Customer Portal

Search results


Your Choices Regarding Cookies on this Site

Welcome to Cookies are important to the proper functioning of a site. To improve your experience, we use cookies collect statistics to optimize site functionality. Click Agree and proceed to accept cookies and go directly to the site or click on Learn more about our Cookie Policy and Privacy Policy to see details first.





DDoS Protection


Product Overview

The RETN DDoS Protection suite is a robust collection of security services designed to protect your network and infrastructure from various types of DDoS attacks. It serves RETN IP Transit and Internet Access customers.

RETN has longstanding experience in providing Internet services. We believe that in the face of increasingly sophisticated cyber threats, DDoS mitigation is now essential and should be expected by all businesses and mission critical networks that require real-time protection. 

To help defend our customers, we recently reviewed and enhanced our entire product suite and offer, in order to prepare the way to make DDoS Protection a commodity and help our clients to tackle the 50,000+ daily attacksworldwide. 

Product Features


Deprioritisation of traffic – A system built in-house to protect the network on the edge and avoid congestions on the RETN backbone, where malicious traffic automatically receives a lower priority and gets discarded first in case of congestion.

Remote Triggered Blackhole (RTBH) – allows IP Transit customers to announce hosts tagged with 9002:666 BGP community, either for IPv4 or IPv6. All traffic destined to the /32 or /128 host tagged, will be discarded in ingress of the RETN Network.


Extended blackhole (eBH) – more selective protection than standard blackholing, leaving legitimate traffic unaffected. There are two BGP Communities available: 9002:667: drop all UDP traffic, 9002:668: drop UDP traffic from “known amplifiers” (UDP with source-port 19, 53, 123, 161, 389, 520, 1900, 11211 and fragmented UDP).

Flowspec – the BGP flow specification (Flowspec), allows you to rapidly deploy and propagate filtering and policing functionality among a large number of BGP peer routers to mitigate the effects of a DDoS attack over your network. This means that you will be able to define, in a very specific way, which traffic should be discarded on the RETN network before heading towards your interface(s).


  • Can drastically reduce volumetric attacks
  • Leverage RETN’s 72 Tbps of IP/MPLS network capacity to absorb the largest attacks
  • Very useful if integrated with your own DDoS Mitigation solution
  • Can be combined with any RETN DDoS Mitigation Service
  • Uncommon: just a handful of service providers offer these


The highest level of DDoS Protection is Mitigation, the ability to divert the traffic during an attack to the closest scrubbing centre, returning only the non-attack traffic to the customer.

New and Improved

We have recently greatly enhanced our DDoS Mitigation Product:

  • Increased scrubbing capacity by 5000%
  • Increased scrubber locations thereby decreasing average latency to closer scrubber by 54%
  • New unmetered model
  • New dedicated Security Operation Centre (SOC)
  • New RETN Security Portal
  • Implemented different detection methods, including a Smart Detection Mode built with AI assistance

Mitigation service is offered by two types of packages:

  • Core: aimed at clients unsure of their DDoS risk profile but want comprehensive protection at a very affordable rate.
  • Ultra: a package for any type of customer, complete peace of mind which benefits from all features as standard.

Product Benefits

Unmetered Auto-mitigation 24/7

Automatic mitigation is provided by default to all clients, without any counting of minutes or days of mitigation, available 24/7. 

Unlimited delivery of clean traffic

We deliver all the clean traffic without any hidden charge or limitation (up to your port size). 

Fast Mitigation triggering time

Depending on the type of the detection configured, our platform will trigger mitigation within the first 3 minutes of an identified DDoS Attack. 

Unlimited number of prefixes

We have no limitation of prefixes or subnets in place for all clients. 

Normal/Rapid detection mode

Both Normal and Rapid Modes are based on thresholds. The detection engine calculates the traffic of each signature in real time and then compares them to a manually configured threshold. If the traffic signature is greater than that of the threshold, it will be treated as abnormal. The difference between the two methods lies in the time granularity: Normal Mode sampling operates at the minute level, while Rapid Mode operates at the second level.

Smart detection mode (AI based)

Smart Mode uses machine learning algorithms to learn from historical netflow traffic data to detect whether the network is under attack. The advantage of Smart Mode is that it can automatically learn from large amounts of historical data and real time data, and customers do not need to perform much manual configuration when using this mode. It uses many traffic variables, and it can identify more complex traffic patterns when compared to the threshold-based method.

RETN Security Portal

On the Security Portal the customer can have full visibility of the whole network including traffic utilisation, type, source. You can sort by month, week, day, hour and switch between bps and pps view. Includes replays of DDoS events and access to the details of each of them, including size and duration.

Identify where the attacks are coming from and get a breakdown of the most common type of traffic traversing your network, by ingress or egress. You can stay on top of what’s happening in the network setting up real time alerts on your profile and generating monthly service reports.

24/7 SOC Support

Depending on the package selected, you can benefit from the support of the Security Operation Centre (SOC).

The SOC works in direct communication with the NOC and it is available for advanced requests or handling emergencies that may occur.