Below you will find an overview which we hope will help you decide on an appropriate service tier for your site / service. Thank you for choosing X4B for your protection needs.

What service tier is right for me?

This list is non-exhaustive and does not consider your specific situation. We do hope however these examples will help you in making your choice.

Budget:

  • I'm running a hobby site and I need basic protection; or
  • I'm not likely to receive complex attacks; or
  • I need the lowest price possible, nothing else matters

Standard Anycast:

  • This is our most popular product and suitable and recommended for most users
  • Includes Anycast based redundancy through Points of Presences (PoPs) in Europe and the United States

Premium Anycast:

  • Me and/or my users are based in Asia/South America; or
  • I need low latency to Asia and all citizens of the world; or
  • I need the additional Layer 7 Capacity; or
  • I need the best you can offer

Guaranteed vs Burstable protection

Guarunteed protection refers to the threshold of attack we can reasonably guarantee we can mitigate. This threshold is in Bandwidth peak volume (Gbps) or Packets Per Second (PPS). We do not limit the time in which customers may be under attack within this threshold.

Burstable protection refers to the threshold of attack we can usually cover and will cover for a reasonable period of time. With the guaranteed thresholds we attempt to reasonably estimate likely worst case scenarios. This may not apply to every attack (and normally doesn't) in this case the burstable limit is applied. As per the name due to the cost of bandwidth involved in mitigating large attacks it may not be possible for us to mitigate attacks above the guaranteed protection thresholds indefinitely.

For more information see the relevant section in the Frequently Asked Questions.

Technical Capability Overview

Budget

Standard

Premium

Regions

US & EU

US & EU

Americas, EU & Asia

Price Target

Lowest Possible

Affordable

Premium

Bandwidth

Best Effort

Guarunteed

Guarunteed

Routing

Unicast

Anycast

Anycast

Redundancy

1 server

7 PoPs

11 PoPs

Mitigation

Remote + On-Premises

On-Premises (AS136165)

On-Premises (AS136165)

Average Latency

Acceptable

Great

Best

Primary Transit Providers

Cogent & HE

NTT & GTT

Lumen & GTT & Regional

Secondary Transit Providers

N/A

Sparkle & Premium (e.g China Telecom)

Sparkle & Premium (e.g China Telecom)

Layer 4: Mitigation Capacity

Highest

High

High (Moderate in Asia)

Layer 4: Mitigation Complexity

Low

Highest

Highest

Layer 7: Mitigation Capacity

Moderate

High

Highest

Layer 7: Mitigation Complexity

High

Highest

Highest

Typical Uptime

99.9%+

99.99%+

99.99%+

Most capabilities/features are offered for all tiers (where applicable) however some fair use limits may differ between service tiers.

What is your Capacity?

Upper mitigation limits derived from actual capacity is never easy to calculate. All tiers have access to at-least 3Tbps of total mitigation capacity and over 4Tbps of bandwidth. From this we produce a worst case figure (guarunteed) and a reasonably obtainable threshold (burstable). These figures are highly simplified, however significantly less so than with other services advertising "up to" or fixed thresholds. It is extremely unlikely that the thresholds we provide will be a problem for you.

How we Mitigate?

We take a layered approach to DDoS mitigation. For example, in the US and Europe we have nearly 100Gbps of our own capacity (high complexity filtering & analysis) and access to clusters providing us with a further 2Tbps. In the US and EU we have upstream filtering (which we can control) of at-least 100Gbps per PoP (typically higher) and no Transit link of less than 100Gbps (2x100G is our standard starting point for a primary upstream). We also utilize transit level filtering for UDP amplification attacks, meaning that we typically receive less than 10% of the traffic sent in an amplification attack (10x multiplier from our capacity).

So what could we Mitigate?

Under the right conditions we can mitigate amplified attacks in excess of 10Tbps. The reality however is that attacks can be unfairly balanced and that attackers can be crafty in choosing attack methods that best target weaknesses in mitigation technique, capacity or methods. Many companies would however claim a mitigation capacity of 4-5Tbps. We however do not feel this is a fair way to measure service capacity and as such use the term guarunteed thresholds to represent the minimum attack which may cause trouble and capacity to describe the maximum attack that could be mitigated.

In Asia and South America our capacity is less than that of EU&US. This is due bandwidth costing 10 - 100 times as much as it does in US/EU. Despite this we feel we have suitable capacity for most attacks regularly seen. We have performed extensive tuning to try and maximise our capacity in region.