Cisco shifts DDoS to edges

A distributed denial-of-service attack is a traffic flood meant to clog a network until real users cannot get through. Cisco says the fix now belongs on the edge router, not in a distant scrubbing center. (blogs.cisco.com) (cisco.com) Cisco’s pitch is Cisco Secure DDoS Edge Protection, a product that runs detection and mitigation directly on supported Cisco IOS XR routers used by service providers. The software uses containers on the router and a central controller to manage fleets of detectors across the network. (cisco.com 1) (cisco.com 2) That changes the old model, where operators export telemetry to a central collector and divert suspect traffic to a scrubbing site for cleaning. Cisco says filtering at the ingress point removes the need to backhaul malicious traffic and avoids extra delay for legitimate traffic. (blogs.cisco.com) (cisco.com) Cisco said the edge system can detect and mitigate attacks in under 30 seconds. The company also says the on-router design works at line rate, meaning the router inspects and blocks traffic at the speed the hardware already handles packets. (blogs.cisco.com) (cisco.com) The timing reflects how DDoS attacks changed in 2025. Cisco cited data showing the number of DDoS attacks nearly doubled, network-layer attacks nearly tripled, and 78% of observed attacks lasted five minutes or less. (blogs.cisco.com) Cisco also pointed to “hyper-volumetric” floods that peaked at 31 terabits per second in 2025, alongside botnets such as Aisuru and Kimwolf. In Cisco Live slides this year, the company described Aisuru as a botnet that hit 31.4 terabits per second and 14.1 billion packets per second. (blogs.cisco.com) (ciscolive.com) Cisco says the product is aimed at mobile access, broadband, and peering networks, where low-latency services and local internet breakouts make centralized defense harder to scale. Its white paper says distributed networks now connect cloud infrastructure and content delivery networks closer to users, which leaves less room for traffic tromboning through a cleanup center. (cisco.com 1) (cisco.com 2) The company is also selling the economics. Cisco’s 2024 white paper says the design can cut total cost of ownership by up to 83% because operators can use existing router hardware instead of adding separate appliances, floor space, power, and cooling. (cisco.com) This is not a brand-new product so much as a broader push behind an existing one. Cisco launched edge-focused DDoS protection for 5G access in 2022, expanded it beyond mobility to more IP traffic types in 2023, and is now framing it as a fit for modern distributed service-provider networks. (blogs.cisco.com 1) (blogs.cisco.com 2) (blogs.cisco.com 3) The bet is simple: if attacks arrive at the edge, the cleanup should happen there too. Cisco is trying to turn the router from a traffic pipe into the first security checkpoint. (cisco.com)