Cisco Secure DDoS Edge Protection is an innovative software solution that stops cyberattacks at the service provider network edge. The edge protection solution consists of a controller and one or more detectors. When deployed on Cisco NCS 540 routers, edge protection detects and mitigates DDoS attacks at the cell site router. By moving DDoS protection to the network edge, service providers can meet the sub-10-ms latency requirements of 5G applications and ensure customer quality of experience (QoE).

With Cisco Secure DDoS Edge Protection, the security perimeter is pushed beyond the UPF (User Plane Function). This allows the cell-site router to become the first line of defense against DDoS attacks from compromised User Equipment (UE) devices. Deploying Secure DDoS Edge Protection on the Cisco NCS 540 routers helps to defend against IoT and UE distributed attacks by providing not only detection but also granular mitigation capabilities in a lightweight containerized package.

Security at the Network Edge

  • Turns your edge router into a security device
  • Available on Cisco NCS 540 platforms
  • Extends Cisco’s commitment to security innovation at the network edge

Leveraging extended telemetry features and an expanded data model, Cisco Secure DDoS Edge Protection employs algorithms from the proven market leader in DDoS solutions, Radware. With over two decades of production success in automating DDoS defense, Cisco customers benefit from disaggregated, distributed defense delivery where a lightweight, efficient containerized machine learning application is deployed on IOS XR platforms out of the path and not impacting data plane processing, even under failure.

Bringing security to the network edge

In this new Learning Lab, you will learn how to protect a mobile edge network environment from malicious attacks hidden inside GTP packets. You get to learn about the Controller Dashboard and other menus. You get to take a look at the controller interface, launch traffic from a legitimate user, and review the relevant information and statistics. Then you launch malicious traffic from another device and see how the Edge Protection solution almost immediately protects the network by identifying and mitigating this traffic.

In this new Learning Lab, there are both legitimate and malicious (attacker) devices that connect to an application that’s behind a Cisco NCS 540 router. On the NCS 540, there is a Cisco Secure DDoS Edge Protection detector deployed that analyzes all the flows of data being received by the router, and the Edge Protection Detector is controlled and managed by the Edge Protection Controller.

How does the Secure DDoS Edge Protection Sandbox work?

The Secure DDoS Edge Protection Sandbox provides a developer with an environment to test the Secure DDoS Edge Protection solution. This is a distributed software solution running as a Docker app on the NCS 540 Router. It detects and mitigates DDoS attacks by monitoring the mobile/IoT/user equipment originated traffic (GTP-U) with the controller running in the cloud connected to the app.

  • The Secure DDoS Edge Protection Sandbox includes an NCS540 device and three Kali Linux instances.
  • The NCS device contains the detector application pre-installed.
  • Users can log in into the Kali servers to initiate the legitimate/attack traffic and view the controller dashboard.


Get started here

Have a comment or question? Please leave me a note in the comments section below. 


Stuart Clark

Senior Developer Advocate Of Community, AWS