TELXIUS’ Global DDoS Shield service is an Internet transit value-added service, which offers a security solution able to detect and mitigate Distributed Denial of Service (DDoS) attacks, increasingly common on the Internet.
DDoS attacks are mitigated on the international network of TELXIUS, before reaching the customer’s network. In case of an attack the system acts transparently to the customer, eliminating malicious traffic and delivering the legitimate traffic, allowing the continuity of its service.
Additionally, the service provides a web-based customer access to check the benefits of the service.
The Global DDoS Shield service avoids the customer’s service affectation in case of attack, being a transparent solution. The customer will receive its legitimate traffic through its Internet Transit interconnection.
The service provides a passive and non-intrusive monitoring of the customer traffic since the traffic is not directly inspected. The service analyses statistical information on traffic and for this reason it is not a point of failure in case of breakdown.
This solution has the infrastructure and equipment of a market-leading technology and it has been deployed on the international network of TELXIUS.
The global nature of the TELXIUS network, positions it as the best option to counter these types of attacks, whose sources are usually international. The solution protects the customer’s network from the outside and monetises the economic damages caused not only to the customer but also to its own final customers.
The service offers access to traffic reports, statistical alarm information, detailed information on the attack, etc.
DDoS Shield service provides you with a solution which detects and mitigates these types of attacks before they reach your network and that allows you to maintain and achieve high service levels due to the reassurance of having comprehensive protection against multiple digital vulnerabilities and threats.
It also offers you a wide flexibility in hiring options making our service fit for your purpose: monitoring, full protection with unlimited mitigations, mitigations of attacks on demand, etc
TELXIUS’ DDoS Shield has traffic monitoring and attacks the detection System and mitigation System thereof.
- The detection part has been implemented using equipment that monitors and analyses the TELXIUS’ IP network backbone, collecting Flow statistics reported by the network border routers, providing a global and perimeter detection of the whole network.
- Monitoring the customer traffic is a passive and non-intrusive activity since the traffic itself is not directly inspected, but some statistical traffic information is. For this reason, a failure in the equipment does not affect the service.
The equipment is able to detect attacks and generate alarms with all the information needed to proceed to the mitigation.
- The mitigation is being performed in some centralised network points, which is where the traffic considered suspicious for the detection equipment is sent to. At these points, the traffic is cleaned, if needed, delivering the legitimate traffic to the customer and ensuring the service’s continuity.
The customer’s regular traffic does not go through this equipment so they are not a failure point within the Service.
Our Service has a report and managed services module where the customer can consult data and information via the web. This gives the customer the possibility of having full visibility over its traffic and the attacks it undergoes.
The service is designed for operators and resale to end customers (B2B2C) and has different flavours to suit the needs of each client.
TELXIUS is committed to guaranteeing specific Service Level Agreements (SLA) for the Global DDoS Shield service.
- Time information after an attack detection SLA.
- Availability for the detection and the mitigation SLA.
- CPE: Customer Premises Equipment
- DWDM: Dense Wavelenght Division Multiplexing
- EoSDH: Ethernet on SDH
- EPL: Ethernet Private Line
- EVPL: Ethernet Virtual Private Line
- Gbps: Gigabit per second
- GCE: Global Carrier Ethernet
- MPLS: Multi Protocol Label Switching
- NOC: Network Operation Center
- POP: Point of Presence
- SDH: Synchronous Digital Hierarchy
- SLA: Service Level Agreement
- SONET: Synchronous Optical Network
- Tbps: Terabit per second (1012 bps)
- UNI: User Network Interface
- VLAN: Virtual Local Area Network
- ARIN: American Registry for Internet Numbers
- BGP: Border Gateway Protocol
- CGNAT: Carrier Grade Network Address Translation
- DDOS: Distributed Denial of Service
- ISP: Internet Service Provider
- IXP: Internet eXchange Point
- LACNIC: Latin America and Caribbean Network Information Centre
- PTT/NAP: Network Access Point
- RIPE NCC: Réseaux IP Européens Network Coordination Centre
- SLA: Service Level Agreement
- STI: Service Internet Transit