DDoS Protection – Knowledgebase

Knowledgebase Contents

Overview

With its own backbone network and multiple scrubbing centers, Inter.link offers low- and high-end protection for all sizes of Organizations.

In contrast to other DDoS service offerings, Inter.link DDoS services are not billed on “Clean Traffic” or “Number of Attacks” – which is neither predictable nor influenceable for most customers – but on easy to determine featuresets .

With Plus, Premium, and Enterprise tiers (see table below), Inter.link DDoS Protection covers a broad range of requirements. If a customer is already using Inter.link’s Network via IP Transit or IP Access, then DDoS protection can be implemented in a few hours.

Benefits

  • Pricing is not based on Clean Bandwidth or number of Attacks, but only based on the level of Protection and the number of Prefixes protected. 
  • Multi-region protection, minimizing latency
  • Self-service configuration 
  • Low-cost to high-end tiers available 
  • 24/7 proactive mitigation 

Vectors Mitigated

  • TCP SYN, SYN-ACK, PUSH, RST, and FIN Flood
  • UDP, DNS, HTTP, and ICMP Flood
  • Session and Fragmentation Attacks
  • Protocol Violations, Faulty Applications

Components Required

One or more more IP- Access or IP-Transit services.
DDoS protection will be configured automatically to cover all existing IP-Access or IP-Transit sessions.

One or more Subnets to Protect.
These are the customer-originated prefixes that the DDoS protection will be activated on. In case of multiple IP Services announcing the prefixes, protection for these prefixes will be activated across all of the IP Services.

Service Delivery Time

Inter.link provisions DDoS Protection in under 48 hours, with protection configured and ready to be enabled when subnets are configured.

How to Order through the Portal

DDOS Mitigation can be provisioned through the Inter.link portal. Below are the steps explaining how to do this.

Note: An IP service provided by Inter.link is a hard requirement for enabling DDOS Protection.

The knowledgebase has information on setting up IP Transit and IP Access.

Step 1

Click on ‘Add a Service’ and select ‘DDoS Protection’

Step 2

Select how many subnets you would like to protect

Step 3

Choose the base protection level for each protected subnet

Step 4

Choose how long the protection will last

Step 5

Place your order

How to Activate

As soon as the service is provisioned, it needs to be activated. For this we have two options:

  • Activate by Community – Requires IP-Transit. Customer needs to tag the prefixes they expect to use with the special community “65535:700”. Disabled by default, contact support to enable this feature.
  • Static route – Works with IP-Transit or IP-Access. Inter.link engineers need to configure a preferred route for protected subnets through the DDOS platform. Contact support with your subnets to configure this feature.
  • Coming soon: fully automatic redirection via attack matching.

    • Billing for DDoS Protection

    When DDOS Protection is ordered, a tier of protection is selected for each protected prefix (see below for the different tiers).

    This combination of tier and protected networks is what gets billed every month.

    Note: Given the sensitivity of DDoS Protection, Inter.link’s solution doesn’t set any hard limits on usage to keep the protection active under all circumstances. All limits are soft, and going over the configured tier will just incur extra charges over the set monthly cost.

    DDoS Protection Tiers

    Visit the portal for the most up-to-date information on protection tiers.

    The main difference between the 3 tiers (plus, premium, and enterprise) of DDoS Protection is the maximum number of simultaneously mitigated /24 IP address ranges which are 4/10/20 for the different tiers. The onboarding for this can be expedited.

    Another important technical difference is the adaptive mitigation (time for speaking 24/7 with one of our engineers to adjust the mitigation if a DDoS Attack is happening) which is 1/3/unlimited hours according to the chosen tier.

    An additional difference is the maximum attack bandwidth which can be mitigated between the 3 different tiers which are 1/2/5 Tbps.

    For DDoS Protection pricing logic, visit the Pricing section.

    Tier Plus Premium Enterprise
    Requirement IP Transit/Access IP Transit/Access IP Transit/Access
    Features
    Protection Layer Layer3-7 Layer3-7 Layer3-7
    Max. Attack Bandwidth 1 Tbps 2 Tbps 5 Tbps
    Scrubbing Capacity 100 Gbps 250 Gbps 500 Gbps
    Scrubbing Center 1 Region 2 Regions 3 Regions
    Protected Networks
    (/24 or /48 equivalents)    		 4 10 20
    Native IPv6 Support
    Best Practice Filter
    Attack Alerting
    Dashboard & Portal
    GRE Tunnel Support 1 2
    Custom Filter
    White- & Blacklists
    FlowSpec Routes  ⦿ paid option ⦿ paid option ⦿ paid option
    Portal (Full Write Access) *** ⦿ paid option
    Pulling of Traffic
    Enterprise Reports
    Support
    Service Level Standard  Premium  Premium

     

    Explanation for Enterprise Reports

    Reports in the “Plus” tier only including UI-based reporting functionality and e-mail notifications about attacks but no comprehensive PDF reports. The “Premium” tier includes the “Plus” reporting features plus comprehensive PDFs.

    In addition, Enterprise reports will include traffic captures for further forensics and attack pattern as well as trafic intelligence based on the Inter.link portal. Currently, due to technical limitations and only for a limited period of time, traffic captures are available in “Premium”.