanism, with which COLLAPSAR could detect all varieties of attack in the background flows timely, and sanitize malicious flow from the network by means of the traffic diversion technique in a bypass deployment.

1) Special high performance anti-DDoS device and bypass deployment mode. A MAN backbone is prone to DDoS attacks because the business flow on the network is characterized by complexity and variety; besides, it is of great amount and dependent on link bandwidth closely. Based on special NP hardware architecture, NSFOCUS' anti-DDoS system can be deployed in a bypass or bypass cluster mode. It delivers a full reliable protection for the MAN backbone network against even a huge amount of DDoS attacks.
 
2) Hierarchical and comprehensive MAN network deployment satisfies various protection demands. The MAN or backbone network protection against DDoS attacks relies on hierarchical protection, with different protection layers performing different tasks. On a core network, the protection should focus on attack sanitization to ensure the smooth operation of core links and bandwidth utilization; and on key clients and application layer for IDC and key client access.
 
3) DataCenter: centralized management for filtering devices and unified analysis of DDoS events.


Fig. NSFOCUS Collapsar CleanMatrix: MAN Hierarchical Traffic Sanitization
 

Advantages
NC2M(NSFOCUS Collapsar CleanMatrix) has the following advantages for the traffic sanitization in a MAN core network.

  • MAN network DDoS dynamic: centralized anomaly behavior traffic monitoring and management mechanism. The centralized monitoring and management mechanism of anti-DDoS devices in a MAN facilitates device management of network operation/maintenance and efficient attack monitoring; as well as gathering and management of attack processing data retrieved from anti-DDoS detection and protection devices in a MAN for operation analysis.
  • New business growth point: Triple services of attack detection, emergency response and post analysis telecom service providers provide clients with anti-DDoS services of different levels, anomaly behavior traffic detection, traffic sanitization and protection, attack forensics included, as well as with protection of different levels, which constitute a comprehensive and flexible value-added service.
  • Safeguard against DDoS attacks: perfect operation maintenance, service support and emergency response. A suite of excellent anti-DDoS solution should provide not only devices, but also comprehensive operation and maintenance, service support and emergency response solutions. NSFOCUS could provide comprehensive and easy-to-use anti-DDoS system for MAN operators taking advantage of its perfect solution, powerful technical support, timely emergency response and in-depth network security research.

Why Choose NSFOCUS
Founded in April 2000, NSFOCUS Information Technology Co., Ltd.(NSFOCUS) is one of the earliest hi-tech enterprises in China that is dedicated to network security.

Powered by its years of security vulnerability research and security product development capacity, NSFOCUS provides security research reports for those internationally well-known vendors including Microsoft, Sun, Cisco, HP, etc., as well as top-level security products and comprehensive security solutions for government agencies, telecom, financial, energy and other industries, in an attempt to help the customers build a reliable and peaceful network environment. NSFOCUS has powerful security service capability and develops abundant long term customers.

We have put forward the NSPS security service system early in 2000, and taken the lead in passing the ISO 9001 certifications in the network security industry.

The security products and solutions of NSFOCUS cover Network Intrusion Detection/Prevention System, Remote Security Assessment System, Anti-DoS System, Security Audit System, Intranet Security Management System, Network Behavior Anomaly Detection System, and security solutions for various applications in the government, army and enterprises network, as well as in MAN telecom network.

Pre-Sale Consultation
Contact NSFOCUS sales
Go