MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.27k stars 21.45k forks source link

DDoS Protection Basic #6741

Closed whozDougie closed 6 years ago

whozDougie commented 6 years ago

Hi there, great article on DDoS Protection Standard; so question is what attacks does the Basic tier provide compared to the Standard tier?


Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

whozDougie commented 6 years ago

I'm referring to something like the feature comparison chart here: https://azure.microsoft.com/en-us/blog/azure-ddos-protection-service-preview/

Perhaps to cover what types of attacks the Basic Tier mitigates against compared to the Standard Tier would be of great benefit to understand what customers will be paying for.

MohitGargMSFT commented 6 years ago

@whozDougie Thanks for your feedback! We will investigate and update as appropriate.

Anupamvi commented 6 years ago

Both basic & standard SKUs mitigate against the (same) volumetric & protocol layer attacks. The key difference is when we initiate mitigation. With Basic the threshold to initiate mitigation is much higher as compared to standard. The reason being, with standard we learn the normal traffic pattern for each public IP in the VNET and are sensitive towards abnormal traffic spikes. The way mitigation is done in the backend can be different with Standard as well.

mimckitt commented 6 years ago

@Anupamvi thanks for supplying that information!

@whozDougie I have assigned this to the content author to review and consider adding additional information to the doc.

whozDougie commented 6 years ago

@Anupamvi Thanks for the information. What about Application layer attacks? Does the basic tier mitigate against the Application layer attacks as well?

Anupamvi commented 6 years ago

DDoS Standard mitigates against volumetric & protocol attacks (L3/4). We recommend deploying a AppGW/WAF or WAF from Azure marketplace for L7 attacks, and enabling DDOS protection on WAF VNET as WAFs are subjective to L3/4 attacks as well.

jimdial commented 6 years ago

please-close