question

TravisCragg-MSFT avatar image
0 Votes"
TravisCragg-MSFT asked Mike-Ubezzi edited

What level of DDoS can Azure handle?

What level of DDoS can Azure handle?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Microsoft Docs


azure-ddos-protection
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Mike-Ubezzi avatar image
1 Vote"
Mike-Ubezzi answered

Currently Azure DDoS Standard plan has total mitigation capacity is 45+ tbps higher than Akamai and other vendors. We can mitigate attacks of significant volume and frequency at the same time and guarantee we don’t blackhole traffic. DDOS Standard is the same product that provides protection for our 1st party services like Xbox, O365, Teams etc
DDoS Protection Standard provides SLA guarantee and cost protection. If the resource is protected with DDoS Protection Standard, any scale out costs during a DDoS attack are covered and customer will get the cost credit back for those scaled out resources.

Examples of resources:


• Data process (ingress/egress) for Azure firewall, AppGW/WAF
• Scale out of VMs, AKS
• Data egress for network bandwidth -happens during an amplification attack when DDoS impacted app makes outbound connections.
• Scale out of backend PaaS resources like SQL, CosmosDB, Storage, App Services, etc.


You can refer to these example reports DDoS attack analytics and DDoS holiday season.

Source: Microsoft Docs


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.