Network and Security Services
Network and Security includes custom-built networking solutions or an additional security layer option including Managed Firewalls and Managed DDoS Protection. For more information, refer to:
- Managed DDoS Protection
- Customer Connect
- Managed Firewall
- Managed Network Device
- Maintenance and Support – N&S
Managed DDoS Protection
A Distributed Denial-of-Service (DDoS) attack is when an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. The incoming traffic flooding the victim originates from many different sources which effectively makes it impossible to stop the attack simply by blocking a single source. In such attacks, they try to stop systems from processing genuine user requests, and cause services to become unavailable, leading to lost revenue and dissatisfied customers.
DDoS protection is one of the first security control functions enterprises must design and implement to defend themselves from rising security threats on their digital infrastructure, cloud applications, websites, and other services.
The Equinix Managed DDoS Protection service protects your infrastructure against those volumetric DDoS attacks. It is available as a fully managed add-on to the Equinix Internet Access service. Equinix Internet Access provides superior, resilient and low-latency, single- or multi-homed Internet connections in Equinix IBX data centres.
Our service safeguards entire subnets and is available in almost all Equinix IBX data centers in the UK. It is based on a subscription model, avoiding the high costs of on-premises DDoS detection and mitigation appliances which can range from tens to hundreds of thousands of pounds.
Unlike a Cloud based Anti-DDoS service, our service incurs no additional latency when you are not under attack, thus not influencing your application performance. Traffic is only redirected when you are under attack, ensuring latency is not affected during peacetime.
How Does It Work?
During onboarding, you provide your IP addresses and the e-mail address for the notifications after which the service is configured.
Incoming Internet traffic enters the Equinix Internet Access network via Border Routers. Network sensors attached to these routers continuously scan incoming traffic to identify irregular patterns or sudden increases in volume as the result of DDoS attacks. Within seconds after our network sensors detect an attack, traffic is automatically redirected from the affected IP address(es) to the DDoS mitigation infrastructure.
The DDoS mitigation infrastructure instantly filters out all abnormal traffic and forwards only clean traffic to the application origin. This redirection stops automatically once the DDoS attack ends. You are notified after we identify a DDoS attack on your infrastructure, with a report via e-mail, containing all details about the attack. The following image depicts the architecture of the DDoS mitigation infrastructure. This infrastructure blocks illicit traffic from overloading your critical application servers, whilst allowing network traffic to and from your end-users.
The Equinix Managed DDoS Protection service protects Equinix Internet Access connections with 1 Gbps or 10 Gbps port speeds. It can be combined with the standard Equinix-owned IP ranges or the user-owned provider-independent address space (PI) when peered with Equinix.
Purchase Units
The monthly Managed DDoS Protection fee is based on the physical ports allocated to the Equinix Internet Access connection you want to protect, as well as any additional IP addresses of a /24 subnet size or larger.
Scaling IP costs
- If you use Equinix Internet Access and have IP blocks smaller than a /24 (256 addresses), such as /29s (8 addresses) or /28s (16 addresses), and then add more small blocks over time, we consider them all.
- Whether you start small and grow or start with a large block, extra charges apply if you reach or exceed a /24 size in total.
- If you initially request a /24 block, bring your own block of /24 or larger, or have multiple blocks that add together, these scenarios involve additional costs.
Read also Equinix IP allocation.
| Product | Speed |
|---|---|
| Managed DDoS Protection | 1 Gbps (Single or Dual-port configurations) |
| Managed DDoS Protection | 10 Gbps (Single or Dual-port configurations) |
| Managed DDoS Protection (Add-on) | Additional /24 protected IP range (PI or PA type) |
| Managed DDoS Protection (Add-on) | Additional /23 protected IP range (PI or PA type) |
| Managed DDoS Protection (Add-on) | Additional /22 protected IP range (PI or PA type) |
Add-on option means you need to choose either a 1 Gbps or 10 Gbps base service first. Then, you can add extra /24 IP blocks to your order if they are applicable.
The monthly fee for Managed DDoS Protection depends on two main factors:
-
Physical Ports - the number of physical ports connected to your Equinix Internet Access that need protection.
-
Extra IP Addresses - if your business has more internet addresses than usual, either issued by Equinix Provider-Assigned (PA) or Provider-Independent (PI), you can protect them for an additional cost. This option is applicable for single blocks of 256 IP addresses (/24) or larger.
Customer Connect
Customer Connect meets your need to expand network connectivity between your location and the Equinix data center.
Benefits offered are:
- You engage with only one party for colocation and the connectivity to the data center.
- You have a single point of contact so that you are not bothered by parties who refer to each other in the event of a failure.
- You are offered a complete package, with Cross Connect(s) provided as part of the service from the demarcation point of the carrier to your racks or IPS if required.
Equinix buys wholesale connections from various carriers and manages these connections. Your location is connected to the Equinix data center via a WAN connection. Within the Equinix data centre, a Cross Connect is installed, if necessary, between the point where your connection enters the data center, your racks or your IPS platform(s). All processes are carried out under the supervision of Equinix Managed Services.
