Thursday, September 25, 2014

Apple IOS8 Update - DDoS Attack? Can Cache Help?

Some traffic management aspects of the recent iOS8 release:
  • Procera Networks' blog explains that ".. the latest IOS 8 update has hit some networks pretty hard. Several of our customers had such severe traffic spikes that they initially thought that they were under a DDOS attack ..  because the DDOS protection mechanisms implemented in the Procera solution kicked in, and customers were concerned that there was a wide-scale attack occurring. Using our Dynamic LiveView technology, we were able to quickly isolate the problems to Apple Devices and the Apple Update signature.
    The worst case we saw occurred in a CIS mobile network
    [left chart], where traffic jumped an almost astonishing 4000% at peak from normal to become one of the biggest traffic sources on the network. This bandwidth was achieved even with the operator managing the traffic using fair usage for each subscriber to ensure that the rest of the network traffic was not affected by the download. This is an astonishing number for a non-video application, and is the network equivalent of an Apple flash mob.

  • The European mobile network below saw
    [right chart] a big spike of over 1Gbps of Apple store updates in a very short time, with Apple Updates going from .01% of total network traffic to over 6% of the total traffic.

See "Apple’s Flash Mob: IOS 8 Update Resembles DDOS Attack for operators" - here.

  • PeerApp has "released data that shows 96 percent of iOS 8 requests through PeerApp customers were served from the cache, allowing subscribers to download the update much more quickly. PeerApp measured traffic of a sample of customers over the period of September 15th – 21st, and found traffic peaked after the iOS 8 release to over 4 Terabytes per hour – a rate four times higher than normal traffic peaks of 1 Terabyte per hour".

    See "Millions of iOS 8 updates Delivered 8 to 12 Times Faster with PeerApp" - here.