During heavy DDOS attacks on the Untrusted part of the Internet, which cannot be mitigated in other ways anymore, Trusted Networks that participate in the Trusted Networks Initiative can reactively choose to use the Trusted Routing service as 'Last Resort' measure, which is facilitated by a dedicated and secure Internet Exchange VLAN. This VLAN is as safe haven to continue exchanging mutual traffic between Trusted Networks undisturbed.
Alternatively participants can pro-actively choose to permanently handle their traffic with the Trusted part of the Internet (with Trusted Networks), completely independent from traffic with the (Untrusted) rest of the Internet, in order to minimize impact of incidents on the untrusted part of the Internet on traffic with the trusted part of the Internet.
Trusted Networks Initiative
The Trusted Networks Initiative is all about Trust. The Initiative helps to fight and mitigate security incidents and risks by creating Trusted Networks on the Public Internet. The networks of Internet community stakeholders and critical users who have received the "Trusted Network" quality label can route Internet traffic with each other independently from the 'untrusted' part of the Internet.
Parties which underwrite the current "Trusted Network Standard", which describes security measures to be taken by participants, can be awarded the 'Trusted Network' certificate in the form of the logo shown here. Trusted Networks can use the Trusted Routing service of NL-ix.
Trusted Routing is a service provided by NL-ix for registered Trusted Networks and can be used as a combination of our Trusted Internet Exchange with our Premium Peering services to guarantee access to all the majority of the large enduser access networks.
When a DDoS attack occurs which cannot be mitigated in any other way, participants can individually choose to only exchange traffic on the Trusted IX, optionally in combination with dedicated Premium Peering VLAN’s (example of possible Premium Peering networks are UPC, Ziggo, KPN, DTAG, etc). This ensures that the participants can maintain and uphold the critical connectivity between important applications and the ‘local’ access networks during such attacks independently from traffic with the untrusted part of the Internet.