Attackers send massive amounts of traffic, trying to flood a network or servers to overload resources. Doing so, they try to stop systems from processing genuine user requests, and cause services to become unavailable, leading to lost revenue and dissatisfied customers.
Distributed denial-of-service (DDoS) attack is when an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. The incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
DDoS protection is one of the first security control functions enterprises must design and implement to defend themselves from rising security threats on their digital infrastructure, cloud applications, websites, and other services.
The Equinix Anti-DDoS service protects your infrastructure against those volumetric DDoS attacks. It is available as a fully managed add-on to the Equinix Connect. Equinix Connect provides superior, resilient and low-latency, single- or multi-homed Internet connections in Equinix data centers.
Our service safeguards entire IPv4 and IPv6 subnets and is available in all Equinix IBX® data centers in the Netherlands. It is based on a subscription model, avoiding high costs of on-premises DDoS detection and mitigation appliances which can range from tens to hundreds of thousands of dollars.
Unlike a Cloud based Anti-DDoS service, our service incurs no additional latency when you are not under attack, thus not influencing your application performance. Traffic will only be redirected when you are under attack, ensuring latency is not affected during peacetime.
During onboarding, you will provide your IP addresses and the e-mail address for the notification after which the service will be configured.
Incoming Internet traffic enters the Equinix network via Border Routers. Network sensors attached to these routers continuously scan incoming traffic to identify irregular patterns or sudden increases in volume as the result of DDoS attacks. Within seconds after our network sensors detect an attack, traffic is automatically redirected from the affected IP address(es) to the DDoS mitigation infrastructure.
The DDoS mitigation infrastructure instantly filters out all abnormal traffic and forwards only clean traffic to the application origin. This redirection stops automatically once the DDoS attack ends. You will be notified after we identify a DDoS attack on your infrastructure, with a report via e-mail, containing all details about the attack. The following image depicts the architecture of the DDoS mitigation infrastructure. This infrastructure blocks illicit traffic from overloading your critical application servers, whilst allowing network traffic to and from your end-users.
The Equinix Anti-DDoS service protects Equinix Connect Internet connections in the Netherlands with port speeds 1Gpbs, 10Gbps and 100Gpbs. It can be used in combination with either the standard Equinix-owned or the user-owned provider-independent address space (PI).
When using Equinix owned PI space, Equinix protects subnets as small as a /30. This might require new IP subnets when using existing Equinix Connect Internet connections.
When using your own PI space, you must have continuous IP address ranges of at least /23 (IPv4) or /47 (IPv6). Furthermore, Equinix must be the only provider for these ranges.
In case of a DDoS attack on one or more IP addresses in a subnet, rerouting takes place on that subnet to prevent adverse impact on other services.
The monthly Anti-DDoS tariff is based on the physical ports and speed of the Equinix Connect Internet connection (1Gbps, 10Gbps or 100Gpbs) protected with Anti-DDoS. There are no additional charges about the amount of DDoS attacks Equinix mitigates on a monthly basis.
|Managed DDoS Protection||1Gbps|
|Managed DDoS Protection||10Gbps|
|Managed DDoS Protection||100Gbps|
Availability of Service