A Distributed Denial-of-Service (DDoS) attack is when an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. The incoming traffic flooding the victim originates from many different sources which effectively makes it impossible to stop the attack simply by blocking a single source. In such attacks, they try to stop systems from processing genuine user requests, and cause services to become unavailable, leading to lost revenue and dissatisfied customers.
DDoS protection is one of the first security control functions enterprises must design and implement to defend themselves from rising security threats on their digital infrastructure, cloud applications, websites, and other services.
The Equinix Managed DDoS Protection service protects your infrastructure against those volumetric DDoS attacks. It is available as a fully managed add-on to the Equinix Internet Access service. Equinix Internet Access provides superior, resilient and low-latency, single- or multi-homed Internet connections in Equinix IBX data centres.
Our service safeguards entire subnets and is available in almost all Equinix IBX data centers in the UK. It is based on a subscription model, avoiding the high costs of on-premises DDoS detection and mitigation appliances which can range from tens to hundreds of thousands of pounds.
Unlike a Cloud based Anti-DDoS service, our service incurs no additional latency when you are not under attack, thus not influencing your application performance. Traffic is only redirected when you are under attack, ensuring latency is not affected during peacetime.
How Does It Work?
During onboarding, you provide your IP addresses and the e-mail address for the notifications after which the service is configured.
Incoming Internet traffic enters the Equinix Internet Access network via Border Routers. Network sensors attached to these routers continuously scan incoming traffic to identify irregular patterns or sudden increases in volume as the result of DDoS attacks. Within seconds after our network sensors detect an attack, traffic is automatically redirected from the affected IP address(es) to the DDoS mitigation infrastructure.
The DDoS mitigation infrastructure instantly filters out all abnormal traffic and forwards only clean traffic to the application origin. This redirection stops automatically once the DDoS attack ends. You are notified after we identify a DDoS attack on your infrastructure, with a report via e-mail, containing all details about the attack. The following image depicts the architecture of the DDoS mitigation infrastructure. This infrastructure blocks illicit traffic from overloading your critical application servers, whilst allowing network traffic to and from your end-users.
The Equinix Managed DDoS Protection service protects Equinix Internet Access connections with 1 Gbps or 10 Gbps port speeds. It can be combined with the standard Equinix-owned IP ranges or the user-owned provider-independent address space (PI) when peered with Equinix.
Purchase Units
The monthly Managed DDoS Protection fee is based on the physical ports allocated to the Equinix Internet Access connection you want to protect, as well as any additional IP addresses of a /24 subnet size or larger.
Scaling IP costs
-
If you use Equinix Internet Access and have IP blocks smaller than a /24 (256 addresses), such as /29s (8 addresses) or /28s (16 addresses), and then add more small blocks over time, we consider them all.
-
Whether you start small and grow or start with a large block, extra charges apply if you reach or exceed a /24 size in total.
-
If you initially request a /24 block, bring your own block of /24 or larger, or have multiple blocks that add together, these scenarios involve additional costs.
Read also Equinix IP allocation.
| Product | Speed |
|---|---|
| Managed DDoS Protection | 1 Gbps (Single or Dual-port configurations) |
| Managed DDoS Protection | 10 Gbps (Single or Dual-port configurations) |
| Managed DDoS Protection (Add-on) | Additional /24 protected IP range (PI or PA type) |
| Managed DDoS Protection (Add-on) | Additional /23 protected IP range (PI or PA type) |
| Managed DDoS Protection (Add-on) | Additional /22 protected IP range (PI or PA type) |
Add-on option means you need to choose either a 1 Gbps or 10 Gbps base service first. Then, you can add extra /24 IP blocks to your order if they are applicable.
The monthly fee for Managed DDoS Protection depends on two main factors:
-
Physical Ports - the number of physical ports connected to your Equinix Internet Access that need protection.
-
Extra IP Addresses - if your business has more internet addresses than usual, either issued by Equinix Provider-Assigned (PA) or Provider-Independent (PI), you can protect them for an additional cost. This option is applicable for single blocks of 256 IP addresses (/24) or larger.
