For a data centre operator, a DDoS attack is not an abstract security concern. It is a direct financial event. Every minute a customer is offline carries immediate revenue and reputational consequences, and at $5,000 or more per minute in potential losses, the cost of slow detection is measurable and compounding. Traditional perimeter defences were built for a different threat environment. Destination-based blackhole routing blocks all traffic to a targeted address, which stops the attack but also takes down legitimate customers sharing the same uplink. As 5G-enabled IoT devices expanded potential attack vectors to a million connected devices per square kilometre, SAKURA Internet, one of Japan’s largest data centre operators, needed a fundamentally different approach.
This case study covers how SAKURA deployed Volt Active Data as the real-time decisioning engine for a purpose-built DDoS mitigation platform, replacing reactive blackhole routing with surgical source-and-destination filtering. It details the three systemic challenges that made the legacy approach insufficient, the five architectural capabilities that define the Volt deployment, and the production outcomes across detection speed, traffic precision, financial protection, and platform cost.
At the core of the architecture is a single principle: move decisioning authority to the data layer and eliminate the gap between ingestion and decision entirely. Volt ingests sFlow traffic data directly from SAKURA’s backbone infrastructure, maintains real-time per-source IP profiles with bits-per-second granularity, and makes authoritative allow or block decisions in single-digit milliseconds. Those decisions are pushed directly to SDN controllers, which update deployed network switches in real time. The same engine that ingests the data makes the decision and records the authoritative outcome in one atomic execution path.
For security architects, network engineers, and infrastructure teams responsible for always-on availability, this case study demonstrates what it looks like when DDoS mitigation becomes a function of architecture rather than appliances. If your current approach detects attacks after damage has already begun, or blocks legitimate traffic as collateral, read on to see how SAKURA solved both problems in production.