The RioRey DDoS Solution
The RioRey solution is a DDoS protection device not widely used or heard of … yet. First of all let me assure you that I am in no way associated with the RioRey company and my focus is to give an honest and unbiased opinion of their product offerings.
The RioRey device is a rack-mountable device with one copper management port and two copper or fiber (Multimode SX/LC or Singlemode LX/LC) ports. Their products tier in the volume of packets per second they are able to mitigate under a real DDoS attack. They range from 150K packets per second (PPS) to their newest eight rack unit 16M packets per second model. The model I have had the most experience with is their entry-level 150K PPS model. This will be the model I talk about in the remainder of this article.
Using the device is a breeze. Installation is as simple as installing it in line to the closest “edge” of your connection. For most companies and hosting providers this would be at their handoff from their bandwidth provider (e.g. Cogent, ATT) The device can be purchased (at no additional cost) with the ability to fail to bypass. This means that if the device has a hardware failure the device will act as a straight-through cable and continue to pass traffic. In testing this device did not even trip external monitoring when simulating failure.
The device comes with a very primitive web interface which is used for setting up low-level functions like syslog reporting and IP addressing of the management interface. The device comes with a pre-configured IP address to access this web console for first installation. The device also comes with their management software called “rView” This software allows you to view the status of the device, perform reports, get real-time insight into current attacks and customize how the device behaves under attack. The device also has the ability to send SNMP traps, log to syslog and email when an attack is detected.
I’ve personally and (un)fortunately had this device work for me. This device was blocking a 1.3GBit/sec UDP flood and was currently only linked at 100mbit. All sites/devices/services behind the RioRey were still responsive. The sites did notice a small uptick in response time but no dropped packets or requests. The device performed as advertised and their patented Micro Behavioral Analysis (MBA) algorithms performed beautifully. Within 60 seconds the attack was mitigated and “polluted” traffic was removed. The graph on the right illustrates how fast the traffic was blocked. Notice the blue line grow and then almost instantly disappears. This blue line is the “after filtering” traffic (the traffic passed to the LAN interface.) The attack traffic was almost instantly mitigated- all without human intervention.
This device is a very valuable tool. It’s kind of like a fire extinguisher, when you need it you really need it; when you don’t need it you never really even know or care to know that it’s there. Was it worth the investment? It’s hard to gauge these things after an attack is mitigated. If we didn’t have the device under attacks it would be much harder to identify the attacker and the victim and would cause more downtime simply analyzing the traffic to find the source(s).
I believe the device is well worth it. It’s entry-level pricing is second to none (when compared to other solutions) and it allows a level of protection that most never thought possible for the price. To obtain more information and pricing please visit The RioRey Site.
If you have any questions about the device and would like to contact me for more information please post a comment or email Adam [at] Admo.net for more information!