Protecting your network from DDoS attacks using BGP

A DDoS attack on just one of the network IP addresses can leave a significant part of your infrastructure inaccessible to users.

The StormWall protection service will help to mitigate the risks - it will protect the business from unpleasant surprises and ensure the stable operation of the network and infrastructure in case of DDoS attacks of any complexity. Infrastructure and applications will work stably and reliably, no matter how sophisticated the initiators of DDoS attacks!

Protecting your network from DDoS attacks using BGP

Write to chat

Payment period

1 mo

3 mo

6 mo

1 year

Compare plans

Business

Bandwidth

50 Mbit/s

Additional options

Dashboard access

Analitycs and reports

Connection types GRE, IPIP, IX

Slack/Telegram support

Client-side DDoS sensor

Physical connection in our datacenter

400 $/month

Save 60 $

340 $/month

Enterprise

Bandwidth

600 Mbit/s

Additional options

Dashboard access

Analitycs and reports

Connection types GRE, IPIP, IX

Slack/Telegram support

Client-side DDoS sensor

Physical connection in our datacenter

Upon request

For all packages:

Maximum filtering capacity

> 3.5 Tbit/s

OSI protection layers

L3-L5 (L7 possible, please contact sales)

Number of filtered attacks

∞

SLA

99.5%

Connection time

15 minutes

Support availability

24/7 (round the clock)

Business

Enterprise

Who is the service for

A DDoS attack on just one of the IP addresses of the network can lead to the fact that a significant part of the infrastructure will be inaccessible to users.

The service "Network protection against DDoS attacks with BGP connection" is intended for Internet providers, data centers, hosting companies, as well as corporate clients with their own autonomous system - the service will help to ensure the stable operation of the IT infrastructure and network, protecting them from DDoS attacks.

For internet providers

Data centers, hosting companies

For corporate clients with their own autonomous system

Internet service providers (ISPs) can also benefit from this service as an additional service for their customers, provided for a fee or as an attractive bonus: ISPs can resell this service to their customers or use it to create new services of their own.

Why your network needs protection from massive DDoS attacks

The intensity and frequency of DDoS attacks are growing at an incredible pace from year to year. Impressive efficiency at the lowest cost makes DDoS a popular choice for fraudulent competition. The damage from attacks can be thousands of dollars, and if the site is used for e-commerce or providing online services, then the amount of damage can grow by orders of magnitude.

Even a not very powerful attack can lead to the loss of hundreds and thousands of clients.

Advantages of the StormWall service over other solutions

Contact our chat

Unlimited solution: You pay only for legitimate traffic and DO NOT pay for the number of attacks, protected IP addresses, AS numbers, etc.

Expert support 24x7 in Slack, reaction time 5-7 min. We solve both your problems and the problems of your clients.

Flexible pricing policy: a package of services from 50 Mbit / s (for small networks), and at any time the bandwidth can be expanded

Free DDoS sensor. Configuring and providing an automated protection process only at the time of an attack.

DNS Server Protection: Unlike other solutions, ours allows you to effectively protect your DNS servers

Full IP operation under attack conditions: during an attack, the client will continue to quickly open websites, work messengers, online games, calls to WhatsApp, Viber, FaceTime, etc.

Free DDoS sensor. Configuring and providing an automated protection process only at the time of an attack.

Detailed reports on each attack with graphs, statistics, sources, examples of attacking traffic.

Test period and free webinar: we will answer all your questions, show and tell you how protection works and connectsа

Assistance in setting up: contact our specialists - they will connect to your equipment remotely for free and set up the connection for you.

How BGP protection against DDoS attacks is connected

Protection can be connected using an IPIP / GRE tunnel, through IX or by physically connecting to the StormWall network at one of our sites.

Establishing a connection

We raise a BGP session in which the client announces the necessary IP prefixes

We accept announcements, filter all traffic and forward it to the client, cleared of attack

Как подключается защита от DDoS-атак средствами BGP

What your company will get

Reliable protection against all known DDoS attacks at L3-L5 OSI layers in 24x7x365 mode

Traffic status analysis and filtering in real time

Client Portal, API and DNS protection

Sending notifications about suspicious activities

Write to chat

What happens during an attack

Only inbound traffic is allowed through the StormWall filters, while outbound traffic follows the same path. This can increase latency as traffic will go through filtering points located in data centers with many connections to popular CDNs.

Will the delay increase?

However, for some resources, the latency may even decrease, since StormWall has direct connections to such popular resources as Google, Microsoft, Akamai, etc.

How we ensure high quality of service

Triple Filter

All of your server’s inbound traffic is cleaned up in three stages:

Edge routers. Over 100 edge routers all over the world are set up to discard traffic that should never reach your servers. This protective layer makes our clients resistant to 100+ Gbps attacks, with TCP and UDP amplification attempts entirely blocked at this stage.

Hardware filters. At this level, most of the TCP / UDP flood is blocked. Thanks to the use of hardware filters, it is possible to achieve tremendous packet processing speed. The filtering network is designed to evenly distribute the load across multiple hardware filters.

Precision filters. This is a fine filtering layer where the most sophisticated attacks, including attacks using bots, are blocked.

FlowSense system

The FlowSense system constantly monitors all data streams going to the server, monitors anomalies and automatically detects the type of attack in progress.

Based on the results, the security parameters are dynamically tuned using BGP FlowSpec (RFC 5575) and the API of our system.

Global Session

Our infrastructure is built in such a way that even a global cataclysm, which entails the failure of one geographic filtering point, will not lead to a disconnection.

How is this achieved? Thanks to the use of Global Session technology, filtering nodes around the world "know" that a client has connected to your server, and if one of the nodes is unavailable, traffic is automatically directed to another node closest to the client.

Points of Presence

> 3500 Gbit/s

Filtering Capacity

Germany (Frankfurt)

fra.stormwall.network Equinix FR5

fra2.stormwall.network e-Shelter FR1

USA (Washington D.C.)

was.stormwall.network

Equinix DC2

China (Hong Kong)

hkg.stormwall.network

Equinix HK1

main:location.countries.country1

msk.stormwall.network

ММТС-9

Kazakhstan (Almaty)

alm.stormwall.network

Connection via

Jusan Mobile

Singapore

sg.stormwall.network

Equinix SG3

[ID]CloudHost

Bulgaria (Sofia)

sof.stormwall.network

Telepoint Center

UAE (Dubai)

ae.stormwall.network

SmartHub Fujairah

Brazil (São Paulo)

Coming 2024

Indonesia (Jakarta)

Coming 2024

How to connect the StormWall service for DDoS protection

Use the service by choosing one of three work options:

Option 1

Write to an online consultant

or call us.

We recommend this method if a DDoS attack is already underway and you have no time to understand the intricacies. Our experts are available online 24x7 and will help you deploy your protection within 10 minutes.

Option 2

Choose a suitable tariff and click "Order".

In this case, you can independently complete all the steps to activate and configure protection.

Option 3

Fill out the form

and our manager will contact you during the working day.