Infrastructure DDoS Protection
Infrastructure DDoS Protection
Smarter, Faster, Safer
Infrastructure DDoS Protection by Link11 is a cloud-based system that fends off DDoS attacks on
applications and services in an autonomous system. The system includes a globally distributed DDoS
scrubbing center architecture to protect organizations against even the largest DDoS attacks.
Protection of your
core services
Against DDoS attacks
Protection of
customer networks
Via Layer 2 and GRE tunnels
Guaranteed DDoS
mitigation
Up to 1 Tbps in a multi-terabit
global network
How the Link11 Infrastructure
DDoS technology works
Link11 Infrastructure DDoS Protection provides comprehensive protection against volumetric and non-volumetric attacks on layers 3 and 4. In always-on mode, all customer traffic flows continuously through the Link11 security matrix to ensure minimal latency and enable fully automated attack detection and mitigation. On-Prem or hybrid models are also supported.

1
The customer connects via a physical
connection (L2) or GRE tunnel to the Link11
data center location of his choice.
2
Within this L2 connection, a BGP connection
is set up between Link11 and the customer,
which will act as a route distributor between
both parties in the future.
3
Once this is done, the customer can now use
Link11 as a transit provider to the Internet.
4
In addition, customers can choose whether
they want their incoming traffic to flow
completely, partially, or on standby via Link11.
The Link11 Insights feature
When the customer runs their traffic on standby through Link11, they have the optional ability to export their traffic information and send it to the Link11 Insights solution. Once there, the data is statistically analyzed and alerts are sent to the customer if traffic anomalies are detected.
Customers can also activate and configure a data redirection trigger in Link11Insights. Several selectable triggers are available at the same time:
- Mbit per second
- Packages per second
- Number of traffic sources
- Number of source countries
- Number of Internet service providers
DDoS detection and protection measures
A DDoS (Distributed Denial of Service) attack attempts to overwhelm an Internet-connected asset with the aim of
making it unavailable to legitimate users. Our DDoS protection includes various measures that prevent this condition from ocurring:
01
Volumetric attacks:
- Botnet-based TCP floods
- Botnet-based UDP floods
- ICMP-Floods
- UDP Amplification Reflection floods
- TCP Reflection floods
- Unknown/unspecified protocols using artificial intelligence/machine learning
02
Protocol floods:
- TCP-SYN
- Invalid combinations of IP/TCP
header flags - Unknown/unspecified protocols using artificial intelligence/machine learning
03
Also good to know:
- By combining infrastructure protection with Link11 Web DDoS Protection, DDoS attacks in TLS-encrypted HTTP traffic (HTTPS) can be detected and defended against.
- For DDoS attacks from IPv6 networks Link11 offers volume protection that includes the use of network policers on the routers to prevent or mitigate typical DDoS attacks.
