Network and Security Services
N&S includes customer-built networking solutions or an additional security layer option including Managed Firewalls and Anti-DDoS.
Anti-DDoS
Distributed denial-of-service (DDoS) attack is when an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. The incoming traffic flooding the victim originates from many different sources which effectively makes it impossible to stop the attack simply by blocking a single source. In such attacks, they try to stop systems from processing genuine user requests, and cause services to become unavailable, leading to lost revenue and dissatisfied customers.
DDoS protection is one of the first security control functions enterprises must design and implement to defend themselves from rising security threats on their digital infrastructure, cloud applications, websites, and other services.
The Equinix Anti-DDoS service protects your infrastructure against those volumetric DDoS attacks. It is available as a fully managed add-on to the Equinix Connect. Equinix Connect provides superior, resilient and low-latency, single- or multi-homed Internet connections in Equinix IBX data centres.
Our service safeguards entire subnets and is available in all Equinix IBX data centres in Ireland. It is based on a subscription model, avoiding high costs of on-premises DDoS detection and mitigation appliances which can range from tens to hundreds of thousands of dollars.
Unlike a Cloud based Anti-DDoS service, our service incurs no additional latency when you are not under attack, thus not influencing your application performance. Traffic will only be redirected when you are under attack, ensuring latency is not affected during peacetime.
How It Works
During onboarding, you will provide your IP addresses and the e-mail address for the notification after which the service will be configured.
Incoming Internet traffic enters the Equinix network via Border Routers. Network sensors attached to these routers continuously scan incoming traffic to identify irregular patterns or sudden increases in volume as the result of DDoS attacks. Within seconds after our network sensors detect an attack, traffic is automatically redirected from the affected IP address(es) to the DDoS mitigation infrastructure.
The DDoS mitigation infrastructure instantly filters out all abnormal traffic and forwards only clean traffic to the application origin. This redirection stops automatically once the DDoS attack ends. You will be notified after we identify a DDoS attack on your infrastructure, with a report via e-mail, containing all details about the attack. The following image depicts the architecture of the DDoS mitigation infrastructure. This infrastructure blocks illicit traffic from overloading your critical application servers, whilst allowing network traffic to and from your end-users.
Prerequisites
The Equinix Anti-DDoS service protects Equinix Connect internet connections with port speeds of 1 Gbps or 10 Gbps. It can be used in combination with either the standard Equinix-owned IP ranges or the user-owned provider-independent address space (PI) when peered with Equinix.
Service Limitations
The Anti-DDoS service is designed to protect the end customer IP ranges from inbound Denial of Service attacks. It is recommended that outbound designated traffic is operated on a separate physical connection and IP ranges.
In the event of an attack mitigation, traffic initiated outbound from the protected IP ranges will cease to function for the duration of the attack.
Purchase Units
The monthly Anti-DDoS tariff is based on the physical ports and speed of the Equinix Connect Internet connection (1 Gbps, 10 Gbps) protected with Anti-DDoS. There are no additional charges about the amount of DDoS attacks which Equinix mitigates monthly.
| Product | Speed |
|---|---|
| Managed DDoS Protection | 1 Gbps |
| Managed DDoS Protection | 10 Gbps |
Customer Connect
Customer Connect meets your need to expand network connectivity between your location and the Equinix data centre.
Benefits offered are:
- You engage with only one party for Equinix, colocation and the connectivity to the data centre.
- You have a single point of contact so that you are not bothered by parties who refer to each other in the event of a failure.
- You are offered a complete package, with Cross Connect provided as part of the service from the demarcation point of the carrier to your racks if needed.
Equinix buys wholesale connections from various carriers and manages these connections. Your location is connected to the Equinix data centre via a WAN connection. Within the Equinix data centre, a Cross Connect is installed, if necessary, between the point where your connection enters the data centre and your racks. All processes are carried out under the supervision of Equinix Managed Services.
Service Variants
The different implementation variants are described below.
SLAs are based on the chosen carrier’s service levels and agreed with the customer.
Single Customer Connect
Below is a diagram of a single Customer Connect:
You will remain connected to the data centre with a stable WAN connection that runs via a carrier.
Dual Customer Connect
A Dual Customer Connect is shown in the diagram below and can provide redundancy between the branch location and Equinix. Maximum effort is made to ensure that the connections are geographically separated from each other and where possible, follow diverse paths.
Agreements are made with the carrier about maintenance on both connections, which minimizes the chance of simultaneous failure and loss of service.
Geographically Separated Equinix IBX Data Centers
If you want a redundant connection with two geographically different Equinix data centres, this can be combined with a Metro Connect between the sites. This creates a fault-tolerant topology; if one Customer Connect connection fails, the other Customer Connect takes over the connection and traffic and the Metro Connect can still reach the other Equinix data centre. The specific solution is implemented by Equinix, based on your requirements and choices.
Options
The service is available with options shown in the table.
| Item | Standard Options | Comments |
|---|---|---|
| Capacity | 1, 8, 10, 16, 32, 40, 100 Gbps | Other bandwidths on request |
| Interface Equinix DC side | LX or LR | Other modes on request |
| Interface customer side | LX or LR | Other modes on request |
| Implementation | Single or redundant | 2 connections to geographically separated Equinix data centres on request |
Managed Firewall
The Managed Firewall Service (MFS) is part of the Network and Security portfolio of Equinix Managed Services. The services provide protection of IT infrastructure through firewall rule sets (filters), which is configured by qualified Equinix staff in consultation with the customer.
With MFS, Equinix offers the possibility to purchase scalable firewall functionality and capacity within the Infrastructure Platform Service. This protects infrastructure against cyber-attacks and prevents data from falling into the wrong hands.
Categorized as a network firewall, this is a network security system that monitors, and controls incoming and outgoing network traffic based on predetermined security rules. This set of security rules is agreed upon with the user in advance. With the right set of rules, the firewall creates a barrier between a trusted internal network and untrusted network.
Equinix Managed Services implements the firewall as a virtual appliance within the MPC platform. This offers a future-proof, flexible and cost-efficient solution that can be scaled up or down monthly depending on the required capacity or functionality.
Some benefits offered by the service include:
- Use of the latest firewall technology
- No major investments in advance, due to monthly billing
- Easily upscaled
- Choice of functional licenses in addition to the basic Next-Generation Firewall, such as Intrusion Prevention System or full Unified Threat Management
- High availability (based on service level)
If there are specific requirements from the user, physical dedicated hardware can also be used on special request.
Below highlights how the firewall services operate for Managed Private Cloud customers, as well as colocation customers operating their own hardware.
Service Variants
The firewall can be supplied in different types depending on the required capacity of the user. Available types are Small, Medium, and Large. The supplied maximum capacity depends on the chosen license and the functionalities offered therein.
When Intrusion Detection/Prevention is enabled, Equinix will forward the related logs and reports to the customer on an agreed schedule. Equinix does not operate as a Security Operations Centre (SOC) service to triage security-related events.
Available Licenses
The table below contains a list of available licenses and their functionalities. The FW license is the baseline solution.
| License | Description | Functionality |
|---|---|---|
| FW Standard | Firewall | Firewall |
| Intrusion Protection (IPS) Option | Unified Threat Management | Firewall Application Control IPS Botnet IP/Domain Reputation 2-Factor Authentication Web Filtering |
Maximum Capacity Per License
Maximum capacity supplied depends on the chosen license. The table below shows the maximum capacity for each type per license.
| Firewall Throughput (Gbps) | ||
|---|---|---|
| Type | FW License | IPS License |
| Small | 10 Gbps | 1 Gbps |
| Medium | 13 Gbps | 2 Gbps |
| Large | 20 Gbps | 3.6 Gbps |
Physical, dedicated hardware can also be used on request.
Managed Network Services
Equinix Managed Services offer dedicated networking solutions tailor made to each customers requirement. Solutions are often a combination of Equinix Fabric, Customer Connect, Equinix Connect, Metro Connect and Managed Firewall/Network Devices.
Use cases include:
- Cloud on-ramp
- Hybrid/multicloud enablement
- Resilient network services.
- Peering and BGP Management.
Maintenance and Support
Availability
The availability levels of the service are shown in the table below.
| Availability Level | Availability (%) |
|---|---|
| Network & Security Standard Level | 99.95%* |
| * SLA only available for Redundant setups |
Incidents
Incident Parameters
| Service Window | Availability |
|---|---|
| Incident Repair Service Window | 24x7 |
Incident Prioritization
| Priority | Impact |
|---|---|
| Critical | The Service is completely unavailable |
| High | The Service is available with reduced functionality |
| Normal | The Service is available but a risk to service is evident |
| Low | Work or Change Request |
Incident Reaction Times
| Priority | Performance of Work | Reaction Time |
|---|---|---|
| Critical | 24x7 | 0.5 Hours |
| High | 24x7 | 1 Hour |
| Normal | 8x5 | 8 Hours |
| Low | 8x5 | 16 Hours |
Maintenance
Scheduled maintenance activities are announced by Equinix change management at least two weeks in advance of work commencement.
For emergency maintenance, Equinix reserves the right to deviate from any agreements. In the above situation, an emergency maintenance request can be scheduled immediately, after which you will be informed when the maintenance will take place.