How the Service Works

The “StormWall for Networks” service is designed for internet service providers, data centers, hosting companies, and corporate clients with their own autonomous system. Our protection blocks and minimizes the consequences of even the most complex DDoS attacks on your network.

How the Service Works Algorithm of operation:

  1. Connection setup;
  2. Establishment of a BGP session, where you announce the necessary IP prefixes;
  3. Reception of announcements, filtering, and redirection of cleaned traffic to you.

Connection Methods for Protection:

  1. IPIP/GRE Tunnel
  2. Internet Exchange (IX)
  3. Physical Connection to the StormWall Network at one of our locations

Protection Options:

  1. Enable Permanent Protection with all incoming traffic passing through our filters:

In this case, all of the client’s networks will be under constant protection (DDoS attacks will never catch you off guard), but the flexibility in managing incoming traffic will be limited.

  1. Manually connect protected networks – only the necessary client networks will be announced:

Not all client networks will be announced, only those that require protection at a specific moment in time. For example, if you are expecting an attack or it has already begun, you can manually redirect network announcements to StormWall (removing them from other providers).

  1. Automate the announcement of protected networks when an attack begins using a DDoS sensor:

The sensor, installed on the client’s side, automatically switches the attacked network to protection mode and removes it from unprotected providers immediately after detecting the beginning of an attack. After the attack is over, it returns the network back.

  1. Deploy a DDoS sensor on the client’s network:

The sensor can receive traffic information via NetFlow, sFlow, or Mirror/SPAN and integrates with your edge router or router group using BGP, sending signals to activate protection using BGP Community. Deployment on a virtual machine is possible.

DDoS sensor operation scenarios:

[If the DDoS sensor is on the client’s side]

  1. The sensor detects the beginning of an attack on one or several IP addresses;
  2. Then, the sensor initiates the announcement of the attacked network through StormWall;
  3. After that, the sensor removes the attacked network from unprotected providers.

[Regardless of the presence of the sensor on the client’s side]

  1. The sensor on StormWall’s side (FlowSense system) determines which IP addresses are being attacked and redirects the traffic going to these addresses for filtration;
  2. The attack is cut off by StormWall’s filters;
  3. After the attack ends, the traffic stops being routed through the filters and goes directly.

[If the sensor is on the client’s side]

  1. The network announcement is returned to its providers and removed from StormWall. Triple filtration (Triple Filter) is used for traffic filtering, FlowSence technology for anomaly detection and automatic attack type identification, and Global Session technology for protection against failures at StormWall network nodes.