3 mins read

DDoS Attacks and IPv6 Transition Impede Rural Broadband

Rural broadband providers and other regional CSPs are playing a critical role in closing the digital divide. Within the U.S., a broad range of initiatives such as the Rural Development Opportunity Fund (RODF) and Connect America Fund (CAF) are channeling resources to support broadband connectivity to unserved and underserved populations. In Europe, E.U. support is available through European Investment and Structural Funds (ESIF), European Fund for Strategic Investment (EFSI) guarantees, European Investment Bank (EIB) lending, and the Connecting Europe Broadband Fund (CEBF), among other programs. The opportunity is clear—but to capitalize, these companies will need to address significant challenges in both DDoS protection and IPv6 transition.

A recent report by Pulse and A10 Networks, Core Network Investments for Rural Broadband: An International Survey, explores the current state and ongoing expansion of their organizations’ networks, how they’re responding to an ongoing rise in DDoS attack activity, and the urgent need to quickly add underserved subscribers without adding excessive costs.

The DDoS Protection Challenge for Rural Broadband Providers

While DDoS attacks are a constant threat for organizations of all sizes, in all types of geographies, they can pose exceptional risks for rural broadband providers. As these rural and remote areas have already seen underinvestment in both broadband infrastructure and cybersecurity, DDoS protection is generally weaker as well. Keeping critical resources up and running may be even more important to a small community than an urban area. For example, even a low-volume DDoS attack can easily overwhelm a small target such as the business, government, or healthcare customer of a rural broadband provider. A successful DDoS attack on a small town’s only hospital can have devastating consequences.

Meanwhile, DDoS attacks continues to grow in intensity, duration, and frequency every year. A10 Networks threat intelligence research currently tracks over 15 million DDoS weapons—a 2.6X increase since 2019. Over half of the respondents in the Pulse-A10 Networks survey reported experiencing DDoS attacks that directly target subscribers two or three times each month. Nearly two-thirds reported a similar rate of DDoS attacks against their IPv4 pool.

The survey also revealed a relatively low level of DDoS protection technology among service providers. While almost three-quarters (72 percent) of respondents have DDoS detection in place, they were only able to blackhole suspicious traffic by destination IP—a binary method that blocks both good and bad traffic alike. In effect, blackholing puts the customer out of service—achieving the objective of the DDoS attack itself. To block cyberthreats while keeping rural broadband customers connected, more granular, intelligent protection is needed.

A Smooth IPv6 Transition is Critical

IPv6 provides the address book for the internet. It was introduced 20 years ago to replace the original IPv4, which is no longer freely available from the regional internet registries (RIRs). While large tier 1 mobile operators have already embraced IPv6 within their networks and their subscriber devices, many regional or rural broadband providers—like CSPs in other markets—have built their networks on IPv4 connectivity, dedicating a public IP address from their assigned pool to each household served and using dual-stack technology to connect users to IPv6 destinations. Now, faced with the rapid subscriber growth needed to quickly close the digital divide, a large number of additional IPv4 addresses are needed—making IPv4 exhaustion and the high cost of IPv4 on the open market key constraints on rural broadband expansion. As IPv6 is not backward compatible with IPv4, regional ISPs must also provide connectivity to all their subscribers to both IPv4 and IPv6-based destinations, creating a complex networking challenge.

While the virtually unlimited number of IPv6 addresses available promises eventual relief from a shrinking IPv4 pool, IPv6 transition will be a lengthy and complex process—though progress in Europe, the Middle East, and Asia so far outpaces the rate of IPv6 adoption in the North America. Device compatibility is a key factor. In fact, 52 percent of respondents located in North America estimate that over half of their subscribers’ devices are still configured as IPv4-only, compared with just 16 percent in across Europe, the Middle East and Asia. And while 72 percent of respondents located in these regions plan to be fully converted to IPv6 within a single year, only 28 percent of respondents located in North America are moving as quickly.

In part, the faster rate of IPv6 transition may reflect sheer necessity due to the uneven allocation of IPv4 addresses by geography. While the U.S. was allocated nearly 5,000 IPv4 addresses per 1,000 residents, this figure drops to fewer than 2,000 for the U.K. slightly over 1,500 for Japan, and around 200 for Saudi Arabia. With a smaller IPv4 pool to go around, closing the digital divide in regions outside the U.S. would depend on accessing new IP address space, accelerating the urgency of IPv6 transition.

As the transition to IPv6 continues, however, IPv4 remains the global norm for networks, service provider traffic, and subscriber devices; 40 percent of survey respondents report that more than half of their total traffic volume is still IPv4. To sustain growth and continue closing the digital divide, rural broadband providers will have to find ways to support additional subscribers with their existing IPv4 pool. One approach is to use carrier-grade NAT (CGNAT) to share individual IPv4 addresses across multiple subscribers, combined with other carrier grade networking mechanisms that also allow for transition between IPv4 and IPv6. In fact, nearly two-thirds of survey respondents have currently deployed purpose-built CGNAT hardware appliances in their network. To ensure that the CGNAT gateway itself is not compromised by a DDoS attack, it is critical for CSPs to ensure that their CGNAT solution provides DDoS protection.

While DDoS attacks and IPv6 transition continue to pose challenges for rural broadband providers, the market opportunity remains strong. While total E.U. household broadband access coverage reached 86 percent in 2019, 10 percent of rural households are not covered by any fixed network, while 41 percent are not covered by a next-generation access technology such as broadband.

Leave a Reply