Don’t Wait, Be Active
In Your DDoS Defense
Choose the Perfect DDoS Protection Plan
Plans & Pricing
Initial protection can be set up in less than 24 hours.*
Contact Us for a Quote
Basic
Remotely Triggered Black Hole (RTBH)
- Hardware Recommendation
- WanGuard Installation
- Remote OS Setup & Tuning
- Network Update & Tuning
- goBGP Setup
- WanGuard Attack Thresholds Setup
- WanGuard Training
- WanFilter with Routing
- goBGP with FlowSpec Setup
- Extra Training & Customizations
Standard
Simple Filtering
- Hardware Recommendation
- WanGuard Installation
- Remote OS Setup & Tuning
- Network Update & Tuning
- goBGP Setup
- WanGuard Attack Thresholds Setup
- WanGuard Training
- WanFilter with Routing
- goBGP with FlowSpec Setup
- Extra Training & Customizations
Optimal
Filtering with FlowSpec
- Hardware Recommendation
- WanGuard Installation
- Remote OS Setup & Tuning
- Network Update & Tuning
- goBGP Setup
- WanGuard Attack Thresholds Setup
- WanGuard Training
- WanFilter with Routing
- goBGP with FlowSpec Setup
- Extra Training & Customizations
Advanced
RTBH & FlowSpec Filtering
- Hardware Recommendation
- WanGuard Installation
- Remote OS Setup & Tuning
- Network Update & Tuning
- goBGP Setup
- WanGuard Attack Thresholds Setup
- WanGuard Training
- WanFilter with Routing
- goBGP with FlowSpec Setup
- Extra Training & Customizations
*Depends on your preparation and required response time.
DDoS Protection Plans Overview
Learn about DDoS scenarios and choose the plan that fits your needs.
Remotely Triggered Black Hole (RTBH)
Recommended for network operators (ISPs) or data centers, where blocking a single IP address does not disrupt the entire network.
- A DDoS attack begins, threatening to saturate your uplink capacity, impacting latency and service availability.
- WanGuard detects the attack in 5 seconds and sends a BGP update to initiate RTBH protection, blocking traffic to the targeted IP.
- Your router propagates the BGP update to upstream ISPs. Attack traffic is blocked before entering your network.
- Normal network traffic and latency are restored.
The limitation is that all traffic to the attacked IP is blocked.
Simple Filtering
Traffic filtering is the true method for protecting specific IPs and services, not just the network. Unlike RTBH, it filters out only attack (bad) traffic. Essential for volumetric attacks, it has evolved with WanGuard's DPDK sub-system, replacing older iptables methods. This enables scaling from 1 Gbps to 100 Gbps per sensor port.
This multi-stage filtering is now covered in Scenarios 3 and 4.
Filtering with FlowSpec
A comprehensive, granular filtering solution. Hardware filtering via BGP FlowSpec drops malicious traffic directly on Your router line cards.
- An attack begins, but stays within bandwidth limits.
- WanGuard detects it and sends a BGP FlowSpec update to filter/drop malicious traffic on the router.
- Normal traffic flows to your network; DDoS traffic is filtered and dropped.
RTBH & FlowSpec Filtering
The highest level of DDoS protection, ensuring network resilience during multiple, simultaneous volumetric and layer-based attacks.
- If an DDoS attack requires traffic filtering we trigger WanFilter for BGP FlowSpec filtering, then we monitor if traffic level is within limit on our uplinks.
- If an DDoS attack is close to saturating uplinks, WanGuard will trigger BGP black hole RTBH (Scenario 1).
- To ensure fully automatic protection, we setup additional checks and notifications for Your network team.
Advanced
RTBH & FlowSpec Filtering
To place your order, please fill out the form below. We’ll contact you within 24 hours to gather details and begin work.