NBIP logo

FAQ

Frequently asked questions about the NaWas

NaWas is working hard on a “distributed network architecture” that will be available in as many European countries as possible. With NaWas, you can request an overview of all available locations.

All parties with their own AS number can connect to the NaWas.

To connect to the NaWas, a port must be available at one of the following parties: AMS-IX, NL-ix, LINX, NetIX, Top-IX, MIX, VIX. You can also connect to the NaWas with a cloud interconnect from DCspine, Epsilon or Megaport. The number of parties providing access to NaWas is growing rapidly.

First of all, NaWas is part of NBIP; a non-profit foundation established by the internet community and technical specialists. This means that its operation and connection are easily understood by the target audience. The goal is to make the internet safer. By connecting to NaWas, you make the internet a bit safer. The participants of NBIP fund NaWas themselves, keeping the costs as low as possible.

NaWas participates in multiple initiatives, such as the Anti-DDoS Coalition, and shares knowledge with its own participants and several universities, like the University of Twente (UT). Additionally, NaWas also contributes to the development of non-profit institutes such as the DDoS ClearingHouse.

The NaWas infrastructure is developed as an on-demand service. After detection of an attack, the traffic is routed via BGP to NaWas hardware, and then the mitigation process begins. We redirect the traffic through our own connections. This means you don’t have to invest in extra capacity yourself, which will save you costs. After the attack, the traffic is routed back, so it no longer passes through NaWas. As a result, NaWas only needs to be set up based on attack traffic, keeping costs low. Currently, NaWas is exploring the possibilities of offering an always-on solution.

The mitigation process starts within a few minutes after the traffic is redirected to NaWas hardware.

The detection of attacks can occur manually or via an automated tool. NaWas recommends installing tooling because attacks also happen outside working hours and on weekends. NaWas has good experience with tools such as FastNetMon and Flowmon DDoS Defender. A pilot is running with the latter tool to offer Detection & Mitigation as a solution. NaWas is also exploring possibilities to offer the Detection service as a hosted solution.

NaWas is among the largest anti-DDoS scrubbing centers in Europe. However, more important is how large and numerous the connections of our participants and the network are. This determines how efficiently NaWas can process attacks.

NaWas has two redundant setups in geographically separated data centers.

In relation to the OSI model, NaWas can mitigate DDoS traffic on all layers. For Layer 7 (application layer), NaWas will mitigate based on header fields and not through (deep) packet inspection.

NaWas uses a multi-vendor setup where multiple Triple A vendor devices are arranged in line (funnel). The operation is comparable to a car wash, where multiple devices in sequence first wash the rough part and later the smaller parts, thus removing attack traffic. NaWas continuously innovates the anti-DDoS solution and always applies the most effective and newest techniques.

The pricing model consists of a flat-fee model. The price is determined by the number of prefixes (based on /24) you want to protect. You pay slightly more for larger quantities. Prices are invoiced on a monthly, quarterly, or yearly basis.

In addition to the fee for NaWas, you pay a small monthly contribution for NBIP membership and a one-time contribution for the setup. Due to the non-profit nature of the services, the costs are low compared to similar services from other providers.

NaWas has a BGP session with participants on the clean side (with IXPs) on a private VLAN. A member can redirect a specific prefix or /24 by advertising that prefix on the NaWas BGP session. NaWas advertises the prefix on our upstreams (transits & peering). So the trigger for redirecting is done manually or automated by the participants.

After receiving a prefix or receiving a new DDoS attack on an existing prefix, the NaWas support team receives a notification of the event. The support team checks if the attack is being mitigated well enough and if adjustment is necessary. When the attack is over, the member receives an email with a report on the details of the attack.

If an attack lasts longer, NaWas sends an interim report. Participants can view the report on the portal.

Yes, smaller than a /24 is not accepted by the internet.

In principle, there is no packet loss. Parties that don’t yet know the more specific follow the less specific. Learning the more specific happens very quickly, usually within a few seconds.

The more parties know the more specific, the more the attack traffic disappears. We assume that clean traffic still passes through. Furthermore, it depends very much on the type of attack to what extent the mitigation systems can immediately reduce the malicious traffic. Most attacks are mitigated immediately. In some cases, it may take a few seconds

In some cases, a portion of the attack traffic below a certain threshold may still be allowed through. If that’s the case, the advice is to contact NaWas as soon as possible if the residual traffic causes disruption. After advertising, traffic will route through NaWas within a second, and it may take a few seconds for the entire internet to know the route.

