Grafvision - Fotolia

Is DDoS attack mitigation possible at a multi-tenant colo?

Our small colocation provider's other customers have been under DDoS attacks that affected our infrastructure. The colo null routes the bad IP address; meanwhile, our connectivity is poor.

When dealing with a small data center outsourcing provider, it is unlikely that the company can take adequate steps against DDoS attacks.

Null routing, which drops communications from a specific IP address, needs to operate as close to the source of the attack as possible. If the null route table is on the provider's premises and the distributed denial of service (DDoS) attack continues, then the network traffic will still be taking up their bandwidth on the wide-area network (WAN), although it should relieve any "noisy neighbor" in-premise problems.

The problem for a small data center company is in providing any advanced DDoS attack mitigation -- a large multi-tenant hosting or colocation provider will generally have redundant networks, enabling attacks to be hived off onto one WAN connection while other traffic continues over unaffected lines. There are also software and appliance-based offerings from the likes of Neustar. Other options include protection as a service approaches from content delivery network providers, such as CD Networks and Akamai.

In your case where neighboring attacks are creating issues for your IT deployment, DDoS mitigation as a service may be the best approach.

Editor's note: Distributed denial of service attack mitigation as a service reroutes attacks from the network edge to the service provider's resources in cloud data centers. Vendors such as CloudFlare offer mitigation as a service for DDoS attacks at network layers 3, 4 and 7, and for new DDoS attack strategies such as slow read.

Next Steps

Should you keep DDoS mitigation on-premises?

Protect yourself from DDoS attacks

Modern DDoS attack tactics shifting

Video: What's your DDoS attack mitigation plan?

Dig Deeper on SDN and other network strategies