Infrastructure DDoS Protection by Link11 is a cloud-based system that fends off DDoS attacks on applications and services in an autonomous system. The system includes a globally distributed DDoS scrubbing center architecture to protect organizations against even the largest DDoS attacks.

Contact us now

Why Infrastructure DDoS Protection is important for you

Those who host their own infrastructure are increasingly being targeted by cybercriminals. At the end of 2021, the number and complexity of DDoS attacks on IT infrastructure providers reached a sad peak. The infrastructure risk factor will continue to play a role in the coming months, and there is no sign of the threat leveling off.

The following DDoS threats, among others, exist for your infrastructure:
  • Blockage of the access line: Your way out is blocked by requests which, among other things, leads to faulty communication between the services.
  • Unavailability of services: Under the attack load, the performance of your infrastructure can go to its knees and no longer correctly process the requests you actually want.
  • Crippling the infrastructure: The entire infrastructure is negatively affected – this would result in disrupted servers or capped VOIP telephony, for example.

The consequences of a successful DDoS attack are sometimes massive and, in addition to high costs due to important service failures, also include sensitive image damage, since customers/users temporarily no longer have access to the services. Effective infrastructure protection plays a fundamental role, especially for financial service providers or critical infrastructure operators.

How the Link11 Infrastructure
DDoS technology works

Link11 Infrastructure DDoS Protection provides comprehensive protection against volumetric and non-volumetric attacks on layers 3 and 4. In always-on mode, all customer traffic flows continuously through the Link11 security matrix to ensure minimal latency and enable fully automated attack detection and mitigation. On-Prem or hybrid models are also supported.

  1. You connect via a physical connection (L2) or GRE tunnel to the Link11 data center location of your choice.

  2. Within this L2 connection, a BGP connection is set up between Link11 and yourself, which will act as a route distributor between both parties in the future.

  1. Once this is done, you can now use Link11 as a transit provider to the Internet


  2. In addition, you can choose whether you want the incoming traffic to flow completely, partially, or on standby via Link11.

Infrastructure DDoS Protection


The Link11 Insights feature is not limited to specific hardware options and can therefore be used with an existing setup. While most hybrid solutions require an active BGP connection, the Insights feature gives you more flexibility: companies can continue to use a standard BGP session or set up a Netflow export. The Netflow stream analyzes incoming data in real time and automatically switches a redirect as soon as a defined threshold is reached.

Hybrid solutions rely on a group setting of anomaly detection interfaces. With Insights, you can instead set a whole range of specific thresholds individually:

  • Mbit per second
  • Traffic sources per second
  • Number of traffic sources
  • Number of source countries 
  • Number of Internet service providers

DDoS detection and protection measures

A DDoS (Distributed Denial of Service) attack attempts to overwhelm an Internet-connected asset with the aim of making it unavailable to legitimate users. Our DDoS protection includes various measures that prevent this condition from ocurring:


Volumetric attacks:

  • Botnet-based TCP floods
  • Botnet-based UDP floods
  • ICMP-Floods
  • UDP Amplification Reflection floods
  • TCP Reflection floods
  • Unknown/unspecified protocols using artificial intelligence/machine learning

Protocol floods:

  • Invalid combinations of IP/TCP
    header flags
  • Unknown/unspecified protocols using artificial intelligence/machine learning

Also good to know:

  • By combining infrastructure protection with Link11 Web DDoS Protection, DDoS attacks in TLS-encrypted HTTP traffic (HTTPS) can be detected and defended against.
  • For DDoS attacks from IPv6 networks Link11 offers volume protection that includes the use of network policers on the routers to prevent or mitigate typical DDoS attacks.

Your Link11 Dashboard

A glance at the interface reveals the strength of your DDoS protection.

The Dashboard via DNS forwarding provides you with individual insight into the real-time analysis of the data traffic. It furthermore shows DDoS attacks that have been fended off and their origin, the server availability, and measurement results concerning current server response times. Moreover, individual countries can be blocked in the Dashboard.


The reports enable the scheduled generation of customized reports in a management overview. The reports can automatically be sent at regular intervals. All settings configured by the administrators in the user interface can be tracked and corrected ad hoc.

Alert Function

An alert function can notify the user about urgent threats by means of text messages. For every blocked connection, the blocking list indicates the reason for the filtering, the place of origin, and the duration of the connection. In this blocking list, blocked connections can also be unblocked for future connection attempts.

Diagnosis Dashboard

The Diagnosis Dashboard features general DDoS information and draws attention to current threats. Additionally, a DDoS alert system and a DDoS traffic display provide a quick overview of the current security status. The settings area enables the adjustment of the granularity of the smart DDoS filter and the configuration of settings for approved and unwanted access by means of blacklists and whitelists.


The whitelist makes it possible to setup permanent access for systems whose behavior deviates greatly from that of a normal user. For example, approved Internet crawlers are identified, and the compatibility with standard search engines, approved advertising bots, and administrators is guaranteed.

Why Product Managers choose Link11

As an internationally operating multi-cloud service provider, it is particularly important for Arvato Systems to protect its infrastructure effectively. Jochen Weper (Product Manager) talks about the new options that open up with the Link11 partnership.


Case Study:
Arvato Systems

Arvato Systems serves the IT needs of both internal and external customers.
Given the increase in volume and complexity of distributed denial of service
(DDoS) attacks, the company needed to scale the mitigation capacity of its
data center and security architecture.
Harnessing Link11’s cloud-native DDoS protection service on Platform Equinix
ensured that only “clean traffic” reached Arvato Systems’Systems’ and its
customers’ networks.

Arvato Systems now transmits 90% of its IP traffic via Link11’s cloud-based
protection solution over Equinix Fabric. The artificial intelligence (AI)
used filters the incoming data and ensures that only the incoming data and
ensures that only “clean” and harmless traffic is allowed on is allowed on
Arvato System’s network. The risk of system failures triggered by DDoS attacks
is thus a thing of the past.

Download Case Study


Would you like to learn more about Infrastructure DDoS Protection?

Give us a call or write us an Email. We’d be happy to be of help.

This site is registered on as a development site. Switch to a production site key to remove this banner.