Infrastructure DDoS Protection
Infrastructure DDoS Protection
Smarter, Faster, Safer
Link11 Infrastructure DDoS Protection is a cloud-based system that fends off DDoS attacks on
applications and services in an autonomous system. The system includes a globally distributed DDoS
scrubbing center architecture to protect organizations against even the largest DDoS attacks.
Protection of your
core services
Against DDoS attacks
Protection of
customer networks
Via Layer 2 and GRE tunnels
Guaranteed DDoS
mitigation
Up to 1 Tbps in a multi-terabit
global network
How the Link11 Infrastructure
DDoS technology works
Link11’s Infrastructure DDoS Protection is placed in the inbound traffic path of the customer’s autonomous system to
monitor traffic for anomalies and take defensive measures. The setup looks like this:
1
The customer connects via a physical
connection (L2) or GRE tunnel to the Link11
data center location of his choice.
2
Within this L2 connection, a GBP connection
is set up between Link11 and the customer,
which will act as a route distributor between
both parties in the future.
3
Once this is done, the customer can now use
Link11 as a transit provider to the Internet.
4
In addition, customers can choose whether
they want their incoming traffic to flow
completely, partially, or on standby via Link11.
Infrastructure DDoS Protection
The Link11 Insights feature
When the customer runs their traffic on standby through Link11, they have the optional ability to export their traffic information and send it to the Link11 Insights solution. Once there, the data is statistically analyzed and alerts are sent to the customer if traffic anomalies are detected.
Customers can also activate and configure a data redirection trigger in Link11Insights. Several selectable triggers are available at the same time:
- Mbit per second
- Packages per second
- Number of traffic sources
- Number of source countries
- Number of Internet service providers
DDoS detection and protection measures
Link11’s Infrastructure DDoS Protection fully protects your network infrastructure against DDoS attacks on OSI layers 3-7.
The solution thwarts a variety of different attack types, including:
01
Volumetric attacks:
- Botnet-based TCP floods
- Botnet-based UDP floods
- ICMP-Floods
- UDP Amplification Reflection floods
- TCP Reflection floods
- Unknown/unspecified protocols using artificial intelligence/machine learning
02
Protocol floods:
- TCP-SYN
- TLS / SSL
- Invalid combinations of IP/TCP
header flags - Unknown/unspecified protocols using artificial intelligence/machine learning
03
Also good to know:
- By combining infrastructure protection with Link11 Web DDoS Protection, DDoS attacks in TLS-encrypted HTTP traffic (HTTPS) can be detected and defended against
- For DDoS attacks from IPv6 networks Link11 offers volume protection that includes the use of network policers on the routers to prevent or mitigate typical DDoS attacks.
