skip to Main Content


CPE: Customer Premises Equipment

DWDM: Dense Wavelength Division Multiplexing

EoSDH: Ethernet on SDH

EPL: Ethernet Private Line

EVPL: Ethernet Virtual Private Line

Gbps: Gigabit per second

GCE: Global Carrier Ethernet

MPLS: Multi Protocol Label Switching

NOC: Network Operation Center

POP: Point of Presence

SDH: Synchronous Digital Hierarchy

SLA: Service Level Agreement

SONET: Synchronous Optical Network

Tbps: Terabit per second (1012 bps)

UNI: User Network Interface

VLAN: Virtual Local Area Network

ARIN: American Registry for Internet Numbers

BGP: Border Gateway Protocol

CGNAT: Carrier Grade Network Address Translation

DDOS: Distributed Denial of Service

ISP: Internet Service Provider

IXP: Internet eXchange Point

LACNIC: Latin America and Caribbean Network Information Centre

PTT/NAP: Network Access Point

RIPE NCC: Réseaux IP Européens Network Coordination Centre

SLA: Service Level Agreement

STI: Service Internet Transit


For any information regarding our cable business, please contact us on:


Distributed Denial of Service (DDoS) attacks are becoming more frequent. Our DDoS Shield solution is a security service that adds value to the Internet Transit Service by mitigating attacks on our international network before they reach the customer’s network.

In the event of an attack, the system acts transparently for the customer, eliminating the malicious traffic and delivering the legitimate traffic, thus contributing to the continuity of the service for the customer.


The service provides passive and non-intrusive monitoring of customer traffic, offering access to traffic reports, statistical alert reports and details of each detected attack.  In addition, there are two scrubbing centers (in Miami and Madrid), which allow attacks to be mitigated as close as possible to their point of origin, and before they reach the customers’ networks.

Value Proposition

The service provides a security solution capable of detecting and mitigating DDoS attacks before they reach the customer’s network, contributing to service continuity. Additionally, it offers a wide flexibility in contracting options, based on the needs of the customer.

Product details


Our equipment monitors and analyzes our IP network backbone, collecting flow statistics reported by network border routers, providing a global and perimeter detection of the entire network.

Traffic monitoring

Monitoring is passive and non-intrusive: traffic is not directly inspected, but some statistical information is gathered.

Mitigation at centralized network points

Traffic considered suspicious by detection equipment is sent to scrubbing centers, where it is analyzed in order to rule out malicious traffic and deliver legitimate traffic to the customer.

24/7 Customer Care

Service available 24 hours a day, 7 days a week. Access to the detection platform, which provides reports for full visibility of traffic and anomalies detected.


The service is oriented to operators and resale to end customers (B2B2C), in different modalities that adapt to the needs of each customer.

Attack notification and mitigation response time SLAs

Once an attack has been identified, Telxius undertakes to report it to the customer and mitigate it within the agreed time frame.

Platform availability SLAs

Telxius commits to an SLA regarding availability for detection and mitigation platforms.