A new approach to cybersecurity
For Business → ProtectionGrid For Large Corporates → ProtectionGrid For Law Enforcement → Intelligence For Governments → Intelligence
Home/ Technology/ Global Anycast Network
Global Anycast Network · Our own backbone

Faster than every attack.

identiqa operates its own anycast network on hardware we own. Edge nodes across Europe and beyond, BGP-anycast routing, sub-millisecond intra-EU latency. Built for sovereignty without sacrificing performance.

Own backbone
No third-party CDN underneath
EU-first
Routing policy by default
< 1ms
Intra-EU edge latency
BGP anycast
Same IP, nearest node
How it works

One IP address.
Many physical locations.

Anycast is a routing technique where the same IP address is announced from multiple locations. BGP — the internet's routing protocol — automatically sends each user to the nearest one.

Traditional Unicast

One IP, one location.

  • All traffic routes to a single physical server
  • Distant users pay full latency penalty
  • Single point of failure — outage = downtime
  • Easy DDoS target — saturate one location
  • Capacity scales by stacking more in one place
Anycast (identiqa)

One IP, every location.

  • Same IP announced from every edge node
  • Each user automatically reaches the nearest one
  • Node failure = traffic shifts within seconds
  • DDoS gets distributed across the entire network
  • Capacity scales by adding nodes anywhere
Real example: a request from Munich
Source
User in Munich
88.99.x.x
BGP Anycast
Routing decision
closest-node-by-AS-path
Frankfurt edge ~3ms
Dublin edge ~28ms
Lisbon edge ~42ms
Nicosia edge ~58ms

Same destination IP. The internet's routing protocol picks the nearest node automatically.

Why we built our own

Three reasons that matter.

Most security vendors run on third-party CDNs underneath — Cloudflare, Akamai, Fastly. We don't. Here's why that decision is structural, not stylistic.

Speed

Closer is always faster.

Every customer connection terminates at the nearest edge node — typically within the same country or region. Sub-millisecond intra-EU latency means defense decisions happen at the speed of light, not at the speed of transatlantic round-trips.

Resilience

Failures route around themselves.

When a node degrades or is targeted by DDoS, BGP withdraws its announcement and traffic shifts to the next-nearest node within seconds. No failover orchestration. No DNS TTL waits. No operator intervention. Resilience is a property of the routing protocol itself.

Sovereignty

EU traffic stays in the EU.

BGP routing policy is configurable. We default to keeping European customer traffic on European edge nodes — never routed via US infrastructure for "performance optimization." For regulated customers, hard region locking can be enforced at the network level.

Network footprint

Where the edges live.

Our network spans European core regions in production today, with planned expansion into adjacent regions.

Stage 1 EU Core · Live
Frankfurt
Dublin
Lisbon
Nicosia
Zurich
Stage 2 Q2–Q4 2026
Vienna
Amsterdam
London
Dubai
Stage 3 2027 roadmap
New York
Toronto
Singapore
Sydney
Riyadh
Operational control

We run our own BGP, AS, and IPs.

Our network is not a layer on top of someone else's CDN. We operate our own Autonomous System, announce our own IP space, peer directly with major exchanges, and configure routing policy ourselves. That's the difference between operating a network and renting one.

For customers with strict sovereignty requirements, we can demonstrate end-to-end traffic flow: from edge node ingress through internal routing to backend services and back, all under our operational control, all under European jurisdiction.

  • Own AS number. identiqa announces its own routes — not someone else's "branded" prefixes.
  • Direct peering at major European internet exchanges (DE-CIX, AMS-IX, LINX, INEX) for low-latency connectivity to ISPs.
  • Hardware we own. Routers, switches, servers — purchased, racked, operated by our network team. No "managed cloud network" abstraction.
  • Routing policy is configurable per customer. Region locking, geo-fencing, traffic engineering rules — all available for compliance-sensitive deployments.
Network Status · Live View
All nodes healthy
Frankfurt 42 Gbps · 0.3ms p50
Dublin 28 Gbps · 0.4ms p50
Lisbon 18 Gbps · 0.5ms p50
Nicosia 12 Gbps · 0.4ms p50
Zurich 22 Gbps · 0.3ms p50
For network & security teams

Questions network engineers ask.

Why anycast and not GeoDNS or load balancers?
GeoDNS resolves a hostname differently per user but still terminates at one fixed IP — meaning DNS caching, TTL waits, and stale routing during outages. Load balancers solve a different problem entirely (distribution within a single location). Anycast operates at the routing layer: the same IP address is reachable from every edge node, and BGP picks the nearest one automatically. Failover is in the protocol, not in DNS or application logic.
How does this affect DDoS resilience?
Anycast distributes attack traffic the same way it distributes legitimate traffic — across every edge node simultaneously. A volumetric DDoS targeting our IP space gets sliced across all announcing nodes, dramatically reducing the load any single node has to absorb. We combine this with classic DDoS scrubbing capabilities at each edge for application-layer attacks.
How is routing policy configured for sovereignty-sensitive customers?
We can pin customer traffic to specific regions or single nodes via routing policy. For customers with hard data-residency requirements (EU-only, single country, single facility), we configure BGP communities and announcement strategies that prevent traffic from leaving the requested jurisdiction — even in failover scenarios. Documentation showing the actual routing configuration is provided as compliance evidence.
Do you peer with my ISP?
We peer at DE-CIX (Frankfurt), AMS-IX (Amsterdam), LINX (London) and INEX (Dublin), plus additional regional exchanges. That covers the vast majority of European ISPs with one peering hop or fewer. For specific connectivity questions, our network team can review your IP space and provide expected routing and latency before contract signature.
Can you operate a private anycast network for our environment?
Yes — for very large or high-security deployments, we can run dedicated anycast clusters where the customer's specific IP space is announced from a designated subset of our nodes. This is a separate licensing model with longer onboarding (typically 4-6 weeks) and is most relevant for government, defense, and very large regulated enterprises.
What happens if an entire region goes down?
BGP withdraws the affected node's announcements within seconds. Traffic that was hitting the down region automatically routes to the next-nearest live node — typically with a measurable but acceptable latency increase (5-30ms within Europe). Capacity at remaining nodes is provisioned assuming any single region can fail. We've validated this in scheduled outage exercises.

Want to see the routing tables?

Our network team runs technical sessions covering BGP architecture, peering posture, latency profiles from your IP space, and DDoS response capabilities. Typically 60 minutes, NDA, no marketing.

Request technical session Back to Technology overview →