Укр
Pl
EnFirewall
Firewall service allows our internet exchange members to mitigate DDoS attacks pointed to operator's uplink exhaustation: DNS-amplified, NTP-aplified, SNMP-amplified, UDP or ICMP flood etc. In case of these attacks victim usually can't mitigate an attack without uplink's (upstream ISP or internet exchange point) NOC helping.
Traditional way to mitigate uplink exhaustation attack is victim IP-address blackholing. This mechanism is supported by many operators but it has a drawback: all traffic to victim IP-address is blocked, not just garbage one.
In Giganet you can filter only garbage traffic using specific BGP announces. It will allow you to avoid blackholing victim host: garbage traffic will be filtered on our network perimeter using ingress ACLs, allowing other traffic to pass through.
Firewall offers following posibilities to our members:
- Filter whole protocol to an IP-address/prefix: TCP, UDP, ICMP etc.
- Filter protocol + source or destination port to an IP-address/prefix.
You can view details of Firewall here (requires login to control panel).
We providing Firewall service for free of charge on customer request, it is available for Global Exchange members for member's best-path prefixes announced to route server 91.245.221.1.
Firewall service scheme:
