DDoS Protection – Knowledgebase
Overview
With its own backbone network and multiple scrubbing centers, Inter.link offers low- and high-end protection for all sizes of Organizations.
In contrast to other DDoS service offerings, Inter.link DDoS services are not billed on “Clean Traffic” or “Number of Attacks” – which is neither predictable nor influenceable for most customers – but on easy to determine featuresets .
With Plus, Premium, and Enterprise tiers (see table below), Inter.link DDoS Protection covers a broad range of requirements. If a customer is already using Inter.link’s Network via IP Transit or IP Access, then DDoS protection can be implemented in a few hours.
Benefits
- Pricing is not based on Clean Bandwidth or number of Attacks, but only based on the level of Protection and the number of Prefixes protected.
- Multi-region protection, minimizing latency
- Self-service configuration
- Low-cost to high-end tiers available
- 24/7 proactive mitigation
Vectors Mitigated
- TCP SYN, SYN-ACK, PUSH, RST, and FIN Flood
- UDP, DNS, HTTP, and ICMP Flood
- Session and Fragmentation Attacks
- Protocol Violations, Faulty Applications
Components Required
One or more more IP- Access or IP-Transit services.
DDoS protection will be configured automatically to cover all existing IP-Access or IP-Transit sessions.
One or more Subnets to Protect.
These are the customer-originated prefixes that the DDoS protection will be activated on. In case of multiple IP Services announcing the prefixes, protection for these prefixes will be activated across all of the IP Services.
Service Delivery Time
Inter.link provisions DDoS Protection in under 48 hours, with protection configured and ready to be enabled when subnets are configured.
How to Order through the Portal
DDOS Mitigation can be provisioned through the Inter.link portal. Below are the steps explaining how to do this.
Note: An IP service provided by Inter.link is a hard requirement for enabling DDOS Protection.
The knowledgebase has information on setting up IP Transit and IP Access.
Step 1
Click on ‘Add a Service’ and select ‘DDoS Protection’
Step 2
Select your level of DDoS protection: Plus, Premium, or Enterprise.
Or choose FlexDetect instead! Detection without mitigation.
Step 3
Choose the number of additional networks to protect and select how long the protection term will last.
Step 4
Place your order
How to Activate
As soon as the service is provisioned, it needs to be activated. For this we have two options:
- Activate by Community – Requires IP-Transit. Customer needs to tag the prefixes they expect to use with the special community “65535:700″. This activation method can be used without any interaction with Inter.link.
- Static route – Works with IP-Transit or IP-Access. Inter.link engineers need to configure a preferred route for protected subnets through the DDOS platform. Contact support with your subnets to configure this feature.
- Coming soon: fully automatic redirection via attack matching.
Billing for DDoS Protection
When DDOS Protection is ordered, a tier of protection is selected for each protected prefix (see below for the different tiers).
This combination of tier and protected networks is what gets billed every month.
Note: Given the sensitivity of DDoS Protection, Inter.link’s solution doesn’t set any hard limits on usage to keep the protection active under all circumstances. All limits are soft, and going over the configured tier will just incur extra charges over the set monthly cost.
For the latest information, please visit the portal, however you can also find more details in the Pricing section.
DDoS Protection Tiers
Visit the portal for the most up-to-date information on protection tiers.
The main difference between the 3 tiers (plus, premium, and enterprise) of DDoS Protection is the maximum number of simultaneously mitigated /24 IP address ranges which are 4/10/20 for the different tiers. The onboarding for this can be expedited.
Another important technical difference is the adaptive mitigation (time for speaking 24/7 with one of our engineers to adjust the mitigation if a DDoS Attack is happening) which is 1/3/unlimited hours according to the chosen tier.
An additional difference is the maximum attack bandwidth which can be mitigated between the 3 different tiers which are 1/2/5 Tbps.
