DDoS Protection

Mitigation cloud with over 1Tbps+ filtering capacity


Always available

Our datacenters in Iceland, Romania, and the Netherlands come with free DDoS filtering.
Check out our Virtual Private Servers, Shared Hosting and Dedicated Servers to secure your online assets.

Protection Deployment

FlokiNET DDoS mitigation solutions can be deployed in the following ways

1. Secure Uplink

Secure uplink is basically a direct peer between a client and us (as an intermediate step for incoming traffic to be filtered and then re-sent to the client).

As this only manipulates incoming traffic via BGP, the service itself uses the client's own IP ranges. The same link can be used to send traffic for free for approximately 36 hours/month (5% of the time). Anything over this limit will be charged on a 95/5 basis.

The Secure Uplink service redirects all your traffic from an affected subnet to FlokiNET, a sensor immediately detects an attack and redirects traffic from the affected IP to the mitigation cloud within seconds. The redirection stops within minutes of the attack ending.

This can be easily solved via (cross-connect) + BGP between us and you to force traffic from a given subnet to flow towards us:

  • Normal Path: Your upstream provider >> Your server >> Your client
  • Secure Uplink Path: Your upstream provider >> Your server >> Our filter >> Flokinet's DDoS traffic cleaning >> Your Service >> Your client

The smartest but most complex solution is to redirect traffic only when needed, i.e. to have a device or person monitoring the traffic with the power and knowledge to detect the traffic and redirect it to Flokinet via BGP.

The additional latency provided by our anti-DDoS filter would be minimal. Therefore, one reason to use FlokiNET as an outbound relay would be to diversify the list of upstream providers/ISPs through which you access the Internet.

2. Anti-DDoS Tunnel

Standard tunnel endpoints to a nearby FlokiNET Security Cloud to connect your anti-DDoS equipment. The Anti-DDoS Tunnel works under the same premises, except that there is no need for a direct connection between you and us. It is a GRE or L2TP tunnel over the Internet using a BGP session.

Through an encapsulated BGP session, you advertise to the end user the subnet being attacked when downstream or equipment capacity is overwhelmed by an attack. The Security Cloud will 'hijack' incoming traffic from the affected subnet, mitigate it against DDoS and send it to you through the tunnel. Traffic leaving your network is never re-routed.

3. Anti-DDoS for hosted infrastructure

Where you host your hardware at our sites or rent hardware from us. This option allows you to protect IPs and services that reside on our infrastructure and is included with most of our products!

Note that:

  • The number of attacks doesn't count
  • Protection works for any known type of DDoS attack, at any level
  • The size of the attack doesn't count
  • The number of IPs/devices protected is unlimited. You can choose to protect your entire AS with this service.
  • You are allowed to resell the service.
  • Specific requests for customised layers and protection methods are available.