MPLS-Based Synchronous Traffic Shunt 

Y. Afek, R. Brooks, N. Fischbach, P. Quinn, A. Friedrich, M. Binderberger, A. Bremler-Barr, B. Elgar, R. Hermoni
MPLS-Based Synchronous Traffic Shunt,
Conferences & Workshops
DDoS attack


We present various MPLS-based methods to enable a service provider to divert traffic of specific destinations to a centralized scrubbing and inspection facility. The traffic may be diverted from several locations, such as peering points, to the central processing facility. This technique differs from the sinkhole approach, in which the traffic does not come out of the sink and thus does not reach the intended destination. Here, after being processed, the traffic is sent back to the network on its way to the intended destination. This facilitates scalable, focused, and targeted filtering and processing of different customer traffic for on demand tasks such as, reverse proxy (ala Hardie & Wessels, see Bellwether – Surrogate Services for Popular Content,” NANOG19), traffic examination, or DDoS attack filtering. The experience of a successful real-life deployment in an ISP environment will be reviewed