Network performance can be affected by a range of situations from abnormal periods of legitimate activity through to deliberate and malicious attempts to flood the network's resources in a denial of service attack. Junos DDoS Secure is designed to protect the network from the full range of packet flood situations including SYN, UDP and ICMP floods that can result in a network meltdown.
At the heart of the technology, Junos DDoS Secure's unique CHARM algorithm enables all packets on the network to be instantly analysed and prioritised in terms of mission critical importance, intelligently filtering out all unwanted, suspicious and non-essential traffic to ensure optimum network performance for your most important users.
The Junos DDoS Secure Appliance sits as a layer 2 bridge in a network, making selective decisions based on CHARM value as to whether to pass on a received packet. The CHARM process is applied to packets going in both directions. Conventional thinking only expects decisions to be made on inbound packets, but in practice, decisions have to be made in both directions.
Information about the Internet IP addresses is held within a table known as the INTERNET BEHAVIOUR TABLE. This table tracks behavioural patterns, and understands, for instance, the differences between individuals browsing a website (Humanistic behaviour) and that of a web-crawler (Mechanistic behaviour), or between an individual connected via a fast or slow connection.
Each packet is effectively passed through three different modules within the Junos DDoS Secure Appliance. From this, a CHARM threshold value is generated. If the packet CHARM value is greater than the CHARM threshold, then the packet is permitted access. If the packet CHARM value is less than the threshold, then the packet is dropped.
If a server is under strain malicious or otherwise then its performance will drop, for example, the TCP backlog queues may reach its capacity. This drop in performance causes the CHARM threshold to be dynamically raised. Consequentially, more packets will then be dropped, as their CHARM value is now insufficient to get past the CHARM SCREENER.
Only those IP addresses with a good behavioural pattern will receive a sufficiently high CHARM rating. As the server load reduces the CHARM threshold dynamically responds by lowering the pass through threshold allowing a greater number of packets to pass.