Below you will find an overview which we hope will help you decide on an appropriate service tier for your site / service. Thank you for choosing X4B for your protection needs.
What service tier is right for me?
This list is non-exhaustive and does not consider your specific situation. We do hope however these examples will help you in making your choice.
Budget:
- I'm running a hobby site and I need basic protection; or
- I'm not likely to receive complex attacks; or
- I need the lowest price possible, nothing else matters
Standard Anycast:
- This is our most popular product and suitable and recommended for most users
- Includes Anycast based redundancy through Points of Presences (PoPs) in Europe and the United States
Premium Anycast:
- Me and/or my users are based in Asia/South America; or
- I need low latency to Asia and all citizens of the world; or
- I need the additional Layer 7 Capacity; or
- I need the best you can offer
Guaranteed vs Burstable protection
Guaranteed protection refers to the threshold of attack we can reasonably guarantee we can mitigate in a PoP. This threshold is in both Bandwidth peak volume (Gbps) or Packets Per Second (PPS). We do not limit the time in which customers may be under attack within this threshold.
Burstable protection refers to the threshold of attack we can usually cover and will cover for a reasonable period of time. With the guaranteed thresholds we attempt to reasonably estimate likely worst case scenarios. This may not apply to every attack in this case the burstable limit is applied. As per the name due to the cost of bandwidth involved in mitigating large attacks it may not be possible for us to mitigate attacks above the guaranteed protection thresholds indefinitely.
For more information see the relevant section in the Frequently Asked Questions.
Technical Capability Overview
| Budget | Standard | Premium | |
|---|---|---|---|
| Regions | US & EU | US & EU | Americas, EU & Asia |
| Price Target | Lowest Possible | Affordable | Affordable for Premium Locations |
| Bandwidth | Best Effort | Guaranteed | Guaranteed |
| Routing | Unicast | Anycast | Anycast |
| Redundancy | 1 server | 7 PoPs | 11 PoPs |
| Mitigation | Remote + On-Premises | On-Premises (AS136165) | On-Premises (AS136165) |
| Average Latency | Acceptable | Great | Best |
| Primary Transit Providers | Cogent & HE | Lumen & GTT | Lumen & GTT & Regional |
| Secondary Transit Providers | N/A | Premium (e.g China Telecom) | NTT & Premium (e.g China Telecom) |
| Layer 4: Mitigation Capacity | Highest | High | High |
| Layer 4: Mitigation Complexity | Low | Highest | Highest |
| Layer 7: Mitigation Capacity | Moderate | High | Highest |
| Layer 7: Mitigation Complexity | High | Highest | Highest |
| Typical Uptime | 99.9%+ | 99.99%+ | 99.99%+ |
Most system features are offered for all tiers (where applicable) however some fair use limits differ between service tiers.
What is your mitigation capacity?
Upper mitigation limits derived from actual capacity is never easy to calculate. All tiers have access to at-least 3Tbps of total mitigation capacity and over 4Tbps of bandwidth. From this we produce a worst case figure (guaranteed) and a reasonably obtainable threshold (burstable). These figures are highly simplified, however significantly less so than with other services advertising "up to" or fixed thresholds. It is extremely unlikely that the thresholds we provide will be a problem for you.
How we mitigate?
We take a layered approach to DDoS mitigation. For example, in the US and Europe we have nearly 100Gbps of our own capacity (high complexity filtering & analysis) and access to clusters providing us with additional Tbps. This is made up of on-premises network level filtering (which we can control) of at-least 160Gbps per PoP (typically higher) and primary transit link of less than 100Gbps (and usually not less than 2x100G). We also utilize transit level filtering for UDP amplification attacks (where available), meaning that we typically receive less than 10% of the traffic sent in an amplification attack (resulting in at-least a 10x multiplier from our capacity).
So what can we mitigate?
Under the right conditions we can mitigate attacks in excess of 10Tbps. The reality however is that attacks can be unfairly balanced and that attackers can be crafty in choosing attack methods that best target weaknesses in mitigation technique, capacity or methods. Professional attackers switch out poorly performing attack methods for more complex and expensive (to launch and/or mitigate) methods as required. Capacity is only one part of the equation, mitigation capability is much harder to measure and just (or more) important.
Many companies would however claim a mitigation capacity of 5-6Tbps with the amount of capacity we have at our disposal. We however do not feel this is a fair way to measure service capacity and as such use the term guaranteed thresholds to represent the minimum attack which may cause trouble and capacity to describe the maximum attack that could be reasonably automatically mitigated.
In Asia and South America our capacity is less than that of EU & US. This is due bandwidth costing 10 - 100 times as much as it does in US/EU. Despite these challenges we feel we have suitable capacity for most attacks regularly seen. We have performed extensive tuning to maximise our capacity in these regions.
