Asymmetric Network: An asymmetric network has multiple routes for incoming and outgoing network traffic. As such traffic takes a different route when entering or exiting the network.
Symmetric Network: A symmetric network has a single route for incoming and outgoing network traffic. As such traffic takes the same route when entering or the network.
It is very common for traffic to be asymmetrical in both Service Provider and larger Enterprise networks due to the nature of routing within a large, complex environment that has multiple entry and exit points. Since the bulk of the IPS filters are flow based (meaning state kept per flow versus per session), attacks are detected in either send or receive directions.
By default TippingPoint devices are shipped with Asymmetric mode enabled. This means that the device only sees one side of the TCP connection. When using Advanced Distributed Denial of Service (DDoS) protection filters, you must place the IPS device in a Symmetric network and you must disable Asymmetric mode. The device must be able to see both sides of the traffic flow.
When using Advanced DDoS Protection filters, keep in mind the following:
- You must place the device in a Symmetric Network.
- You must disable Asymmetric Mode for the device.
DDoS filters - Infrastructure protection filters that detect DDoS attacks which flood a network with requests, including traditional SYN floods, DNS request floods against nameservers, and attempts to use protected systems as reflectors or amplifiers in attacks against third parties. Advanced Distributed Denial of Service (DDoS) filters enable you to create filters for detecting denial of service attacks.
Note: DDoS protection filters are enabled by enabling SYN Proxy and specifying the Threshold level in the Profiles area of the SMS. No other Advanced DDoS options on the SMS are available.