What is this?

Below you will find an overview which we hope will help you decide on an appropriate service tier for your site / service. Thank you for choosing X4B for your protection needs.

What service tier is right for me?

This list is non-exhaustive and does not consider your specific situation. We do hope however these examples will help you in making your choice.

Budget:

  • I’m running a hobby site and I need basic protection; or
  • I’m not likely to receive complex attacks; or
  • I need the lowest price possible, nothing else matters

Standard Anycast:

  • This is our most popular product and suitable and recommended for most users
  • Includes Anycast based redundancy through Points of Presences (PoPs) in Europe and the United States

Premium Anycast:

  • Me and/or my users are based in Asia; or
  • I need low latency to Asia and all citizens of the world; or
  • I need the additional Layer 7 Capacity; or
  • I need the best you can offer

Guaranteed vs Burstable protection

Guarunteed protection refers to the threshold of attack we can reasonably Guaruntee we can mitigate. This threshold is in Bandwidth peak volume (Gbps) or Packets Per Second (PPS). We do not limit the time in which customers may be under attack within this threshold.

Burstable protection refers to the threshold of attack we can usually cover. Guarunteed protection may be reduced artificially to keep costs down or because under certain attacks smaller transit links or PoPs may be saturated. With the Guarunteed thresholds we attempt to reasonably estimate likely worst case scenarios. This may not apply to every attack (and normally doesnt) in this case the Burstable limit is applied. As per the name due to the cost of bandwidth involved in mitigating large attacks it may not be possible for us to mitigate attacks above the Guarunteed protection thresholds indefinitely.

For more information see the relevant section in the Frequently Asked Questions.

Technical Capability Overview

Budget

Standard

Premium

Regions

US & EU

US & EU

US, EU & Asia

Price Target

Lowest Possible

Affordable

Premium

Bandwidth

Best Effort

Guarunteed

Guarunteed

Routing

Unicast

Anycast

Anycast

Redundancy

1 server

6 PoPs

8 PoPs

Mitigation

Remote + On-Premises

On-Premises (AS136165)

On-Premises (AS136165)

Average Latency

Acceptable

Great

Best

Primary Transit Providers

Cogent & HE

NTT & GTT

NTT & GTT & Regional

Secondary Transit Providers

N/A

Sparkle & Premium (e.g China Telecom)

Sparkle & Premium (e.g China Telecom)

Layer 4: Mitigation Capacity

Highest

High

High (Moderate in Asia)

Layer 4: Mitigation Complexity

Low

Highest

Highest

Layer 7: Mitigation Capacity

Moderate

High

Highest

Layer 7: Mitigation Complexity

High

Highest

Highest

Typical Uptime

99.9%+

99.99%+

99.99%+

All other features are available in all locations (where applicable) however some fair use limits may differ between service tiers.

What is your Capacity?

Upper migiation limits derived from actual capacity is never easy to calculate usually when figures claim otherwise it's either highly simplified or oversold. All it takes for an attacker to be sucessfull is a single uplink (transit or peering) to become saturated. A pessimistic view therefore may be that the capacity of any mitigation provider is the size of their smallest link. Of course most people would say this is overly pessimistic and would make choosing a suitable provider even more difficult. Due to this we use terminology such as "Network Capacity" wherever possible instead of Mitigation capacity. However to provide more information this section will explain how we mitigate and some maximum limits.

How we Mitigate?

We take a layered aproach to DDoS mitigation. For example, in the US and Europe we have nearly 100Gbps of our own capacity (high complexity filtering & analysis). In the US and EU we have upstream filtering (which we can control) of at-least 100Gbps per PoP (typically higher) and no Transit link of less than 100Gbps. We also utilize transit level filtering for UDP amplification attacks, meaning that we typically receive less than 10% of the traffic sent in an amplification attack (10x multiplier from our capacity).

So what could we Mitigate?

Under the right conditions we can mitigate attacks up to 4-5Tbps. The reality however is that attacks can be unfairly balanced and that attackers can be crafty in choosing attack methods that best target weaknesses in mitigation technique, capacity or methods. Many companies would however claim a mitigation capacity of 4-5Tbps. We however do not feel this is a fair way to measure service capacity and as such use the term Guarunteed to represent the minimum attack which may cause trouble and capacity to describe the maximum attack that could be mitigated.

In Asian PoPs capacity is less, this is due bandwidth costing 10 - 100 times as much as US/EU Bandwidth. Despite this we feel we have suitable capacity for most attacks regularly seen. We have performed extensive tuning to try and maximise our capacity in region.