What Is a DDoS Attack?

A DDoS attack floods your network, servers, or applications with malicious traffic at a scale designed to exhaust available bandwidth or processing capacity. The result: your services become slow or entirely unreachable for legitimate users. Attacks range from volumetric floods, measured in hundreds of gigabits per second, to sophisticated application-layer attacks targeting specific services.

The challenge for most businesses is that a significant DDoS attack overwhelms local defences before they can respond. The solution must operate upstream, at the network level, before attack traffic reaches your infrastructure.

AgileSP DDoS Protection: How It Works

AgileSP’s DDoS Protection service operates at the network level, upstream of your infrastructure. When an attack is detected, malicious traffic is rerouted to AgileSP’s scrubbing infrastructure, where it is identified, filtered, and discarded. Clean, legitimate traffic is returned to your network, and your services remain online throughout the process.

The entire detection-to-mitigation cycle is designed to be fast and automatic, minimising the window during which your services are exposed to attack traffic.

Three Layers of Mitigation

AgileSP’s DDoS Protection provides three distinct mitigation techniques, each suited to different attack scenarios:

Arbor TMS Scrubbing

Traffic diversion to our carrier-grade scrubbing infrastructure strips volumetric, protocol, and application-layer attack traffic while passing legitimate flows through. This is the most effective option for complex or high-volume attacks.

BGP Blackhole (RTBH)

For situations where a single IP or small prefix is under an unmitigatable volumetric attack, RTBH allows you — or our NOC — to trigger a null-route via BGP community. Traffic to that destination is dropped at AgileSP’s network edge and across participating upstreams. Blunt, but fast and effective for absorbing attacks at volume.

Flowspec (RFC 5575)

BGP Flowspec pushes fine-grained drop rules — by destination port, source prefix, TCP flags, DSCP, or packet length — directly to AgileSP’s routers. This enables surgical mitigation: dropping NTP amplification packets or TCP SYN floods targeting a specific port while continuing to pass all other traffic to the same destination IP.

Always-On Detection

AgileSP’s DDoS Protection is not a reactive service that requires manual intervention to activate. Traffic baselines are continuously monitored, and anomaly detection algorithms identify attack signatures in real time. When a threshold is crossed, mitigation begins automatically — your team is notified, but the protection is already working.

This always-on approach is critical because DDoS attacks are designed to move faster than human response times. By the time a NOC team identifies and escalates an incident manually, volumetric attacks have already caused significant damage.

DDoS Protection Features

• Always-on monitoring: continuous traffic analysis and anomaly detection with no manual activation required.
• Automatic mitigation: attack traffic is rerouted and scrubbed without disrupting legitimate users.
• Multi-vector protection: defends against volumetric floods, protocol attacks, and application-layer attacks simultaneously.
• Arbor TMS scrubbing: carrier-grade mitigation platform deployed within AgileSP’s network.
• BGP blackhole (RTBH): trigger a null-route for a specific /32 or /128 via BGP community, dropping attack traffic at the network edge.
• Flowspec mitigation: surgical traffic filtering by protocol, port, TCP flags, or packet size — drops the attack pattern without dropping legitimate traffic.
• Clean traffic return: only verified legitimate traffic is passed to your servers and services.
• Attack reporting: post-event reports detailing attack vectors, volumes, and mitigation actions taken.
• 24/7 NOC support: AgileSP’s engineering team monitors mitigation events and is available around the clock.

Global Scrubbing Capacity

The effectiveness of a DDoS protection service is directly linked to the capacity of the network behind it. A scrubbing service running on a small or regional network cannot absorb large volumetric attacks — the attack traffic itself overwhelms the scrubbing path before mitigation can take effect.

AgileSP’s DDoS Protection is backed by a network with European anchor points in London (Equinix LD8) and Amsterdam, providing substantial upstream capacity to absorb volumetric attacks before they reach the African network.

Geographic distribution of scrubbing capacity means that even high-volume attacks can be absorbed and cleaned without degrading the service for other customers or legitimate users.

Protection at the African Network Level

For South African businesses, a local DDoS scrubbing capability matters — not just a foreign scrubbing service that routes all traffic out of the country and back again. AgileSP’s protection operates within our own network infrastructure, meaning that African-origin attack traffic is identified and mitigated at the African network level, reducing unnecessary international traffic and keeping scrubbing latency low for your legitimate users.

Who Needs DDoS Protection?

• ISPs and hosting providers: protect your customers and your own infrastructure from volumetric and application attacks.
• E-commerce businesses: stay online during peak trading periods, when DDoS attacks are often timed to maximise commercial impact.
• Financial services: protect transaction systems, payment gateways, and customer-facing banking platforms.
• Gaming and entertainment: maintain low-latency, high-availability services for competitive gaming and streaming platforms.
• Government and critical infrastructure: protect public-facing services and mission-critical systems.
• SaaS providers: ensure contractual SLA uptime commitments to your customers are maintained under attack conditions.

Integrated With AgileSP Services

For existing AgileSP IP Transit, DIA, or colocation customers, DDoS Protection can be added as an integrated layer on top of your existing service. The close integration with AgileSP’s routing infrastructure means that mitigation is faster and more effective than a standalone, third-party scrubbing solution — with a single point of contact for both your connectivity and your protection.

AgileSP is a proud B-BBEE Level 1 contributor and a MANRS participant, committed to routing security and responsible internet infrastructure.

Frequently Asked Questions

How does network-level DDoS protection work?

Rather than placing a scrubbing appliance in your own data centre, AgileSP’s DDoS protection operates inside our network — upstream of you. When an attack is detected against your IP space, your inbound traffic is rerouted through our Arbor TMS scrubbing infrastructure. Attack traffic is stripped out; clean traffic continues to your network. From your perspective, the attack simply does not arrive.

Do I need to change my hardware or configuration?

No hardware changes are required on your end. DDoS protection is activated on your AgileSP service — typically via a BGP community or a scrubbing policy applied to your prefix. Our NOC will walk you through any configuration steps at activation time.

What is BGP blackholing (RTBH)?

Remote Triggered Black Hole (RTBH) is a technique where you advertise a specific /32 (or /128 for IPv6) with a blackhole BGP community. AgileSP — and participating upstream carriers that support the community — install a null-route for that destination, dropping all traffic to it at the network edge before it can congest your link. It sacrifices the targeted IP in exchange for protecting everything around it.

What is Flowspec?

BGP Flowspec (RFC 5575) extends BGP to carry traffic filter rules — essentially pushing access-list entries to routers via BGP. This allows us to drop specific attack traffic (for example: UDP traffic to port 123 from a source prefix associated with an NTP amplifier botnet) without a full scrubbing diversion and without affecting other traffic to the same destination.

How fast does mitigation kick in?

Detection and automatic mitigation typically engage within minutes of an attack exceeding detection thresholds. For RTBH and Flowspec, once a community or rule is triggered, propagation across AgileSP’s network is near-instantaneous via BGP. Our NOC is available 24/7 to assist with active attacks and manual tuning.

Protect Your Business

DDoS attacks will not wait for a convenient time to strike. Contact AgileSP to discuss your infrastructure and we will design a protection profile that matches your risk exposure and availability requirements.