National Research and education networks (NRENs) carry sensitive and high-value traffic across Europe. Protecting this data while maintaining high performance is increasingly challenging, with growing threats like interception, tampering, and large-scale DDoS attacks. Advanced encryption and real-time traffic analysis are now essential to ensure that scientific projects, collaborative tools, and critical infrastructure remain secure without compromising network speed or reliability.
To address these challenges, Nomios and Nokia provide a combination of expertise and technology. Nomios supports research networks with design, deployment, and migration, while Nokia delivers hardware and software solutions that secure traffic, mitigate attacks, and maintain high performance across complex backbones. Together, they help NRENs meet both current and emerging cybersecurity requirements.
Securing network traffic with ANYsec
ANYsec is Nokia’s network encryption solution, built into its FP5 network processor. It provides low-latency, line-rate encryption for IP, MPLS, and other network services. ANYsec can encrypt at multiple layers—L2, L2.5, and L3—and supports quantum-safe transport, ensuring that even future threats to cryptography are addressed.
Why ANYsec is better than MACsec or IPsec
- End-to-end protection: ANYsec encrypts traffic across multiple hops without requiring re-encryption at every link, which is often necessary for MACsec. Keys remain at network endpoints, so even if an intermediate node is compromised, the data stays secure.
- Performance-friendly: Unlike IPsec tunnels, ANYsec does not require MTU adjustments or dedicated crypto cards. Encryption occurs directly in hardware at line rate, avoiding latency and throughput issues.
For NRENs, ANYsec offers a practical way to secure sensitive traffic across the backbone. Entire Ethernet or MPLS services—including both IP and non-IP traffic such as scientific data streams, collaboration platforms, and control systems—can be encrypted in hardware.
The low-latency, line-rate operation ensures that high-bandwidth transfers and real-time applications, such as remote instrumentation or live collaboration tools, are unaffected. For research networks handling confidential projects, regulated data, or politically sensitive collaborations, ANYsec provides a scalable encryption layer that integrates directly into the network fabric.
Mitigating DDoS attacks with Deepfield
DDoS attacks have become a critical concern for NRENs. National research backbones carry high-value scientific, academic, and government traffic, making them attractive targets for politically motivated or ideologically driven attacks. The open and collaborative nature of NRENs, with diverse users, large data transfers, and many connected institutions, creates a broad attack surface. Modern botnets can generate multi-terabit floods capable of disrupting research, online learning, and international collaboration.
Nokia FP5 hardware includes line-rate filtering and telemetry. Deepfield, a cloud-native solution, ingests streaming flow data from FP5 routers, detects anomalies such as DDoS attacks using traffic baselines and threat intelligence, and pushes mitigation policies back via BGP FlowSpec or gRPC. FP5 linecards enforce these rules directly in hardware, dropping or rate-limiting attack traffic at Tbps scale with sub-microsecond latency, without impacting the control plane.
Benefits for NRENs:
- Automated, real-time defence with minimal human intervention
- Backbone-scale enforcement without degrading legitimate traffic
- Seamless integration with existing routing and network management systems
By combining FP5 hardware with Deepfield analytics, NRENs can maintain uptime and performance during attacks. Attack traffic is mitigated at line rate, while research data, collaboration tools, and control systems continue to operate normally.
Building a secure and resilient research network
For research and education networks, sensitive traffic must be protected without slowing down performance. Combining hardware-based encryption, line-rate DDoS mitigation, and expert deployment support creates a secure and resilient network backbone. ANYsec and Deepfield, supported by Nomios’ design and migration services, provide NRENs with the tools to protect critical scientific and academic traffic today and prepare for tomorrow’s cybersecurity challenges.
How Nomios helps
Nomios ensures that NRENs can deploy these technologies effectively. From initial design to migration and operational support, Nomios helps research networks implement ANYsec encryption and Deepfield DDoS mitigation while preserving network performance, scalability, and interoperability. Their experience with large-scale European backbones ensures that security and performance requirements are met across diverse infrastructures.
To find out more visit: https://www.nomios.com/
Read the full online magazine here
