What level of DDoS can Azure handle?
[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Microsoft Docs
Currently Azure DDoS Standard plan has total mitigation capacity is 45+ tbps higher than Akamai and other vendors. We can mitigate attacks of significant volume and frequency at the same time and guarantee we don’t blackhole traffic. DDOS Standard is the same product that provides protection for our 1st party services like Xbox, O365, Teams etc
DDoS Protection Standard provides SLA guarantee and cost protection. If the resource is protected with DDoS Protection Standard, any scale out costs during a DDoS attack are covered and customer will get the cost credit back for those scaled out resources.
Examples of resources:
• Data process (ingress/egress) for Azure firewall, AppGW/WAF
• Scale out of VMs, AKS
• Data egress for network bandwidth -happens during an amplification attack when DDoS impacted app makes outbound connections.
• Scale out of backend PaaS resources like SQL, CosmosDB, Storage, App Services, etc.
Source: Microsoft Docs
4 people are following this question.