Redundant Anti-DDoS Setup for a Large Telco

This technical report outlines the implementation of a dual-site Secure Uplink architecture by Voxility for a major ISP in the Balkans, aimed at enhancing defenses against targeted DDoS attacks. The ISP faced challenges due to increasing frequency and sophistication of these attacks, which threatened service availability for high-value customers. The solution included full redundancy to eliminate single points of failure, selective mitigation to divert traffic only for customers under attack, and uninterrupted outbound flow to maintain existing peer connections. The architecture features two geographically separated nodes in Vienna and Bucharest, with intelligent traffic steering using BGP announcements to redirect attacked prefixes to scrubbing centers. The report details the operational modes, including active-standby and active-active configurations, allowing for flexible load sharing. The results indicate that the ISP can now deliver uninterrupted service even during attacks, ensuring customer protection without latency or complexity penalties, while maintaining a scalable mitigation posture against evolving threats.