DDoS Protection and Network Security

Detect and mitigate attacks within 2 seconds with OcNOS and FastNetMon.

Discover Key Advantages in Solution Brief

DDoS ATTACKS ARE EVOLVING

+358% Surge in Attack Frequency

DDoS attacks surged 358% in 2025 versus 2024, showing the rapid rise in frequency and sophistication of modern threats.

6 Tbps+ Peak Attacks

Volumetric floods have now reached over 6 Tbps, exceeding both the capacity and economics of legacy scrubbing appliances.

2 Seconds Required Response Time

Manual mitigation is no longer viable. Only real-time automated protection can stop threats before major damage occurs.

The Solution: OcNOS + FastNetMon

The IP Infusion OcNOS + FastNetMon solution delivers fully automated, carrier-grade DDoS defense using a modern disaggregated architecture.
It combines two core components: OcNOS (carrier-grade NOS on cost-effective whitebox routers) and FastNetMon (intelligent software detection and mitigation platform).
OcNOS + FastNetMon disaggregated DDoS defense architecture

Operational Simplicity

Fully automated closed-loop protection with zero manual intervention and seamless integration into existing networks.

Agile Scalability

Independently scale detection or enforcement as your network grows – without hardware rip-and-replace.

Lower Total Cost

Up to 75% TCO reduction by replacing proprietary appliances with open whitebox hardware and software.

HOW IT WORKS

OcNOS + FastNetMon provides the complete fix: A closed-loop automated defense that detects threats via real-time telemetry and stops attacks with BGP signaling directly at the edge in under 2 seconds.

OcNOS + FastNetMon disaggregated DDoS defense

Closed-Loop DDoS Defense with OcNOS and FastNetMon

1. Detect

OcNOS routers sample traffic at line rate using ASIC-accelerated sFlow/IPFIX telemetry (out-of-band, no performance impact).

2. Analyze

FastNetMon ingests the telemetry, correlates flows in real time, and identifies anomalies using behavioral thresholds.

3. Mitigate

FastNetMon automatically pushes standards-based BGP FlowSpec (surgical filtering) or RTBH (instant null-route) rules to all OcNOS routers for line-rate hardware enforcement.

4. Recover

Rules auto-withdraw when the attack ends. The system logs the event, restores normal traffic, and continuously improves detection accuracy.

 

How it Compares to Legacy Solutions

 

Feature OcNOS + FastNetMon (Disaggregated) Traditional (Monolithic) Appliances
Architecture  OcNOS on whitebox routers + FastNetMon software (VM) Single proprietary “black box” appliance
Telemetry & Enforcement OcNOS exports ASIC-accelerated sFlow/IPFIX telemetry and enforces BGP rules at line rate while FastNetMon performs real-time analysis Bundled inline “scrubber” appliance
Control Plane Decoupled: FastNetMon software (VM) performs detection, analysis, and policy generation Bundled inside the appliance
Traffic Path Out-of-band telemetry + direct edge mitigation (no rerouting, zero added latency) Requires inline processing or diversion to central scrubbing center
Scalability True scale-out: Add detection VMs or routers independently Limited scale-up: Must replace entire expensive chassis
Standards 100% open standards (BGP FlowSpec, RTBH, sFlow, IPFIX) – full interoperability Often proprietary methods and vendor lock-in
Cost Model Cost-efficient whitebox hardware + flexible software (up to 75% TCO savings) High-cost proprietary hardware with vendor lock-in

Get the Architecture Review