DDoS Protection at the edge

Deploying DDoS prevention at the edge instead of relying solely on cloud-based solutions offers organizations immediate threat mitigation advantages. By addressing potential attacks closer to the source, edge-based DDoS prevention reduce latency and provide a quicker response to emerging threats. Moreover, the enhanced visibility and control provided by edge-based solutions enable organizations to have a more granular understanding of their network traffic, facilitating real-time adjustments to security policies based on evolving threats.


To meet the growing demands for building security at the edge, Lanner collaborated with Arrcus to offer a scalable and programmable MEC solution that enables DDoS security at the network edge. By integrating Arrcus Connected Edge™, a hyperscale networking software, multi-node Intel Xeon processing power, massive storage, and high-speed programmable SDN switching, the MEC solution enables network disaggregation and virtualize primary network functions at the edge cloud, allowing service providers to deploy security service closer to devices and users. Some of its key benefits include ultra-low latency, enhanced security and backhaul cost savings.

Scalable Multi-node Edge Server

The HTCA-E400 is a scalable all-in-one, zero-touch configuration, software-defined MEC switch-server platform that leverages Intel’s flexible and programmable compute and networking technology. The HTCA-E400 has a scalable and modular architecture that provides compute and storage along with network switching to deliver robust and more secure edge services with elastic capacity.

The HTCA-E400 offers the following key features:

Multi-node Compute:

HTCA-E400 features up 1U (HMB-E100) and 2U compute (HMB-E200) compute blades, supporting up to 5x 4th Gen Intel® Xeon® Scalable processor CPUs with a total of 200 physical cores. The 4th Gen Intel Xeon Scalable processors are the next-generation CPU platforms for cloud-optimized edge networks. Industry-standard Intel Xeon Scalable processor platforms support the convergence of key workloads that are essential in MEC deployments, including applications and services, control plane processing, high-performance packet processing, and signal processing that take place on edge networks. This delivers a virtualized, software-defined infrastructure to enable cloud capabilities for agile service delivery throughout the network.

High Speed Switching:

Ethernet switching in the HTCA-E400 is provided by the Intel Tofino programmable switch ASIC on the HLM-E110. Intel Tofino switches support the P4 programming language, an open source programming language for defining packet forwarding flows in a wide range of networking systems. The Arrcus design makes use of the switch fabric to offload the load balancing function, providing line-rate load balancing without added workload on the physical cores.

AI Acceleration:

The HTCA-E400 compute blade, HMB-E100 and HMB-E200, can support the either FHHL or FH3/4L double width PCIe card for GPU or FPGA acceleration. This allows the system to work as an edge server running network security applications with AI acceleration 


The HTCA-E400 system offers redundancy on key components, including CPU blades, network interface blades, cooling fans, and power supply units. These backup modules allow the platform to deliver uptime that meets carrier-grade high availability expectations. The system is compliant with NEBS and FIPS carrier safety standards and supports multi-tenancy.

Hyperscale Networking Software

Arrcus Connected Edge™ is a hyperscale networking software featuring integrated monitoring and analytics engine, deep network visibility and real-time intelligence along with predictive analytics and actionable insights. The suite is composed of following key features:

Operating System:

The ArcOS™ microservices-based, scale-out architecture is built to respond to modern data workloads and the demands those workloads place on networks. It provides full service isolation, service resiliency, and service location choice over bare metal, a VM, or a container.


ArcRR™ is a purpose-built, high-performance, scale-out route reflector. Based on ArcOS™, the resilient, fully programmable, microservices-based network operating system, ArcRR eliminates the full-mesh requirement and allows for building BGP networks that scale easily.

Real-time Visibility and Analytics:

ArcIQ offers granular management and monitoring, which includes observing and tracking network health across data center, cloud, and edge network devices. ArcIQ delivers fully integrated network visibility and analytics to ensure organizations can deliver the actionable and automated remediation for digital-first network environments.

The Results

This localized DDoS protection ensures that malicious traffic is intercepted before congesting the entire network, preserving bandwidth for legitimate users and critical business operations. Additionally, edge solutions offer scalability and flexibility, allowing organizations to tailor DDoS prevention measures to their specific network architecture and security needs.

Moreover, deploying DDoS prevention at the edge can be a strategic choice for organizations with privacy and compliance concerns. By keeping security measures local, these organizations can maintain greater control over their infrastructure and data, addressing potential regulatory requirements more effectively. This approach also allows for customized security policies and cost efficiency,

Featured Product


Carrier-grade Edge Server Chassis for Open RAN / MEC

CPU Depending on compute sled
Chipset Depending on compute sled

Read more