Overview
Utilize StackPath's L3-L4 DDoS protection feature to provide supplemental security for your workloads. Detect and mitigate L3 and L4 volumetric DDoS attacks without incurring any additional latency for your clean traffic.
This feature requires that you have an active subscription to our DDoS protection services. To learn more about these package offerings, please see here.
Supported PoPs
Please see L3-L4 DDoS Protection PoPs for a list of locations that currently support L3-L4 DDoS protection. This list will be updated as more PoPs are configured to support this feature.
Billing
StackPath offers three types of DDoS packages: Standard, Professional and Enterprise.
Billing for Standard customers is usage-based (pay-as-you-use) as determined by instance hours.
Professional and Enterprise customers are billed according to a monthly commit, where a certain number of protected instance hours are provided at the beginning of each billing cycle. Consuming instance hours beyond the monthly limit will result in overage charges.
Instance hours are defined by the number of hours where L3-L4 DDoS Protection is enabled on running instances. There can be any combination of instance hours. For example, 1 instance consumed for 1 hour or 2 instances consumed for 30 minutes each are both equal to 1 instance hour.
StackPath bills in 1-second increments with a 5-second minimum per instance. The cost of each instance hour will vary based on the DDoS package as shown in the table below:
| Standard | Professional | Enterprise | |
| Protected Instance Hours | - | 7200/month | 72,000/month |
| Pricing |
$0.12/hour Pay-As-You-Use |
$432/month $0.06 each additional hour |
$3600/month $0.05 each additional hour |
For this scenario, we are using L3-L4 DDoS Protection with a Professional DDoS package, in which we are given 7200 protected instance hours for the month.
Here are few different cases where 7200 instance hours is consumed:
-
10 instances running constantly for the entire month (each month == 720 hours)
-
20 instances running 12 hours a day
-
40 instances running 6 hours a day
Sign Up or Upgrade Your DDoS Package
New StackPath Edge Compute Customers
All new StackPath Edge Compute customers will be automatically enrolled in our Standard DDoS package when a new Edge Compute Stack is created. This means the feature will be On by default when creating a new workload. Please note that you will not be charged for this feature until you have created a workload that has consumed protected instance hours.
To upgrade your DDoS package:
- Navigate to Step 3 when you are either creating or editing a workload.
- Click on View Pricing Details within the L3-L4 DDoS protection section.
- Select your desired DDoS package.
- Click Continue to Review, then Confirm Subscription when you are finished.
Existing StackPath Edge Compute Customers
All existing StackPath Edge Compute customers will not be enrolled in any of our DDoS Protection packages by default. Please see below to find out how to enroll in one of our three DDoS packages:
- Navigate to Step 3 when you are either creating or editing a workload.
- Toggle the L3-L4 DDoS protection switch to the On position, which will open up a package selection menu.
- Select your desired DDoS package.
- Click Continue to Review, then Confirm Subscription when you are finished.
Verify your DDoS Protection Subscription Status
Please note that you will not need to sign up for a new DDoS package each time you create a new workload. DDoS packages are added at the account level, meaning you can enable L3-L4 DDoS Protection on any Stack, any workload.
You can verify your DDoS Protection subscription status by reviewing your Subscriptions on the Billing page.
Enabling/Disabling L3-L4 DDoS Protection
You can enable or disable L3-L4 DDoS Protection at any time. Enabling/disabling this feature will either apply or remove protection for all instances under that workload. To enable or disable L3-L4 DDoS protection:
- From the Edge Compute dashboard, click the 3 dots under the Action column next to a workload and select Edit.
- Or, from the Workloads overview page, click the gear icon at the top right to edit that specific workload.
- Or, from the Workloads overview page, click the gear icon at the top right to edit that specific workload.
- Navigate to Step 3.
- Toggle the L3-L4 DDoS protection switch to the On or Off position. If you switch it to Off, this will open a warning message.
- Save Changes when you are finished.
Customers who choose to disable L3-L4 DDoS protection are subject to have their traffic rate-limited in the event of an attack in an effort to maintain the best performance for all of our customers.