Return to the websiteReturn to the customer area

SwissShield DDoS Protection

SwissShield™ DDoS Protection

SwissShield™ is UP-NETWORK’s multi-layer DDoS protection system designed to keep your services online during attacks. It combines local mitigation in Switzerland, global scrubbing capacity, BGP automation, and real-time traffic analysis, ensuring reliable protection for all VPS, dedicated servers and network solutions.

⚡ Overview

SwissShield provides:

  • Real-time L3/L4 DDoS detection

  • Local mitigation up to ~20 Gbit/s in Switzerland

  • Automatic overflow to > 1 Tbps global scrubbing centres

  • Full support for IPv4 & IPv6

  • BGP-based signalling (blackholing, redirect, clean-return)

  • Automatic traffic normalisation and behavioural filtering

  • Included free on all services (VPS, Dedicated, Transit*, Tunnels*)

SwissShield is designed to handle both volumetric and application-layer attacks.

🛡 How SwissShield Works

SwissShield operates in two coordinated layers:

1

🟩 Local Mitigation (Switzerland)

All traffic first passes through UP-NETWORK’s Swiss infrastructure:

  • Filters up to ~20 Gbit/s of attack traffic locally

  • Handles floods such as UDP reflection, SYN floods, ACK floods, malformed packet storms

  • Applies smart rate-limiting and L3/L4 heuristics

  • Ensures minimal latency since filtering is done directly within Switzerland

  • Ideal for small to medium attacks or targeted bursts

If the attack exceeds local capabilities or becomes highly volumetric, the system escalates automatically.

2

🟦 Global Scrubbing (Automatic Overflow)

For large-scale or distributed attacks:

  • Incoming traffic is redirected via BGP signalling to an external scrubbing provider

  • Scrubbing centres have >1 Tbps mitigation capacity and a backbone exceeding 3.5 Tbps

  • Malicious traffic is filtered out

  • Clean traffic is then re-injected into UP-NETWORK’s backbone

  • The entire process is automatic and seamless

This hybrid approach ensures both low latency and massive resilience.

🧠 Detection & Filtering Capabilities

SwissShield can mitigate:

  • UDP floods (Chargen, NTP, DNS, SSDP, memcached, etc.)

  • TCP SYN/ACK floods

  • TCP connection exhaustion

  • ICMP floods

  • Fragmentation & malformed packet floods

  • Multi-vector attacks

  • Slow-rate or protocol-specific attacks (when applicable)

  • Prefix-based blackholing on demand

Advanced tools include:

  • BGP communities for customer control

  • Automatic behaviour-based filtering

🌍 Supported Services

SwissShield protection applies to all UP-NETWORK services:

VPS Hosting

  • Included by default

  • Protection against bursts and repeated attacks

Dedicated Servers

  • Full filtering on all IP ranges

  • Optional enhanced policies for BYOIP customers

UP-Connect (Transit)

  • DDoS protection available as an add-on

  • Ideal for businesses colocated at the Gland datacenter

UP-Transport (GRE/VXLAN Tunnels)

  • Optional protection (+ CHF 20/month)

  • Filters attacks before they reach your tunnel endpoint

🧩 Optional Add-Ons

You may extend SwissShield with:

  • Custom filtering rules

  • Per-project mitigation profiles

  • Customer-controlled BGP blackhole communities

  • Enhanced anomaly detection

  • Traffic reports & attack analytics

  • Secure BGP packages (Basic / Secure / Dual-Port)

Contact support for custom requirements.

📈 Roadmap & Evolution

SwissShield is continuously expanding:

  • Increasing local mitigation from 20 Gbit/s to higher capacities

  • Deploying additional filtering nodes in multiple Swiss PoPs

  • Expanding scrubbing partnerships

  • Moving towards full sovereign Swiss DDoS mitigation (no external scrubbing)

UP-NETWORK invests heavily to ensure world-class network protection.

💡 Best Practices for Users

To maximise protection efficiency:

  • Use stable and consistent firewall rules

  • Enable rate-limits on public services (SSH/HTTP/SIP/etc.)

  • Implement geofencing where possible

  • Avoid exposing unnecessary services

  • For high-risk services, request custom SwissShield profiles

Our support team can assist with hardening and architecture design.

🚀 Next Steps

1

SwissShield is active on all new services by default.

2

For custom filtering, BGP blackholing, or enhanced protection, open a support ticket.

3

For information on configuring BGP, tunnels or routing with SwissShield, visit the Networking & BGP section.

4

For service-specific protection details (VPS / Dedicated), refer to the relevant documentation page.

SwissShield™ — engineered by UP-NETWORK to keep your infrastructure secure, fast and online, even under attack.

PreviousNetworking & BGPNextInfrastructure

Last updated