Automated traffic diversion to external scrubbing centres
Scrubbing centres are a proven way to mitigate large-scale DDoS attacks by diverting malicious traffic away from your network for cleaning before it reaches services or customers. During an attack, affected prefixes are redirected to a scrubbing provider, where attack traffic is filtered and legitimate traffic is returned.
FastNetMon automates this diversion process by acting as the control plane between real-time DDoS detection and your scrubbing infrastructure. Instead of relying on manual intervention or always-on scrubbing, engineers define the rules in advance, and FastNetMon executes them immediately when an attack is detected.
How scrubbing centre diversion works with FastNetMon
FastNetMon continuously analyses live network traffic and detects DDoS attacks in near real time. When an attack meets operator-defined thresholds, FastNetMon automatically initiates traffic diversion using the configured method.
The most common approach is BGP Unicast diversion, where FastNetMon announces a more specific prefix (for example, a /24 in IPv4) toward the scrubbing centre while keeping the covering prefix routed normally. Due to standard BGP path selection, traffic for the affected prefix is redirected to the scrubbing centre globally.
For IPv6 networks, FastNetMon supports configurable prefix lengths (such as /48) to accommodate different routing policies and operational constraints.
Once the attack subsides, FastNetMon can automatically withdraw the diversion announcement, restoring normal routing without manual cleanup.
Automation without sacrificing operator control
FastNetMon does not enforce a fixed mitigation model. Instead, it allows engineers to define exactly when, how, and for which prefixes scrubbing diversion should occur.
Diversion can be triggered using:
- BGP Unicast announcements
- BGP Flow Spec–based signalling
- External scripts
- API-based integrations with scrubbing providers
FastNetMon determines the affected host or prefix, maps it to the appropriate network block, and applies the preconfigured diversion logic consistently and at machine speed—eliminating delays caused by human intervention during active attacks.
API-based integration with scrubbing providers
In addition to BGP-based diversion, FastNetMon Advanced supports native API integrations with several cloud and on-premise DDoS scrubbing services. These integrations allow FastNetMon to signal scrubbing providers directly, without requiring custom glue logic.
Currently supported scrubbing integrations include:
- Gcore Global DDoS Protection
- F5
- Cloudflare Magic Transit
Using these integrations, FastNetMon can:
- Programmatically enable traffic diversion via the provider’s API
- Pass attack context and affected prefixes
- Automatically withdraw diversion once the attack ends
This provides a clean, deterministic lifecycle for scrubbing activation and rollback.
Designed for large and complex networks
Scrubbing diversion is typically used in scenarios where absorbing or filtering traffic locally is no longer viable. FastNetMon is designed to support these decisions at network scale, where sacrificing a specific prefix is preferable to risking congestion or instability across the entire network.
By automating detection and diversion:
- Attack traffic is removed before it consumes backbone capacity
- Scrubbing is activated only when required
- Legitimate traffic can be returned after filtering
- Engineers retain full visibility and control over mitigation behaviour
FastNetMon works with existing routers, mitigation systems, and scrubbing providers, making it suitable for ISPs, telcos, hosting providers, and large enterprise networks.
Part of a complete DDoS mitigation stack
Scrubbing centre automation is one component of FastNetMon’s broader DDoS protection capabilities. It integrates seamlessly with:
- Real-time DDoS detection and traffic visibility
- BGP Blackhole (RTBH) automation
- BGP Flow Spec rule enforcement
- Blocklist-based filtering
- External mitigation systems
This allows operators to build layered, network-level defence strategies without locking into a single vendor or mitigation approach.