Service Variants
The different implementation variants are described below.
Service Level Agreements (SLAs) are based on the chosen carrier’s service levels and agreed with the customer.
Dual Customer Connect
A Dual Customer Connect is shown in the diagram below and can provide redundancy between the branch location and Equinix. Maximum effort is made to ensure that the connections are geographically separated from each other and where possible, follow diverse paths.
Agreements are made with the carrier about maintenance on both connections, which minimizes the chance of simultaneous failure and loss of service.
Geographically Separated Equinix IBX Data Centers
If you want a redundant connection with two geographically different Equinix data centers, this can be combined with a Metro Connect or Equinix Fabric between the sites. This creates a fault-tolerant topology; if one of the Customer Connect connection fails, the other Customer Connect takes over the connection and traffic, and the Metro Connect or Equinix Fabric connection can still reach the other Equinix data center. The specific solution is implemented by Equinix, based on your requirements and choices.
Options
The service is available with options shown in the table.
| Item | Standard Options | Comments |
|---|---|---|
| Capacity | 1, 8, 10, 16, 32, 40, 100 Gbps | Other bandwidths on request |
| Interface Equinix DC side | Long-range (SMF) | Other modes on request |
| Interface customer side | Long-range (SMF) | Other modes on request |
| Implementation | Single or redundant | 2x connections to geographically separated Equinix data centers on request |
Limitations
Delivery times may be impacted depending on the "on-net" availability of the customer location. While we have several preferred carriers for these services, their ability to connect at the remote (non-Equinix) site is outside Equinix's control.
Managed Firewall
The Managed Firewall service is part of the Network and Security portfolio of Equinix Managed Services. The services provide protection of IT infrastructure through firewall rule sets (filters) configured by qualified Equinix staff in consultation with the customer.
With the Managed Firewall service, Equinix offers the possibility to purchase scalable firewall functionality and capacity within the Infrastructure Platform Service. This protects infrastructure against cyber-attacks and prevents data from falling into the wrong hands.
Categorized as a network firewall, this is a network security system that monitors, and controls incoming and outgoing network traffic based on predetermined security rules. This set of security rules is agreed upon with the user in advance. With the right set of rules, the firewall creates a barrier between a trusted internal network and untrusted networks.
Equinix Managed Services implements the firewall as a virtual appliance within the IPS platform. This offers a future-proof, flexible and cost-efficient solution that can sized depending on the required capacity or functionality.
Some benefits offered by the service include:
- Use of the latest firewall technology
- No major investments in advance, due to monthly billing
- Choice of functional licenses in addition to the basic Next-Generation Firewall, such as Advanced Threat Protection or full Unified Threat Management
- High availability (based on service level)
If the user has specific requirements, physical dedicated hardware can also be used on special request.
Below highlights how the firewall services operate for IPS customers, as well as colocation customers operating their own hardware.
Service Variants
The firewall can be supplied in several types depending on the required capacity of the user. Various sizes are available, and our experts can suggest options that best fit your desired outcomes. The supplied maximum capacity depends on the chosen license and the functionalities offered.
When Intrusion Prevention features are enabled on the firewall, Equinix forwards the related log events and/or reports to the customer or customer system on an agreed schedule. The customer must provide connectivity to the log-recipient, so that events can be shipped successfully. Equinix does not operate as a Security Operations Center (SOC) service to triage security-related events.
Managed Network Device
Equinix Managed Services offer dedicated enterprise-grade network devices to form part of a solution tailored to each customer’s requirement. Solutions are often a combination of Equinix Fabric, Customer Connect, Equinix Internet Access, Metro Connect and Managed Firewall and/or Network Devices.
Use cases include:
- Cloud on-ramp
- Hybrid/multicloud enablement
- Resilient network services
- Peering and BGP Management
Maintenance and Support
The availability levels of the service are shown in the table below.
| Availability Level | Availability (%) |
|---|---|
| Network & Security Standard Level | 99.95%* |
*SLA only available for Redundant setups
Incidents
Incident Parameters
| Service Window | Availability |
|---|---|
| Incident Repair Service Window | 24x7 |
Incident Prioritization
| Priority | Impact |
|---|---|
| Critical | The Service is completely unavailable |
| High | The Service is available with reduced functionality |
| Normal | The Service is available but a risk to service is evident |
| Low | Work or Change Request |
Incident Reaction Times
| Priority | Performance of Work | Reaction Time |
|---|---|---|
| Critical | 24x7 | 0.5 Hours |
| High | 24x7 | 1 Hour |
| Normal | 9x5 | 8 Hours |
| Low | 9x5 | 16 Hours |
Maintenance
Scheduled maintenance activities are announced by Equinix change management at least two weeks in advance of work commencement.
For emergency maintenance, Equinix reserves the right to deviate from any agreements. In the above situation, an emergency maintenance request can be scheduled immediately, after which you are informed when the maintenance takes place.