Server/network protection means filtering of all kinds of DDoS attacks against TCP/UDP services. The service can be connected through a GRE tunnel, through IX, or physically on site (in one of our datacenters). This type of DDoS protection both works for end customers (game servers, business applications, VoIP, etc.) and for service providers (Internet providers, hosting compaties, datacenters). There are packages that differ from each other in legitimate bandwidth, service level and price. But all of them have a number of common characteristics that characterize them as one of the most effective defense systems. Packages are: Standard (for small Internet applications), Business (for business applications) and Enterprise (for most critical applications).
Common Features of the Service Packages
- OSI layers where the targets are protected from DDoS attacks - from L3 to L5 (also, you can optionally connect L7 protection against HTTP flood). The cost of services includes one rented IP. About 1650 Gbps bandwidth without connection inspection (stateless), Over 150 Gbps bandwidth with connection inspection (stateful) - each incoming TCP connection is processed and analyzed.
- Traffic volume is unlimited.
- 24-hour technical support is provided.
- 15 minutes to set up.
Features of Business and Enterprise
- Support for BGP, prefixes can be announced without restrictions.
- It is possible to defend against bot attacks using L7 filtering (HTTP/HTTPS).
- SLA > 99%.
- Maximum response times for support requests are 30 and 15 minutes respectively (vs. 60 minutes for the Standard package).
- Expert support service AntiDDoS is provided for the Enterprise package (including 24/7 Slack chat with DDoS experts).
IP protection (TCP/UDP)
Connection is established with GRE/IPIP tunnel or using proxy.
IPIP/GRE tunnel is possible if you are using *nix system (Linux, FreeBSD) or specialized router (Cisco, Mikrotik etc.). In this case we «teleport» protected Storm IP to your equipment and you use it for your clients.
When you use OS Windows on your server, proxy is used. In these cases all the requests from your clients will come from one IP address.
BGP protection for ISP, Datacenters, Hosting providers
Often DDoS attack on one of IP addresses in network causes inoperability of all infrastructure. StormWall offers «Network Protection» - service for analysis and filtering Internet traffic on OSI L3-L7. You can secure your infrastructure and websites from the corresponding DDoS attacks.
Network protection (BGP) is actual for ISPs, hosters, datacenters and corporate clients with their own AS who want to protect their business and ensure network operability during DDoS attacks of any complexity and severity.
1) We establish GRE/IPIP/MPLS tunnel or physical connection with you on one or our connection points;
2) We set up a BGP session which you use to announce your IP prefixes;
3) We accept your announcement, filter all the traffic and deliver only legitimate traffic to your router.
You can divert all traffic through StormWall or only incoming traffic, depending on your needs. You can use protection service always or activate it yourself only in case of attack.
StormWall™ network capabilities
- About 1650 Gbps bandwidth without connection inspection (stateless) - processing IP packets on ACL/FlowSpec level without TCP connection check (blocking TCP/UDP amplifications);
- Over 150 Gbps bandwidth with connection inspection (stateful) - each incoming TCP connection is processed and analyzed;
- Added latency - from 0 to 100 ms. In case of HTTP proxying, speed increase is possible due to persistent connections and HyperCache caching.
- Number of websites, IPs, services and datacenters under protection - unlimited.
1) US: 21715 Filigree Ct, Ashburn, VA 20147 (Equinix DC-5)
2) EU: Frankfurt Germany, Kleyerstraße 90 (Equinix FR-5)
3) Russia: Moscow, Butlerova st., 7 (MMTS-9)
To activate the service, please contact consultant on the website or write to email@example.com.