For DDoS Protection pricing logic, visit the Pricing section.
| Tier | Plus | Premium | Enterprise |
| Requirement | IP Transit/Access | IP Transit/Access | IP Transit/Access |
| Features | |||
| Protection Layer | Layer3-7 | Layer3-7 | Layer3-7 |
| Max. Attack Bandwidth | 1 Tbps | 2 Tbps | 5 Tbps |
| Scrubbing Capacity | 100 Gbps | 250 Gbps | 500 Gbps |
| Scrubbing Region | All | All | All |
| Protected Networks (/24 or /48 equivalents) |
4 | 10 | 20 |
| Native IPv6 Support | ✔ | ✔ | ✔ |
| Best Practice Filter | ✔ | ✔ | ✔ |
| Attack Alerting | ✔ | ✔ | ✔ |
| Dashboard & Portal | ✔ | ✔ | ✔ |
| Custom Templates | – | 5 | 10 |
| White- & Blacklists | 1/1 | 5/5 | 10/10 |
| FlowSpec Routes | ⦿ paid option | ⦿ paid option | ⦿ paid option |
| Enterprise Reports | ✔ | ||
| Support | |||
| Service Level | Standard | Premium | Premium |
Explanation of Reports
Our reporting system offers UI-based reporting and email notifications to keep you informed about key events. For now, PDF reports are available to all users, though future updates may adjust access based on subscription level. Over time, we also expect to include additional traffic report data from packet captures to provide more detailed technical visibility.
DDoS Protection Q&A
Are there limits on the number of whitelist and blacklist entries in the Inter.link DDoS Protection Platform?
Yes. The Inter.link DDoS platform uses a shared-capacity model for whitelist and blacklist entries to ensure consistent performance and protection quality for all customers.
Each customer tier includes an allowance for a certain number of whitelists and blacklists. Within each list, a single rule can expand into many underlying entries—for example, allowing or blocking an entire country can translate into thousands of IP ranges. These entries consume shared platform resources, and there is an overall system-wide capacity limit.
Because of this:
- Permanent whitelists or blacklists are not allowed.
- Lists are intended only for temporary mitigation during active attack scenarios.
- Usage is subject to fair-use policies, and Inter.link reserves the right to modify or remove whitelist or blacklist entries if necessary to protect the stability and performance of the platform.
If you anticipate needing extensive or recurring whitelist/blacklist usage, please contact Inter.link support so we can recommend a scalable and appropriate solution.
How far back can I view traffic and DDoS analytics data in the Inter.link DDoS Protection Platform?
The Inter.link DDoS platform keeps different types of analytics and telemetry data for different time periods. This affects how far back you can view graphs, reports, and attack information in the portal.
In general:
- High-resolution / short-interval graphs (for example 30-second or 5-minute statistics) are kept for a minimum of 7 days.
- Detailed traffic and packet data is typically kept for atleast a few days, depending on the dataset.
- Aggregated statistics and summaries (hourly, daily, top applications, top attackers, etc.) are kept for a minimum of 2 months.
This means:
- For recent incidents, you can drill down into very detailed graphs and packet-level information.
- For older incidents, only aggregated or summarized data will be available.
If you’re unsure about a specific dataset, contact Inter.link support for details.
How does support work when I purchased Inter.link services through a reseller?
If your service is provided through a reseller, support follows a tiered model:
- Level 1 Support: Your reseller
- Level 2 Support: Inter.link
- Level 3 Support: RioRey (platform vendor)
In practice, you always contact your reseller. If needed, the reseller escalates the issue to Inter.link, and Inter.link may further escalate to RioRey.
Each level manages communication with the next level, so you continue working with your reseller while the issue is being escalated behind the scenes.
Who provides support if I don’t have a reseller?
If you purchased Inter.link services directly, Inter.link provides both:
- Level 1 Support: Initial troubleshooting and customer assistance
- Level 2 Support: Advanced platform investigation
If necessary, Inter.link will escalate internally to RioRey for Level 3 support.
You will continue communicating directly with Inter.link while we coordinate any deeper escalation.