USED to be for Telus, Canada's second-largest telecommunications company, that when a network irregularity was detected and technicians suspected a denial-of-service attack was under way, those engineers would have to physically drill down and trace the attack all the way to the router level. They'd spend days, sometimes more than a week trying to prevent their service from being choked down by bad traffic.
Big plans were on the drawing board for the Burnaby, British Columbia-based service provider, also known as Canada's largest mobility company. Specifically, Telus was looking to escape the traditional telco branding and move into data, IP and wireless services. Telus does $7 billion in annual revenue and boasts 4.9 million access lines and 2.9 million mobility lines to deliver its services nationwide. As an Internet backbone, Telus runs 7G of traffic per second.
Executives had no intention of waiting for the next major distributed denial-of-service attack (DDoS) before implementing appropriate defenses.
Telus went to the major anti-DoS vendors in a proactive exercise of trying to stay one step ahead of those who might cause them problems.
As the suitors, like Asta, Arbor Networks, Captus, Mazu and Reactive arrived at Telus' headquarters, their offerings were put up against stringent criteria during the selection process.
"Anyone who was going to supply us, had to have a very scalable product," said Deryl Williams, Telus' director of business development. "We have an OC48 backbone, capable of OC192. We need scale. And we didn't want to insert hardware on our network that would hamper performance or be a point-of-failure. Our network runs very smoothly. We don't want to introduce points of failure."
Williams also said Telus was looking for a product that did not automatically mitigate network issues -- the service provider wanted to maintain the human element in the process. Interoperability with Telus gear, like its Cisco routers and Netflow, was also a must. Being a service provider, Telus also mandated that a flexible pricing scheme was also part of the criteria.
Telus' deliberation process settled on Arbor Networks' Peakflow DoS product. Version 2.1 monitors for network anomalies and reports them to an administrator. It does so passively, Williams said, with no impact on performance. It was also the only product Telus reviewed that could scale to backbone speed, Telus said. Arbor said the Telus installation is the first of its kind on an Internet backbone.
"We have firewalls, intrusion detection, but the Arbor solution allows us to be proactive and pinpoint where potential problems are," Williams said. "We're putting more focus on DoS attacks. Our firewalls are reactive tools; this is another tool in our network management approach."
Telus pointed out several Peakflow features it values, in particular the ability to zone the Peakflow equipment to particular areas and technicians. Peakflow has been deployed in the Telus backbone for two months. It currently collects data in four network data centers across Canada. Williams said that four more collectors are in Telus' immediate plans, these to be deployed on the distribution level, closer to its customers.
Williams said the company expects a rapid return-on-investment (ROI).
"We are being proactive. We're getting a better picture of our network and clearing it of noise traffic to deliver our customers clean services," Williams said. "We're going to get a return in terms of customer satisfaction and competition differentiation. When you look at all those aspects, the time-to-gain is not that long."