Written byAnupam Vij, Principal PM Manager, Azure Networking
DDoS attacks are rapidly evolving in complexity and frequency. As we highlighted in our2021 Q1 and Q2 DDoS attack trends review, we see that attacks in Azure have been trending toward shorter durations, mostly short-burst attacks. Workloads that are highly sensitive to latency, such as those in the multiplayer online gaming industry, cannot tolerate such short burst DDoS attacks, which can cause outages ranging from two to 10 seconds that result in availability disruption.
Today, we are announcing the preview of inline DDoS protection which will be offered through partner network virtual appliances (NVAs) that are deployed with Azure Gateway Load Balancer and integrated withAzure DDoS ProtectionStandard in all Azure regions. Inline DDoS protection mitigates even short-burst low-volume DDoS attacks instantaneously without impacting the availability or performance of highly latency-sensitive applications.
Azure DDoS Protection Standard is the recommended product to protect your resources against L3/4 attacks in Azure. Third-party inline L7 DDoS protection, combined with Azure DDoS Protection Standard, provides comprehensive L3 to L7 protection against volumetric as well as low-volume DDoS attacks. Azure customers using third-party DDoS protection services for inline mitigation now have the option to use the marketplace offering along with Azure DDoS Protection Standard. This solution enables comprehensive inline L7 DDoS protection for high performance and high availability scenarios using different providers.
Gateway Load Balancer enables the protection of such workloads by ensuring the relevant NVAs are injected into the ingress path of the internet traffic. Once chained to a Standard Public Load Balancer frontend or IP configuration on a virtual machine, no additional configuration is needed to ensure traffic to and from the application endpoint is sent to the Gateway Load Balancer.