Distributed denial-of-service (DDoS) attack is when an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. The incoming traffic flooding the victim originates from many different sources which effectively makes it impossible to stop the attack simply by blocking a single source. In such attacks, they try to stop systems from processing genuine user requests, and cause services to become unavailable, leading to lost revenue and dissatisfied customers.
DDoS protection is one of the first security control functions enterprises must design and implement to defend themselves from rising security threats on their digital infrastructure, cloud applications, websites, and other services.
The Equinix Anti-DDoS service protects your infrastructure against those volumetric DDoS attacks. It is available as a fully managed add-on to the Equinix Connect. Equinix Connect provides superior, resilient and low-latency, single- or multi-homed Internet connections in Equinix IBX data centres.
Our service safeguards entire subnets and is available in all Equinix IBX data centres in Ireland. It is based on a subscription model, avoiding high costs of on-premises DDoS detection and mitigation appliances which can range from tens to hundreds of thousands of dollars.
Unlike a Cloud based Anti-DDoS service, our service incurs no additional latency when you are not under attack, thus not influencing your application performance. Traffic will only be redirected when you are under attack, ensuring latency is not affected during peacetime.
How It Works
During onboarding, you will provide your IP addresses and the e-mail address for the notification after which the service will be configured.
Incoming Internet traffic enters the Equinix network via Border Routers. Network sensors attached to these routers continuously scan incoming traffic to identify irregular patterns or sudden increases in volume as the result of DDoS attacks. Within seconds after our network sensors detect an attack, traffic is automatically redirected from the affected IP address(es) to the DDoS mitigation infrastructure.
The DDoS mitigation infrastructure instantly filters out all abnormal traffic and forwards only clean traffic to the application origin. This redirection stops automatically once the DDoS attack ends. You will be notified after we identify a DDoS attack on your infrastructure, with a report via e-mail, containing all details about the attack. The following image depicts the architecture of the DDoS mitigation infrastructure. This infrastructure blocks illicit traffic from overloading your critical application servers, whilst allowing network traffic to and from your end-users.
Prerequisites
The Equinix Anti-DDoS service protects Equinix Connect internet connections with port speeds of 1 Gbps or 10 Gbps. It can be used in combination with either the standard Equinix-owned IP ranges or the user-owned provider-independent address space (PI) when peered with Equinix.
Service Limitations
The Anti-DDoS service is designed to protect the end customer IP ranges from inbound Denial of Service attacks. It is recommended that outbound designated traffic is operated on a separate physical connection and IP ranges.
In the event of an attack mitigation, traffic initiated outbound from the protected IP ranges will cease to function for the duration of the attack.
Purchase Units
The monthly Anti-DDoS tariff is based on the physical ports and speed of the Equinix Connect Internet connection (1 Gbps, 10 Gbps) protected with Anti-DDoS. There are no additional charges about the amount of DDoS attacks which Equinix mitigates monthly.
| Product | Speed |
|---|---|
| Managed DDoS Protection | 1 Gbps |
| Managed DDoS Protection | 10 Gbps |
