Hero mask

RoyaleHosting on NL-ix's New DDoS Solution:

"You Want to Stop an Attack Before It Reaches Your Network"

Why RoyaleHosting sees exchange-level filtering as a valuable layer in modern DDoS protection

RoyaleHosting on NL-ix's New DDoS Solution: "You Want to Stop an Attack Before It Reaches Your Network"

Why RoyaleHosting sees exchange-level filtering as a valuable layer in modern DDoS protection

DDoS attacks are becoming larger, more sophisticated, and cheaper to launch. Attacks of hundreds of gigabits, and even multiple terabits per second, are no longer exceptional. At a time when almost every organization depends on being online, effective DDoS protection has become essential.

As an Internet Exchange, NL-ix has a strong position within the Internet ecosystem. Large volumes of traffic are exchanged every day between networks, cloud providers, hosting companies, and Internet services. From that position, NL-ix sees not only how Internet traffic continues to evolve, but also how DDoS attacks are growing in scale and impact.

Many existing DDoS protection solutions rely on redirecting traffic to external scrubbing platforms. During an attack, this can create an important drawback: traffic may follow a different path than usual, which can reduce the direct control organizations normally have over their peering. With its new DDoS service, NL-ix takes a different approach by filtering unwanted traffic inline before it reaches an organization's infrastructure.

On the NL-ix platform, this technology can also be applied to peering traffic. This means that, during an attack, legitimate traffic can continue to be exchanged directly with other peers on the exchange, while malicious DDoS traffic is mitigated earlier in the chain.

A Critical Evaluation from Real-World Experience

To validate both the technical operation and practical value of the new DDoS service, NL-ix worked with RoyaleHosting because of its hands-on experience mitigating large-scale DDoS attacks in production environments.

Over the past several years, RoyaleHosting has established itself as a specialist in DDoS protection, gaining extensive experience with high-volume attacks and complex mitigation scenarios. That practical expertise made RoyaleHosting a strong partner to evaluate the new service from a real-world operational perspective.

For Stan van de Klippe, CEO of RoyaleHosting, the importance of DDoS protection is not theoretical. RoyaleHosting sees large-scale attacks in live operating conditions, where port capacity, routing, filtering, and recovery all matter.

The Best Attack Is the One That Never Reaches You

According to Stan, many organizations still underestimate how large modern DDoS attacks have become. For RoyaleHosting, multi-terabit attacks are not theoretical. They are part of the operating reality the company designs its mitigation platform around.

During the evaluation period, RoyaleHosting observed a multi-terabit attack. A substantial portion of the attack traffic entering through NL-ix-connected ports was filtered inline by NL-ix, while RoyaleHosting's own mitigation platform handled the remaining traffic through its wider upstream network.

According to RoyaleHosting's analysis, the traffic filtered by NL-ix matched the type of traffic that would normally have been stopped within the first layer of its own mitigation platform.

During the evaluation period, RoyaleHosting observed a multi-terabit attack. A substantial portion of the attack traffic entering through NL-ix-connected ports was filtered inline by NL-ix, while RoyaleHosting's own mitigation platform handled the remaining traffic through its wider upstream network.

According to RoyaleHosting's analysis, the traffic filtered by NL-ix matched the type of traffic that would normally have been stopped within the first layer of its own mitigation platform.

Many organizations, however, operate with far less network capacity. A single Internet connection with 10 or 100 gigabits of capacity can quickly become a bottleneck during a large attack.

DDoS attack

"The first bottleneck is often not the mitigation platform. It is the port. Once the port is saturated, legitimate traffic is dropped along with attack traffic."

According to Stan, this is exactly why early-stage mitigation is becoming increasingly important.

"If malicious traffic can be filtered before it reaches your network, you significantly reduce the risk of congestion and keep legitimate traffic flowing."

Many organizations associate DDoS protection primarily with filtering and mitigation. According to Stan, however, the real impact of a DDoS attack often extends beyond the attack itself.

"The real problems often begin afterward, once systems have been under pressure and the underlying infrastructure needs to be brought back to full operation."

The less unwanted traffic reaches the infrastructure, the smaller the impact on the systems behind it. This not only minimizes disruption during the attack itself, but can also reduce the recovery effort afterward.

For Stan, this demonstrates the value of early-stage filtering. For RoyaleHosting, reducing incoming attack traffic before it reaches the network helps prevent congestion and packet loss. For many organizations, that can make the difference between staying online and going offline.

There is another important aspect as well.

"Launching attacks has become comparatively cheap. Sustained defence is where the real cost sits."

Many scrubbing services charge based on traffic volumes, processed capacity, or the number of attacks received. As a result, organizations can lose direct control over their protection costs because those costs are effectively influenced by the attacker.

In such situations, attackers can create both technical and financial pressure. When mitigation costs become excessive, organizations may become more vulnerable to extortion attempts.

According to Stan, that makes early-stage filtering not only technically valuable, but financially sensible as well.

Visibility as Part of the Solution

Besides the mitigation itself, another aspect stood out during the evaluation. Through its management portal, NL-ix provides insight into attack patterns, traffic volumes, and mitigation actions. According to Stan, that visibility is an important part of effective DDoS protection.

Many security services operate as a black box: traffic is blocked, but what actually happened remains unclear. That can make troubleshooting after an incident more difficult.

"You don't just want to know that something was blocked. You also want to understand what happened."

Through the portal, users gain insight into attack sizes, attack types, filtered traffic volumes, and the mitigation measures that were applied. This supports incident response and gives organizations a clearer view of the threats reaching their network.

Layered Protection Delivers the Best Results

At the same time, Stan emphasizes that NL-ix's solution is not intended to replace specialist mitigation platforms. Effective DDoS protection consists of multiple complementary layers.

Stan sees significant value in filtering traffic at different stages, with each layer serving its own purpose. NL-ix focuses on filtering unwanted traffic early to help prevent network congestion, while RoyaleHosting protects customer traffic deeper in the chain through specialist mitigation, including protocol and application-layer protection.

You don't want to solve everything in one place. The different layers strengthen each other.

Stan van de Klippe, CEO @ RoyaleHosting

Stan sees how the respective expertise of NL-ix and RoyaleHosting can complement one another. Rather than competing approaches, they represent different building blocks in a stronger DDoS protection model.

Although this remains a vision for the future, Stan sees interesting opportunities to work with NL-ix on a Dutch-operated DDoS protection chain with local operational expertise and clear jurisdictional control. In that model, NL-ix's early-stage network filtering and RoyaleHosting's specialist mitigation can serve different but complementary roles for end users.

Conclusion

According to Stan, the real value of early-stage filtering lies in where the mitigation takes place. The earlier unwanted traffic can be intercepted, the smaller the impact on network connections, infrastructure, and the systems behind them.

For RoyaleHosting, the strongest DDoS strategy is layered: filter attack traffic as early as possible to protect network capacity, then apply specialist mitigation deeper in the chain for protocol and application-level protection.

In that model, NL-ix's inline filtering and RoyaleHosting's mitigation expertise can complement one another as part of a stronger protection chain for organizations that depend on staying online.