Network Infrastructure

Our network infrastructure is based on Juniper EX/QFX/MX devices.

Technical overview

Internet Connectivity

Our AS30823 is connected to pretty large Tier-2 Carriers, which provide us with great peering as well as direct upstream to premium networks such as DTAG (Deutsche Telekom), Vodafone, Telefonica and Liberty Global. Beside of that, we operate private and public peerings.

We maintain multiple 100Gbit of internet connectivity, distributed on 10G, 40G and 100G uplinks. Our capacity policy is, to upgrade whenever a link reaches over 50% load during peak hours. This way, we are able to provide enough capacity even for unexpected peaks.

DDoS-Protection

We heavily utilize BGP Flowspec as well as RTBH as last resort. Beside of that, we maintain static firewall filters as well as self developed DDoS-Filters. Please find more details on our respective antiddos documentation.

Monitoring

Our network is monitored for packetloss and latency on all relevant uplinks. Beside of that, network equipment is monitored for load and errors. Measurements are reported to our monitoring, which alerts our oncall duty in case of anomalies.

Statistics

In order to keep track of our networks load as well as valueable insights, we heavily use sflow together with our own sflow collector called “pysflowd”, which is indeed based on Python. Flow samples are exported to Elasticsearch concurrently, for later analysis or traffic accounting. In the future, we will make that data available to customers over both our customer area as well as api.

Points of Presence

We currently operate the following points of presence:

  • Interwerk Frankfurt (FFM2)
  • Interxion Frankfurt (FFM3)
  • Maincubes Frankfurt (FFM4)
  • Hetzner Helsinki (HEL1)

All pops are interconnected using darkfiber or dedicated wavelenghts. Every pop is connected redundant over both diverse fiber or multiple upstreams.