Use Case
DDoS Protection for
Telecom Carriers
Telecom carriers operate the backbone that everything else depends on. When DDoS attacks target core routers, peering points, or subscriber-facing infrastructure, the impact cascades across entire regions. Flowtriq provides per-node and flow-based detection with automated BGP mitigation, giving your NOC sub-second visibility across the entire network.
The Problem
Carriers bear the full weight of DDoS attacks
Telecom carriers are both direct targets and collateral damage conduits. An attack targeting one downstream customer can saturate shared transit links and degrade service for thousands of subscribers. Attacks on DNS infrastructure, peering points, and core routers have network-wide impact that extends far beyond the original target.
Traditional carrier-grade DDoS solutions require dedicated hardware appliances deployed at every scrubbing center and network edge. The capital expenditure is significant, and the operational complexity of managing multiple appliances, software versions, and license renewals adds ongoing burden to already stretched NOC teams.
Regulatory requirements add another layer. Telecom regulators in many jurisdictions require carriers to demonstrate DDoS detection and response capabilities. EU carriers face NIS2 incident reporting obligations with strict timelines. Without automated detection and forensic documentation, meeting these requirements means manual processes that scale poorly.
03:00:45 Transit link utilization hits 95%
03:01:30 Packet loss across peering point
03:03:00 Subscriber complaints begin
03:08:00 NOC identifies target prefix
03:12:00 Manual RTBH route injected
03:12:00 Collateral duration: 12 minutes
Subscribers impacted: 14,000
SLA credits issued: 8
Regulatory filing required: Yes
How Flowtriq Helps
Network-wide detection with automated BGP response
Flowtriq ingests sFlow, NetFlow, and IPFIX from your core routers, peering edges, and access switches. Flow-based detection gives you network-wide visibility without deploying agents at every point of presence. For critical infrastructure like DNS servers and management nodes, the FTAgent adds kernel-level detection with sub-second response.
When an attack is detected, Flowtriq can automatically inject BGP FlowSpec rules or RTBH announcements through ExaBGP to your edge routers and upstream transit providers. Surgical FlowSpec rules drop attack traffic while preserving legitimate traffic to the targeted prefix. All rules auto-withdraw when the attack subsides.
Your NOC sees every flow anomaly, every incident, and every mitigation action in a single dashboard. Forensic reports with timestamps, traffic characterization, and mitigation evidence are generated automatically for every event, supporting regulatory filings without manual reconstruction.
03:00:01 BPS=48Gbps Target=198.51.x.0/24
T+0.2s Incident opened · UDP Amplification · 98%
T+0.4s FlowSpec injected · ExaBGP → PE routers
T+0.6s Alerts fired · PagerDuty · NOC Slack
T+0.8s Forensics captured · PCAP + flow records
03:00:02 Transit utilization=42% MITIGATED
03:15:00 Attack subsides · FlowSpec withdrawn
Subscriber impact: 0
SLA credits: $0
_
Key Features
Built for carrier-scale networks
Flow-based network-wide detection
Ingest sFlow, NetFlow v5/v9, and IPFIX from core routers, PE routers, and access switches. Detect DDoS attacks across your entire backbone without agents at every POP. Per-flow analysis identifies the exact target prefix, protocol, and attack vector.
Automated BGP FlowSpec and RTBH
When attacks are detected, Flowtriq injects FlowSpec rules or RTBH announcements via ExaBGP to your edge routers and upstream providers. Surgical FlowSpec rules drop specific attack signatures while preserving legitimate traffic. All rules auto-withdraw when the attack ends.
Per-node kernel-level mitigation
For critical infrastructure like DNS resolvers, management nodes, and subscriber portals, deploy the FTAgent for sub-second detection and automated iptables/nftables rules. The 4-level escalation chain handles everything from local floods to volumetric attacks.
Subscriber protection
Monitor traffic per subscriber segment or prefix block. When an attack targets a specific customer, Flowtriq detects and mitigates for that segment without creating false positives or collateral damage across the rest of the network.
Regulatory-ready forensics
Every incident generates structured documentation with timestamps, attack classification, traffic volumes, affected prefixes, and mitigation actions. Export to your SIEM for centralized compliance reporting. Supports NIS2 Article 23 notification timelines for EU carriers.
SIEM and NOC tool integration
Export structured telemetry to Splunk, Elasticsearch, Microsoft Sentinel, Syslog CEF, and Wazuh. Prometheus metrics export feeds Grafana dashboards. REST API and Terraform provider for infrastructure-as-code management across your fleet.
By the Numbers
The impact on carrier operations
Before & After
How Flowtriq transforms carrier DDoS response
Without Flowtriq
- Attacks detected after transit links saturate
- Manual RTBH injection takes 10+ minutes
- Collateral damage across subscriber base
- SLA credits issued for preventable outages
- Regulatory filings require manual log review
- No per-subscriber attack attribution
With Flowtriq
- Flow-based detection across entire backbone
- Automated FlowSpec and RTBH in under 1 second
- Surgical mitigation preserves clean traffic
- Zero subscriber impact per mitigated event
- Compliance documentation generated automatically
- Per-prefix attribution with full forensics
Pricing
Flexible pricing for carrier networks
Per-node agents for critical infrastructure at $9.99/month. Flow sources for router-level detection from $19/source/month with volume discounts for carrier-scale deployments. No bandwidth fees, no per-Gbps licensing. Contact us for custom carrier pricing.
FAQ
Common questions from telecom teams
Can Flowtriq ingest flow data from our core routers?
Yes. Flowtriq supports sFlow, NetFlow v5/v9, and IPFIX ingestion from any router or switch that supports these protocols. Point your flow export at a Flowtriq flow source for network-wide DDoS visibility across your entire backbone, peering edges, and access networks. Flow sources start at $19/source/month with volume discounts.
How does Flowtriq integrate with our existing BGP infrastructure?
Flowtriq supports automated BGP FlowSpec and RTBH (Remote Triggered Black Hole) mitigation. When an attack is detected, Flowtriq can inject FlowSpec rules or RTBH announcements via ExaBGP to your edge routers. Rules auto-withdraw when the attack subsides. This integrates with your existing BGP speakers and upstream transit providers.
Does Flowtriq meet telecom regulatory requirements?
Flowtriq provides the detection, alerting, and forensic documentation capabilities that telecom regulators expect. Every incident includes timestamps, classification, traffic volumes, and mitigation actions. For EU carriers, Flowtriq captures the evidence required for NIS2 Article 23 incident notifications. Export data to your SIEM for centralized compliance reporting.
Can we protect individual subscriber segments?
Yes. Deploy FTAgents on subscriber-facing infrastructure or use flow-based detection from your access switches to monitor traffic per subscriber segment. When an attack targets a specific customer or address block, detection fires for that segment without creating false positives across the rest of the network.
What about protecting voice infrastructure?
Flowtriq detects SIP floods, REGISTER storms, and RTP disruption attacks targeting VoIP infrastructure. Deploy agents on your SBCs, media gateways, and SIP registrars for per-component detection. Port-aware classification distinguishes voice signaling traffic from data plane attacks.
Related Use Cases
Flowtriq for network operators
Schedule a Fit Assessment
30-minute call to discuss your network architecture and detection requirements. No sales pressure.
Book a CallGet the Implementation Guide
Step-by-step deployment guide for carrier networks. Sent straight to your inbox.