Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Over the course of the last few months many of the largest VoIP networks across North America and Europe have been crippled by sophisticated and specific distributed denial of service (DDoS) attacks capable of evading typical prevention measures. Many of these networks serve as the backbone of most VoIP calls and therefore are (or should be) critical infrastructure.

These attacks have often come in waves—some lasting 24 hours—and would flood a network with up to 460 gigabits of traffic per second, targeting specific services used in VoIP. A bitcoin ransom demand typically follows.

European companies Voip Unlimited and Voipfone were recently attacked, taking down services for a three-day period. Not long after, Canadian company was targeted. Their services were crippled for two weeks, and they’re still working hard at the time of writing to rebuild a more secure network and bring their customers and resellers back online.

Up next was Bandwidth, who carries 80% of US VoIP traffic as well as 911 services. For five days the company suffered intermittent outages that were felt across North America. It’s hard to have a VoIP call to or from the US not go through their network at one point or another; big players such as Microsoft, Zoom, Google and Intermedia, just to name a few, all rely on Bandwidth.

When a company’s telephones don’t work properly, regardless of the reasons or who’s at fault, impacted customers are unhappy and think about switching providers. Although this might make sense when the issue is localized to the service provider’s equipment or software, when it’s the underlying carriers or the PSTN (public switched telephone network) in trouble—think Bandwidth and other major players such as Bell, Verizon and Telus—switching from your current provider will most likely not help anything, as they depend on the same backend infrastructure to receive or terminate at least a portion of the calls. Even if they don’t, there are high chances the places you’re trying to call are. You can jump off a sinking ship, but you still have to swim!

Understanding VoIP technology and the impact of DDoS attacks

As far as the technology adoption lifecycle goes, VoIP is still pretty new to the mainstream market. We also rarely hear about daily outages on various PSTN networks across the world. Sometimes cables are cut, hardware breaks and links between telephone rate centers are saturated. It happens a lot more than you think, but most people don’t think twice about it. Have you ever dialed a number on your cell phone, hit send and the phone just went back to its idle screen, then you had to redial? Or had a call drop in the middle of a conversation? All services can go down, it’s just a matter of having plans and being prepared.

VoIP is a totally different technology from legacy PSTN, as are the issues that can come with it. There aren’t necessarily more issues, they’re simply different and therefore stand out to people new to supporting or using VoIP. Instead of hearing static on the line, you’ll miss a second of audio. Instead of dialing a number and getting a “cannot complete the call” audio prompt, you might experience a delay in the initial call setup (but will make it through). Instead of reporting call quality issues directly to the phone company, IT staff will be called in to check the local network and internet connection.

It’s important to remember that this new technology has a lot of positives that go along with it. Everyone now has access to an enterprise-class phone system with all the latest and greatest features—voicemail to email, click to call, softphones, multiple IVRs, etc.—without needing to actually purchase and maintain their own PBX hardware. Businesses are no longer limited to the amount of analog or digital (legacy) phone lines they connected to their phone system.

The recent DDoS attacks involved flooding servers with 450Gb of traffic per second, which isn’t easy to generate and maintain even for modern VoIP networks. Businesses still using 20-year-old phone systems with eight analog lines, on the other hand, can be crippled by absolutely anybody able to generate as few as nine simultaneous phone calls. Let that sink in for a second.

The good news is there are options. It really comes down to a choice every business must make about how far down the disaster recovery and emergency preparedness rabbit holes they want to go. Unfortunately, most companies don’t prepare whatsoever because they don’t want to spend the money for the rare times disaster recovery solutions come handy. Recent events may change this mindset, as businesses wake up to the fact that those times might not be so rare after all.

What options do businesses have to keep the phones ringing?

VoIP local survivability

The concept of local survivability in VoIP is pretty simple. An edge device, similar to a router, sits at the customer’s site and all VoIP traffic and IP device registrations go through it. This device is also home to backup connectivity to the public telephone network, typically in the form of one or many legacy analog or digital lines, depending on customer size and disaster recovery requirements.

That’s the base idea, but there are different ways of implementing it. Considering that the most crucial and vulnerable part of a phone system is the ability to receive calls, we need to think about where the phone number will reside.
VoIP local survivability for DDoS attacks

Option 1: Keep the main number as a legacy analog line, and forward all calls to Cloud PBX

This option has the pre-requisite that forwarding on the line is not limited to one simultaneous call. This varies from one phone company to the next.

In this scenario, the main phone number is a legacy analog line installed on-site at the customer’s location. Should anything happen to the internet connection at the customer site, to the Cloud PBX service or to an underlying VoIP carrier, call forwarding to the cloud can be canceled. Calls will start coming in on the local legacy line to the edge device, which will then route the calls to the appropriate IP phones. Outgoing calls will keep going through VoIP if they can, but will have the analog line as a backup as well.


