Redge GuardianCloud

A BGP anycast global scrubbing service. Gain the ultimate protection for servers, infrastructure, and digital content.

SOS, network under attact? Contact us.

Under
attack?

Are you under attack?

We will contact you as soon as possible to provide the best anti-DDoS mitigation solution.
With regards - Redge Guardian team.

How does it work?

Redge Guardian Cloud is an IP infrastructure protection service
Redge Guardian Cloud is an IP infrastructure protection service, consisting of multiple scrubbing centers located in major internet exchange points (IXPs) all over the world. Each scrubbing center has at least 100G connectivity and runs proprietary dataplane software capable of inspecting and filtering hundreds of millions of packets per second.
Redge Guardian Cloud uses Border Gateway Protocol (BGP) anycasting and legitimate
Redge Guardian Cloud uses Border Gateway Protocol (BGP) anycasting and legitimate, RPKI-compatible hijacking methods. After detecting the attack with NetFlow/IPFIX/sFlow, the protected IP address space is advertised from all scrubbing centers. Incoming traffic is redirected to the closest scrubbing center, filtered, and passed to the destination with a GRE, IPIP or FoU tunnel. It is possible to use IPv6 as an underlay network.

Comprehensive protection

The Redge Guardian Cloud traffic inspection pipeline comprises of signature-based stateless filters, half-state TCP inspection, and a high-performance L7 regex engine. Signatures are updated periodically based on analyses of ongoing attacks and emerging threats. In addition, users can apply a different filtering policy in the Redge Guardian Cloud management panel.
Comprehensive protection

Easy setup

Deploying Redge Guardian Cloud does not require any changes in network architecture. The only necessary actions are GRE tunnel configuration and authorising Redge Guardian (RIR whoisdb and RPKI objects) to anycast parts of your IP address space (typically /24s). In the case of multihoming, all uplinks are protected by a single service.

Principles of operation

Redge Guardian platform does not interfere with outgoing traffic from the client network.
Redge Guardian - Principles of operation, TCP flood, SYN flood, ACK flood
Clean traffic is delivered via direct peering at the IXP

Service activation triggers BGP advertisement of the prefix (typically more specific, like /24) under attack and redirects all inbound traffic to Redge Guardian scrubbing centers.

Clean traffic is delivered via direct peering at the IXP

The attack is filtered in the scrubbing center using static and dynamic rules configured for the customer.

Clean traffic is delivered via direct peering at the IXP

Clean traffic is delivered via direct peering at the IXP or via the GRE tunnel over public internet. The Redge Guardian platform does not interfere with outbound traffic coming from the customer’s network.

Download brochure about Redge Guardian Cloud

For more details on the Redge Guardian Cloud, please see our datasheet.

DOWNLOAD
Redge Guardian On-premise protection

Or perhaps check our on-premises? Learn more about the Redge Guardian Platform.

READ MORE