Protecting your network from DDoS attacks using BGP
A DDoS attack on just one of the network IP addresses can leave a significant part of your infrastructure inaccessible to users.
The StormWall protection service will help to mitigate the risks - it will protect the business from unpleasant surprises and ensure the stable operation of the network and infrastructure in case of DDoS attacks of any complexity. Infrastructure and applications will work stably and reliably, no matter how sophisticated the initiators of DDoS attacks!
Who is the service for
A DDoS attack on just one of the IP addresses of the network can lead to the fact that a significant part of the infrastructure will be inaccessible to users.
The service "Network protection against DDoS attacks with BGP connection" is intended for Internet providers, data centers, hosting companies, as well as corporate clients with their own autonomous system - the service will help to ensure the stable operation of the IT infrastructure and network, protecting them from DDoS attacks.
Why your network needs protection from massive DDoS attacks
Advantages of the StormWall service over other solutions
How BGP protection against DDoS attacks is connected
Protection can be connected using an IPIP / GRE tunnel, through IX or by physically connecting to the StormWall network at one of our sites.
What your company will get
What happens during an attack
Only inbound traffic is allowed through the StormWall filters, while outbound traffic follows the same path. This can increase latency as traffic will go through filtering points located in data centers with many connections to popular CDNs.
However, for some resources, the latency may even decrease, since StormWall has direct connections to such popular resources as Google, Microsoft, Akamai, etc.
How we ensure high quality of service
Edge routers. Over 100 edge routers all over the world are set up to discard traffic that should never reach your servers. This protective layer makes our clients resistant to 100+ Gbps attacks, with TCP and UDP amplification attempts entirely blocked at this stage.
Hardware filters. At this level, most of the TCP / UDP flood is blocked. Thanks to the use of hardware filters, it is possible to achieve tremendous packet processing speed. The filtering network is designed to evenly distribute the load across multiple hardware filters.
Precision filters. This is a fine filtering layer where the most sophisticated attacks, including attacks using bots, are blocked.
The FlowSense system constantly monitors all data streams going to the server, monitors anomalies and automatically detects the type of attack in progress.
Based on the results, the security parameters are dynamically tuned using BGP FlowSpec (RFC 5575) and the API of our system.
Our infrastructure is built in such a way that even a global cataclysm, which entails the failure of one geographic filtering point, will not lead to a disconnection.
How is this achieved? Thanks to the use of Global Session technology, filtering nodes around the world "know" that a client has connected to your server, and if one of the nodes is unavailable, traffic is automatically directed to another node closest to the client.
Points of presence
fra.stormwall.network Equinix FR5
fra2.stormwall.network e-Shelter FR1
How to connect the StormWall service for DDoS protection
Our clientsAll clients
We have been working at the international market since 2013.
During this time, we have implemented more than 8000 projects in 60 countries.