Deployment Methods

1- GRE Tunnel Solutions
Nexusguard Tunnel solution uses GRE to create a tunnel or virtual transport system to connect Nexusguard with client infrastructure. BGP is then used inside the tunnel to exchange routing information. Tunnel solution is flexible and transparent, preventing any modification of client data using Network Address Translation or other methods. Nexusguard Tunnel solution is stable and reduces the risk of a client’s real IP being attacked.

2- Direct Circuit
Created for discerning customers who demand the highest level of protection, Direct Circuit establishes a direct physical connection between Nexusguard and the client. Although more costly than the previous option, clients can enjoy dedicated true out-of-band connection for optimal security and reliability.

Requirement Comparison
Requirement BGP GRE Direct Circuit1
BGP Capable Router Y Y
GRE Capable Router Y -
Customer owned ASN Y Optional2
Customer Owned Public IPv4 addresses Y Optional3
/24 Prefixes Owned by Customer Y Y
ISP that supports IP transit Y Y4
Reachable to Nexusguard’s IDC via Local Loop N Y

1. Professional Service team consultation required for purchasing InfraProtect with Direct Circuit deployment mode.
2. Private ASN can also be used to establish BGP peering in DC mode.
3. Private IPv4 addresses can also be used to setup BGP peering in DC mode.
4. Customers who do not have ISP lines that support IP transit can acquire customized solutions from Nexusguard.

Benefit and Limitation Comparison
  Benefit Limitation
BGP GRE Location independent Tunnel stability has dependency
on ISP line’s stability
Redundant setup in
all scrubbing centers
Latency is constrained by ISPs
Direct Circuit Stable connectivity Customer must be able to connect to Nexusguard via local loop
Expected latency Redundancy is not supported
for only one DC connection
Nexusguard Infrastructure Protection
Nexusguard offers 2 flexible modes - InfraProtect Auto and InfraProtect Control - to meet your business needs.

InfraProtect Control

InfraProtect Auto

Secure your business from collateral damage caused by DDoS
DDoS attacks are a critical concern for data centers and other service providers. Uninterrupted availability of Internet access is often a business-critical requirement for its customers and yet, many of these customers on the same infrastructure run businesses inherently vulnerable to DDoS attacks. During these DDoS attacks, not only the targets are made unavailable to their intended users, other non-targeted customers on the same infrastructure also suffer as collateral damage. Incidentally, the hosting/Internet service provider shoulders substantial bandwidth cost, suffer customer complaints and damage to its reputation. This can result in loss of customers, loss of revenue and even invite litigations.

Nexusguard’s InfraProtect is a fully managed null-route solution tailored for service providers that shoulders DDoS attacks so that non-targeted customers continue to enjoy uninterrupted connection.

Before Attack (Peace Time)

During Attack without InfraProtect

Being protected by InfraProtect

  • Facility to dynamically reroute attacks to Nexusguard’s Cloud via GRE tunnel or Direct Circuit
  • Upstream null-routing of targeted IPs
  • Asymmetric return of clean traffic to the Service Provider
  • 2 flexible operation modes – InfraProtect Auto and InfraProtect Control - best suited to your business needs
  • Preventing collateral damage to non-targeted customers
  • Avoiding huge bandwidth overages by offloading attack traffic
  • Minimizing processing load on hardware and staff resources through outsourcing
  • Replacing the need to interact with multiple ISPs with a single window service
  • Reducing response time to DDoS attacks with auto-null-route services

Turn challenges into opportunities with InfraProtect
Service provider can now differentiate their services from competitors by keeping pipes clean of unwanted traffic and making services available to customers at all times, increasing the value of services and products, helping the company stay at the forefront of the industry.

InfraProtect also offers, through regular reporting, the visibility required to identify customers that are attracting DDoS attacks. Taking advantage of Nexusguard’s partner program, providers are presented with the opportunity to upsell appropriate solutions, turning what was a liability into a profit-generating customer.

“Our services have increased in stability and the number of complaints has decreased dramatically over the past couple of years with the help of Nexusguard’s InfraProtect. Offloading this responsibility has also helped in freeing up internal resources to focus on other projects,” Terry L., Hong Kong Service Provider.
Live Chat Software