Wireless ISPs (WISPs) often rely on smaller, cost-effective routers such as MicroTik for their network infrastructure. These routers, while affordable and practical, lack the necessary flow-sampling capabilities for effective DDoS detection, presenting unique challenges for WISPs to implement off-ramp DDoS protection solutions. Without flow-sampling, WISPs are faced with two critical problems.

‍

Challenges faced by Small WISPs

1) Cost of Flow Monitoring

Small routers are unable to perform flow-sampling, requiring full unsampled flows to be sent to cloud-based flow collectors. This leads to high operational costs since most cloud or appliance-based flow monitoring services charge based on the volume of flows processed. The lack of flow-sampling efficiency creates a financial strain on smaller WISPs.

‍

2) DDoS Mitigation

WISPs using smaller routers typically struggle to implement BGP-based off-ramp DDoS protection. Without flow detection capabilities, it becomes challenging to trigger mitigations automatically through services like Nexusguard’s Origin Protection, which relies on BGP route advertisements for effective traffic redirection and protection.

‍

Proposed Solution

To overcome these challenges, a two-part solution is proposed that leverages Fastnetmon, a cost-effective software-based flow-monitoring tool, and Nexusguard’s Origin Protection Service for off-ramp DDoS mitigation.

‍

1) Flow Monitoring with Fastnetmon

Fastnetmon is a flexible, open-source software designed to monitor unsampled flows. By installing Fastnetmon locally in the WISP environment, WISPs can ingest and monitor large volumes of unsampled flow data without the need for expensive cloud-based collectors.

Fastnetmon performs basic DDoS detection by analyzing traffic patterns and identifying anomalies indicative of attacks, allowing for cost-effective monitoring that scales with the WISP’s infrastructure without excessive data costs.

‍

‍

2) BGP-based DDoS Mitigation via Nexusguard’s Origin Protection Service

Once an attack is detected, Fastnetmon can automatically inject BGP routes to advertise traffic through Nexusguard’s Origin Protection Service. This enables off-ramp DDoS protection, redirecting malicious traffic away from the WISP’s network while ensuring legitimate traffic is unaffected.

Nexusguard’s Origin Protection Service acts as a DDoS mitigation solution, allowing small WISPs to enjoy enterprise-grade protection without needing expensive infrastructure upgrades or flow-sampling capabilities.

‍

Summary

This two-part solution provides a practical and cost-effective way for small WISPs using MicroTik routers and similar devices to address both flow monitoring and mitigation challenges. With Fastnetmon for local flow monitoring and Nexusguard’s Origin Protection Service for off-ramp DDoS mitigation, WISPs can protect their networks against DDoS attacks without incurring the high costs typically associated with flow-based monitoring services.

Protect your WISP network from DDoS attacks with our two-part solution. Connect us today to fortify your defenses with the robust combination of Fastnetmon and Nexusguard's Origin Protection

By utilizing Fastnetmon for local flow monitoring and Nexusguard’s Origin Protection Service for off-ramp DDoS mitigation, WISPs can safeguard their networks from DDoS attacks cost-effectively.