Test through simulations

It’s a good practice to test your assumptions about how your services will respond to an attack by conducting periodic simulations. During testing, validate that your services or applications continue to function as expected and there’s no disruption to the user experience. Identify gaps from both a technology and process standpoint and incorporate them in the DDoS response strategy. We recommend that you perform such tests in staging environments or during non-peak hours to minimize the impact to the production environment.

We have partnered with BreakingPoint Cloud, a self-service traffic generator, to build an interface where Azure customers can generate traffic against DDoS Protection-enabled public endpoints for simulations. You can use the simulation to:

  • Validate how Azure DDoS Protection helps protect your Azure resources from DDoS attacks.
  • Optimize your incident response process while under DDoS attack.
  • Document DDoS compliance.
  • Train your network security teams.

Note

BreakingPoint Cloud is only available for the Public cloud.

Prerequisites

Configure a DDoS test attack

  1. Enter or select the following values, then select Start test:

    Setting Value
    Target IP address Enter one of your public IP address you want to test.
    Port Number Enter 443.
    DDoS Profile Possible values include DNS Flood, NTPv2 Flood, SSDP Flood, TCP SYN Flood, UDP 64B Flood, UDP 128B Flood, UDP 256B Flood, UDP 512B Flood, UDP 1024B Flood, UDP 1514B Flood, UDP Fragmentation, UDP Memcached.
    Test Size Possible values include 100K pps, 50 Mbps and 4 source IPs, 200K pps, 100 Mbps and 8 source IPs, 400K pps, 200Mbps and 16 source IPs, 800K pps, 400 Mbps and 32 source IPs.
    Test Duration Possible values include 10 Minutes, 15 Minutes, 20 Minutes, 25 Minutes, 30 Minutes.

It should now appear like this:

DDoS Attack Simulation Example: BreakingPoint Cloud

Monitor and validate

  1. Log in to https://portal.azure.com and go to your subscription.
  2. Select the Public IP address you tested the attack on.
  3. Under Monitoring, select Metrics.
  4. For Metric, select Under DDoS attack or not.

Once the resource is under attack, you should see that the value changes from 0 to 1, like the following picture:

DDoS Attack Simulation Example: Portal

BreakingPoint Cloud API Script

This API script can be used to automate DDoS testing by running once or using cron to schedule regular tests. This is useful to validate that your logging is configured properly and that detection and response procedures are effective. The scripts require a Linux OS (tested with Ubuntu 18.04 LTS) and Python 3. Install prerequisites and API client using the included script or by using the documentation on the BreakingPoint Cloud website.

Next steps