FastNetMon and IP Infusion are collaborating to deliver an open, standards-based DDoS protection solution built on IP Infusion’s OcNOS network operating system and the FastNetMon traffic analysis and mitigation platform.
The joint solution combines real-time traffic detection with automated mitigation, enabling operators to detect and stop attacks in seconds using native routing protocols within a disaggregated network architecture.
The solution: OcNOS and FastNetMon
The integration brings together two complementary components:
- OcNOS, a carrier-grade network operating system designed for whitebox routing platforms
- FastNetMon, a high-performance traffic analysis and automated mitigation platform
Together, they form a closed-loop defense system that detects traffic anomalies through real-time telemetry and automatically applies mitigation policies directly at the network edge.
Unlike traditional inline mitigation appliances, the architecture operates out-of-band, allowing networks to stop attacks without rerouting traffic or introducing additional latency.
More details about the solution are available on the IP Infusion solution overview page:
https://www.ipinfusion.com/ocnos-ddos-protection/
How the solution works
OcNOS routers export high-performance sFlow and IPFIX telemetry generated at line rate by hardware ASICs. FastNetMon continuously analyses this telemetry, correlating traffic patterns and identifying anomalies that indicate an attack.
When malicious traffic is detected, FastNetMon automatically distributes mitigation rules using standard BGP mechanisms. Depending on the scenario, networks can apply:
- BGP Flow Spec for precise filtering of malicious traffic flows while keeping legitimate traffic operational
- Remote Triggered Black Hole (RTBH) routing for immediate protection against large volumetric floods
Mitigation rules are withdrawn automatically once the attack subsides, restoring normal traffic flow without manual intervention.
A detailed technical overview is available in the joint solution brief:
https://media.ipinfusion.com/Solution-Brief/03-26-Affordable-Automated-DDoS-for-Modern-Networks-with-OcNOS-and-FastNetMon.pdf
Disaggregated architecture advantages
The solution follows a disaggregated networking model in which detection and enforcement scale independently. Operators can expand mitigation capacity by adding routers or increase analytical capacity by scaling software instances, avoiding hardware replacement cycles common in legacy security appliances.
By relying entirely on open standards, including BGP Flow Spec, RTBH, sFlow, and IPFIX, the architecture integrates cleanly into multi-vendor environments while reducing operational complexity and vendor lock-in.
Architecture benefits in practice
By combining FastNetMon’s detection intelligence with OcNOS routing capabilities, the collaboration provides a practical path toward automated, scalable DDoS defence suitable for service providers, data centres, and large enterprise networks.
The solution demonstrates how disaggregated networking and open standards can deliver fast mitigation, operational simplicity, and long-term architectural flexibility compared to legacy security models.
