Diagram and properties of our network
Direct connection with nodes NIX.cz, FENIX, SIX, DE-CIX, AMS-IX and NIX.sk
Data centre parameters:
- multivendor solution – combination of technologies Juniper (routing) and Cisco (access layer)
- combination of topologies “Spine & Leaf” and “STP”
- all network paths in active state using the Equal-Cost Multi-pathing (ECMP) method
- the data centre infrastructure is fully redundant and operates in the “high availability” (HA) regime
- load permanently under 30% of the uplink
How our cloud solution works
Two servers in a cluster take care of the cloud storage. Each of them has the LSI Synchro Enterprise RAID controller connected to dual I/O disk fields with SAS disks. This ensures redundancy at the hardware level.
The computing nodes, on which the virtual machines (VM) are running, are connected through two optical switches on the storage cluster. They share each other’s data storage and can be migrated from one node to the other one during their run, e.g. in case of maintenance, need to distribute load or a failure.
High performance of the virtual machines ensures the equipping of the storage cluster with 15k SAS disks and SSD SLC SAS disks in RAID10. You can therefore choose on which data storage you wish to start the VM, whether on a powerful or highly powerful one. We provide the data storage less performance parameters for the applications where high performance parameters are not needed.
Cloud storage diagram
Prevention of DDoS attacks and protection against their impacts
What are DoS, DDoS and BDoS attacks and why are they dangerous?
The purpose and result of Denial of Service attacks is to disable access to services. This may happen through the utilisation of a weak point in the application, when the server stops communicating after sending off a specific chain. This may also include the misuse of an error, reaching the limit of the system, network card, application or system resources such as CPU, memory, disk space or IO operation. A DoS always happens when the particular server service returns unavailability results from the attack.
The difference between DoS (Denial of Service) and DDoS (Distributed Denial of Service) is only in the number of the attacking machines. In the case of a conventional DOS attack, only one machine is engaged; in the case of DDoS, at least two machines are engaged; in simultaneous DDoS attacks, tens of thousands to hundreds of thousands stations are engaged (incl. e.g. smart appliances).
However, unavailability of the system itself may not be the main objective of the attacker. In attacks of the type, Brain Denial-of-Service (BDoS), this is only pretence. During the course of the attack, the administrator deals with overloading of the server and usually pays less attention to the rest of the system that does not show any anomalous behaviour. This is utilised by the attacker who carries out his real intent in the part of the infrastructure to which the administrator does not pay proper attention. This may be represented by e.g. a theft of sensitive information by breaking through the protection of the server by another, less visible type of attack.
What does the FeldHost™ Anti-DDoS system consist of?
Complete prevention RadWare DefensePro
Radware DefensePro is network equipment that provides reliable prevention of a DoS/DDoS/BDoS attack, safety and protection of the network as well as applications in real time.
It distinguishes quickly and exactly three behaviour categories – legitimate (normal) operation, harmful (offensive) operation and unusual operation occurring on the basis of ordinary operation. It reacts to abnormalities and symptoms of harmful behaviour without any necessity of an operator's intervention.
At the same time, RadWare DefensePro serves as a shield – it creates a so-called „grey zone“. It is a marked out safety perimeter through which and over which the potential attackers do not see. So they do not know what can be expected on the other side of the perimeter. Therefore they prefer to find an easier target for their attack.
The DDoS service does not replace any firewall, and does not solve the preset equipment or faulty preset equipment, or any points with weak passwords.
FENIX will hold you
The project FENIX was established within the scope of a Czech peering node NIX.CZ in 2013 as a reaction to intensive DoS attacks to which important Czech media, banks and operators faced in March 2013.
In case of a DoS attack, FENIX provides their members with the availability of at least the most important internet services and contents.