CPE: Customer Premises Equipment
DWDM: Dense Wavelength Division Multiplexing
EoSDH: Ethernet on SDH
EPL: Ethernet Private Line
EVPL: Ethernet Virtual Private Line
Gbps: Gigabit per second
GCE: Global Carrier Ethernet
MPLS: Multi Protocol Label Switching
NOC: Network Operation Center
POP: Point of Presence
SDH: Synchronous Digital Hierarchy
SLA: Service Level Agreement
SONET: Synchronous Optical Network
Tbps: Terabit per second (1012 bps)
UNI: User Network Interface
VLAN: Virtual Local Area Network
ARIN: American Registry for Internet Numbers
BGP: Border Gateway Protocol
CGNAT: Carrier Grade Network Address Translation
DDOS: Distributed Denial of Service
ISP: Internet Service Provider
IXP: Internet eXchange Point
LACNIC: Latin America and Caribbean Network Information Centre
PTT/NAP: Network Access Point
RIPE NCC: Réseaux IP Européens Network Coordination Centre
SLA: Service Level Agreement
STI: Service Internet Transit
Distributed Denial of Service (DDoS) attacks are becoming more frequent. Our DDoS Shield solution is a security service that adds value to the Internet Transit Service by mitigating attacks on our international network before they reach the customer’s network.
In the event of an attack, the system acts transparently for the customer, eliminating the malicious traffic and delivering the legitimate traffic, thus contributing to the continuity of the service for the customer.
The service provides passive and non-intrusive monitoring of customer traffic, offering access to traffic reports, statistical alert reports and details of each detected attack. In addition, there are two scrubbing centers (in Miami and Madrid), which allow attacks to be mitigated as close as possible to their point of origin, and before they reach the customers’ networks.
The service provides a security solution capable of detecting and mitigating DDoS attacks before they reach the customer’s network, contributing to service continuity. Additionally, it offers a wide flexibility in contracting options, based on the needs of the customer.
Our equipment monitors and analyzes our IP network backbone, collecting flow statistics reported by network border routers, providing a global and perimeter detection of the entire network.
Monitoring is passive and non-intrusive: traffic is not directly inspected, but some statistical information is gathered.
Traffic considered suspicious by detection equipment is sent to scrubbing centers, where it is analyzed in order to rule out malicious traffic and deliver legitimate traffic to the customer.
Service available 24 hours a day, 7 days a week. Access to the detection platform, which provides reports for full visibility of traffic and anomalies detected.
The service is oriented to operators and resale to end customers (B2B2C), in different modalities that adapt to the needs of each customer.
Once an attack has been identified, Telxius undertakes to report it to the customer and mitigate it within the agreed time frame.
Telxius commits to an SLA regarding availability for detection and mitigation platforms.