Nokia and NL-ix deploy Deepfield Defender for the largest IXP-based anti-DDoS protection in Europe

NL-ix is a leading pan-European internet exchange with headquarters in Rotterdam that operates one of the largest distributed internet exchange (IX) footprints in the world. Its network spans more than 100 data centers in 16 metro areas across 8 countries, connects over 600 networks, and serves a diverse customer base of internet service providers, carriers, content delivery networks, cloud providers, and enterprises. Customers rely on NL-ix to optimize traffic flow, reduce latency, and add resilience to Europe's digital backbone.

Over the past decade, NL-ix has transformed from a national interconnection provider into one of Europe's most innovative distributed business internet exchanges. NL-ix now runs on Nokia FP5-based 7750 Service Routers, which let NL-ix triple its capacity without adding floor space or power. Guided by its operating mantra -- 'if the opportunity exists, we'll deploy in any country' -- NL-ix has continuously evolved its services and was ready to take its next strategic step: redefining what an internet exchange can offer.

The distributed denial of service (DDoS) threat landscape has shifted decisively toward more frequent, sophisticated, and impactful attacks. Traditional anti-DDoS architectures route enterprise traffic to centralized scrubbing centers -- often operated by third parties outside Europe -- adding latency, raising data privacy and regulatory concerns under the GDPR, and turning security into a cost center rather than a service. As a neutral peering intermediary, NL-ix had historically remained outside DDoS mitigation; the shift in the threat landscape and rising customer demand for integrated protection made that position untenable.

NL-ix needed an anti-DDoS solution that could deliver:

• Real-time DDoS detection and mitigation directly on the internet exchange fabric, with no traffic detours through external scrubbing centers
• Pan-European scale across more than 100 data centers, rather than concentration in a single mitigation site
• AI-driven accuracy that distinguishes malicious from legitimate traffic and minimizes false positives, especially for enterprise, fintech, and financial-services flows where service expectations exceed residential norms
• Tight integration with the existing Nokia FP5 routing fabric -- no additional appliances, layers, or power overhead in the data plane
• A platform on which NL-ix could productize and monetize DDoS protection as a service for enterprise customers across Europe

NL-ix also needed a long-term technology partner whose security and routing roadmap aligned with its multi-year build-out as a carrier-grade, fully redundant, mission-critical European exchange.

NL-ix selected the Nokia DDoS security solution to deliver real-time detection and mitigation across its entire pan-European footprint. Following a successful trial, the solution was rolled out on the same Nokia FP5-based routing platform that already forwards NL-ix traffic -- collapsing packet forwarding and DDoS filtering onto a single device and eliminating the need for a separate mitigation appliance in the path.

At the heart of the deployment is Nokia Deepfield Defender, an AI-driven big data analytics application that combines network telemetry, DNS, and BGP data with the patented Nokia Deepfield Secure Genome -- a cloud-based data feed that tracks the security context of more than five billion IPv4 and IPv6 addresses with hourly updates and over 100 machine-learning classification rules. Defender detects all categories of DDoS attacks in seconds, calculates the optimal mitigation strategy in real time, and instructs the Nokia 7750 Service Routers, powered by the FP5 network processor, to apply precise access control list (ACL) filters in hardware. For advanced or fine-grained scrubbing, Defender can also orchestrate the dedicated Nokia 7750 Defender Mitigation System (DMS). The combination is what NL-ix calls a 'perfect marriage': FP5 silicon blocks malicious flows at line rate, while Defender's AI and ML decide what to block, where, and for how long.

The deployment is reinforced by the Deepfield Emergency Response Team Support (ERTS) service -- a 24/7 global team of Nokia security experts who support NL-ix's network engineering and security operations during active incidents. Together, the components deliver holistic, 360-degree DDoS security embedded in the IP network, with no dependency on remote scrubbing centers. NL-ix is now integrating Deepfield's analytics and security insights into its own customer portal, giving enterprises a unified dashboard that combines peering, IP transit, and DDoS protection -- with the ability to categorize traffic by trust level and assign tailored security policies through an intuitive control interface.

The solution delivers:

• Pan-European, network-embedded mitigation across more than 100 data centers
• Real-time AI/ML detection with industry-leading low false-positive rates
• 800 GE access scalability and terabit-class mitigation capacity
• No traffic detours, no scrubbing-center backhaul, no added latency
• A self-defending IXP fabric extensible into a managed DDoS Protection-as-a-Service offering

The solution brings operational and architectural benefits:

• Real-time, network-embedded DDoS detection and mitigation across the entire NL-ix footprint, with attacks neutralized in seconds
• Elimination of external scrubbing centers -- keeping European enterprise traffic on European infrastructure and preserving data privacy and regulatory compliance
• Reduced operational complexity by combining packet forwarding and DDoS filtering on the same Nokia FP5 device
• Lower bandwidth and transport costs by removing the scrubbing-center-based backhaul
• Minimized false positives by correlating router telemetry with Secure Genome internet intelligence, protecting legitimate traffic for fintech, healthcare, and financial services customers
• Improved energy efficiency by avoiding additional security hardware in the data path

It also provides strategic outcomes: NL-ix now operates the largest IX-based anti-DDoS deployment globally, spanning almost 100 locations across Europe; security has been transformed from a cost center into a revenue stream through DDoS Protection-as-a-Service for enterprise customers; the platform is positioned to serve demanding sectors -- finance, insurance, healthcare, fintech -- that have historically relied on closed private networks; and a multi-year strategic partnership with Nokia spans routing, security, and analytics across NL-ix's broader build-out as a carrier-grade European exchange.