Contact

Heb je een vraag of opmerking? Neem dan contact met ons op via onderstaand formulier.

NBIP logo
NBIP NEXT
Platform- and supplier-independent Cloud with Haven

Thursday, 27 November – 1:50 p.m. – 2:30 p.m.

Haven is an open solution for platform- and supplier-independent Cloud services. Haven is a building block of the pGDI and the NDS. Haven offers agnostic configuration of Cloud technology and provides organisations with a feasible exit plan. Expect an inspiring story about the practice of ecosystem-driven collaboration, in which we use the power of digitisation for the benefit of society.

Highlights:

  • Haven+
  • Ecosystem-driven collaboration
  • Platform- and supplier-independent cloud services
  • Data sovereignty

About Jacco Brouwer

Jacco Brouwer works for the Association of Netherlands Municipalities as Cloud Policy Coordinator and represents municipal interests in the NDS implementation programme on Cloud. From the Innovation Knowledge Centre at VNG, Jacco is the initiator of the public Incubator GROEI, through which VNG guides municipal collaboration and innovations based on a start-up philosophy in scaling up to broad and collective use among municipalities and fellow authorities.

Jacqueline van de Werken is bijna 10 jaar actief als global general counsel bij Leaseweb, na een loopbaan in de advocatuur en actief te zijn geweest in legal & regulatory affairs bij buitenlandse telecom/ datacom aanbieders.

Sinds enige tijd is Jacqueline ook board member & secretaris van brancheorganisatie Dutch Cloud Community. Als president/chair bij Cloud Infrastructure Service Providers Europe richt ze zich ook op het behartigen van regulatory belangen van de IAAS cloud sector.

Woensdag 26 november 

Van vrijwillig naar verplicht: de nieuwe werkelijkheid van regelgeving voor providers

Interactieve sessie

11:15 – 12:00 uur

Ir. Bas Dunnebier EngD

Bas Dunnebier is Chief Science and Technology Officer (CSTO) bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD). De CSTO speelt in op de kansen en uitdagingen die technologische en wetenschappelijke innovatie met zich meebrengen, onder meer voor de offensieve en defensieve taken van de dienst.

Eerder vervulde Dunnebier verschillende andere functies binnen de AIVD, waaronder die van hoofd Unit Weerbaarheid. Hij heeft daardoor een brede expertise ontwikkeld op het gebied van (cyber)weerbaarheid, inlichtingen, en technologieën zoals AI, quantum en cryptologie. Hij studeerde Toegepaste Wiskunde aan de Universiteit Twente, en Informatie- en Communicatietechnologie aan de Technische Universiteit Eindhoven. Voordat Dunnebier bij de AIVD kwam werken, werkte hij onder meer bij Thales, TNO en Technolution.

Het huidige dreigingsbeeld volgens de AIVD: wat nu te doen?

Woensdag 26 november 
14:00 – 14:35
Parkzaal: Wet- en Weerbaarheid

During his presentation, Dr. Alberto P. Martí will provide an update on the European IPCEI Cloud Infrastructure and Services (CIS) project.

Thursday, 27 November

3:00 p.m. – 3:45 p.m.

Parkzaal: Towards digital autonomy

During NBIP NEXT, René will share more about the implementation of the eEvidence legislation that will come into force for internet service providers on 18 August 2026.

Wednesday 26 November

3:00 p.m. – 3:35 p.m.

Parkzaal: Track Law & Resilience

During NBIP NEXT, Johan will give a presentation as part of the DDoS Mitigation track on how to use a WAF to mitigate layer 7 attacks.

Wednesday, 26 November
1:15 p.m. – 1:50 p.m.
Fonteinzaal: Collaborative DDoS mitigation track (ENGLISH)

Dr. Cristina Caffarra is one of the driving forces behind EuroStack. This movement, which has the ear of politicians and policymakers in Europe, is campaigning for more investment in European technology, based on the belief that this is the only path to digital autonomy.

Caffarra is a competition expert and knows the world of big tech companies from the inside. She has made important contributions to competition investigations into mergers and antitrust cases for the European Commission. Caffarra does not mince her words and tells it like it is: we must work together to give shape to European digital autonomy as quickly as possible. At NBIP NEXT, she will share her vision during an inspiring keynote speech, followed by an opportunity for discussion.

Thursday 27 November
1:15 p.m. – 1:50 p.m.
Parkzaal: Towards digital autonomy