  • Incoming and outgoing calls will keep working, although limited in capacity.
  • Keep using the same IP phones for calls.
  • Internal calls between extensions keep working.


  • Incoming and outgoing calls during an external VoIP outage will be limited to the amount of analog lines you keep on site, which may be as little as one call at a time; additional callers will hear a busy signal or a voicemail prompt from the analog line.
  • You need to keep paying for some legacy circuits.
  • Hardware will need to be installed and maintained on-prem.

Option 2: Backup legacy analog phone number/line

In this scenario, the customer will keep one or many backup analog lines on site to be used for incoming and outgoing calls during an external outage. The main business phone number stays in the cloud, but this number is the emergency backup to receive calls.


  • No forwarding of analog line to Cloud PBX necessary.
  • Incoming calls to the backup number will work even if internet, Cloud PBX or underlying carriers are having an outage, as well as outgoing calls.


  • A second phone number will need to be advertised or otherwise given to potential callers in case something happens to the main number.
  • Outgoing calls during an outage will not display the company’s main number, but will instead display the backup phone number.
  • Customer will need to keep paying for some legacy circuits.
  • Hardware will need to be installed and maintained on-prem.

Option 3: No local survivability, but do your homework on your backend provider

This is the option many businesses have chosen. There’s no such thing as an unsinkable ship, but some ships are certainly built better than others. When it comes to something as critical as your phone system, an experienced provider with resources at hand goes a long long way when things go wrong. They have the resources and expertise to tackle big issues in ways a small business simply couldn’t afford. Communications services can and should still be purchased from your local small business—you just might want to make sure they have a provider in the background helping out and aren’t running their own server in a basement somewhere.

Sherweb can help

Sherweb has years of experience hosting and protecting various cloud services. Our team is well-prepared and trained to handle emergencies of all kinds. Our VoIP infrastructure is a commercially maintained high availability (HA) platform, equipped with carrier level redundancy so that should anything happen to our entire infrastructure, including backup data centers and servers, there’s yet another way of making sure customers’ calls keep coming in.

For our outgoing calls, we have a chain of carriers permanently ready to make sure those calls go through. Should one of them suffer an outage for whatever reason, our switch will automatically use another carrier to route the call, typically only costing the caller a fraction of a second delay in call handling. Our VoIP infrastructure, along with every carrier we’re directly connected to, is constantly and automatically monitored and tested to ensure quality and reliability.

When Sherweb detects an issue with either our own infrastructure or the infrastructure of another carrier, we update partners and customers through our Network Status page. It’s important to note that an outage on Sherweb’s status page does not necessarily mean Sherweb itself is having an outage—it can be a PSTN infrastructure issue, like a fiber optic cable being cut somewhere. If our customers are impacted, even if it’s not related to us, we post it to the status page and continue to monitor the situation.

Protect your phone system from DDoS attacks and other threats

During all of the recent outages caused by DDoS attacks, only some Sherweb customers were affected. The outage didn’t impact any of our customers at all. Knowing the situation, our VoIP team pulled off some rather speedy port-outs during the outage to help bring some customers’ phones back to life while they were still under attack.

The Bandwidth outage did admittedly affect incoming calls to many Sherweb customers with US phone numbers. We’re connected directly to Bandwidth, among many other carriers. We didn’t put all our eggs in one basket, though, so a good portion of our customer base managed to sail through the and Bandwidth outages without noticing any issues at all, other than not being able to call other or Bandwidth customers.

Like it or not, VoIP is the direction telecom has gone in. Telecom itself has changed! It’s just not about voice alone anymore, but a unified communications experience bringing voice, video, chat, screen sharing and live document collaboration all together. With time, like with any new technology, we’ll overcome current hurdles and adapt to a new normal. VoIP local survivability (maybe coupled with SD-WAN—but that’s a whole other story) may become standard in the future. The point is that there are resources available to help businesses manage the transition.

Sherweb is committed to helping its customers stay connected and will do what it takes to provide our partners with what they need to run their businesses effectively. Get in touch with us if you want to talk more about the recent DDoS attacks on VoIP infrastructure, VoIP in general, or anything else about your business’s IT environment. You can also check out our Partner Guide for more information about how Sherweb can help your business grow.

Written by Jason Nadeau Product Manager – VoIP @ Sherweb

Jason is passionate about Telecom, it’s as much a hobby as it is his career. Certified and trained by top manufacturers of VoIP equipment, he has 20 years of experience in PBX sales, installation and support.