Overview
The DCD helps you interconnect the elements of your infrastructure and build a network to set up a functional VDC. Virtual networks work just like normal physical networks. Transmitted data is completely isolated from other subnets and cannot be intercepted by other users.
You won't find any switches in the DCD by design. Switching, routing, and forwarding functionality is deeply integrated into our network stack, which means we are responsible for distributing your traffic. If you wish to route from one of your private networks to the next by means of a virtual machine, the virtual machine must be configured accordingly, and the routing table adjusted.
IP settings: By default, IP addresses are assigned by our DHCP server. You can also assign IP addresses yourself. You can use any ethernet-based protocol. We do support TCP/IP and DHCP. MAC addresses cannot be modified.
Firewall: In order to protect your network against unauthorized access or attacks from the Internet, you can activate the firewall for each NIC. By default, this will block all traffic, and you will have to configure the rules to specify what data can pass through. For TCP, UCD, and ICMP protocols, you can specify rules for individual source or target IPs.

IONOS Cloud allows virtual entities to be equipped with network cards (“network interface cards”; NICs). Only by using these virtual network interface cards, it is possible to connect multiple virtual entities together and/or to the Internet.
Parameter
Size
Performance
Throughput, internal
MTU 1,500
3 Gbps
Throughput, external
MTU 1,500
700 Mbps
Maximum number of packets per VM
100,000 packets/s
The maximum external throughput may only be achieved with a corresponding upstream of the provider.
Compatibility
  • The use of virtual MAC addresses and/or the changing of the MAC address of a network adapter is not supported. Among others, this limitation also applies to the use of CARP (Common Address Redundancy Protocol).
  • Gratuitous ARP (RFC 826) is supported.
  • Virtual Router Redundancy Protocol (VRRP) is supported based on gratuitous ARP. For VRRP to work IP failover groups must be configured.

Depending on the location, different capacities for transmitting data to or from the Internet are available for operating the IONOS Cloud service. Due to the direct connection between the data centers at the German locations, the upstream can be used across locations.
The total capacities of the respective locations are described below:
Location
Connection
Redundancy level
AS
Berlin (DE)
2 x 100 Gbps
N+1
AS-6724
Frankfurt am Main (DE)
2 x 100 Gbps 4 x 10 Gbps *
N+5
AS-51862
Karlsruhe (DE)
3 x 10 Gbps2 **
N+2
AS-51862
London (UK)
2 x 10 Gbps
N+1
AS-8560
Logroño (ES)
2 x 100 Gbps
N+1
AS-8560
Las Vegas (US)
3 x 10 Gbps
N+2
AS-54548
Newark (US)
2 x 10 Gbps
N+1
AS-54548
* - 2 x 10 Gbps toward Karlsruhe; 2 x 10 Gbps toward the Internet
** - 2 x 10 Gbps toward Frankfurt am Main; 1 x 10 Gbps toward the Internet
IONOS backbone AS-8560, to which IONOS Cloud is redundantly connected, has a high-quality edge capacity of 1.100 Gbps with 2.800 IPv4/IPv6 peering sessions, available in the following Internet and peering exchange points: AMS-IX, BW-IX, DE-CIX, ECIX, Equinix, FranceIX, KCIX, LINX.

IONOS Cloud operates redundant networks at each location. All networks are operated using the latest components from brand manufacturers with connections up to 100 Gbps.
IONOS Cloud uses high-speed networks based on InfiniBand technology both for connecting the central storage systems and for handling internal data connections between customer servers.

IONOS Cloud operates a high availability core network at each location for the redundant connection of the product platform. All services provided by IONOS Cloud are connected to the Internet via this core network.
The core network consists exclusively of devices from brand manufacturers. The network connections are completed via an optical transmission network, which, by use of advanced technologies, can provide transmission capacities of several hundred gigabits per second. Connection to important Internet locations in Europe and America guarantees the customer an optimal connection at all times.
Data is not forwarded to third countries. At the customer’s explicit request, the customer can opt for support in a data center in a third country. In the interests of guaranteeing a suitable data protection level, this requires a separate agreement (within the meaning of article 44-50 DSGVO and §§ 78 ff. BDSG 2018).

IONOS Cloud provides the customer with public IP addresses that, depending on the intended use, can be booked either permanently or for the duration for which a virtual server exists. These IP addresses provided by IONOS Cloud are only needed if connections are to be established over the Internet. Internally, virtual machines can be freely networked. For this, IONOS Cloud offers a DHCP server that allows and/or simplifies the assignment of IP addresses. However, one can establish one’s own addressing scheme.

Every virtual network interface card that is connected to the Internet is automatically assigned a public IPv4 address by DHCP. This IPv4 address is dynamic, meaning it can change while the virtual server is operational or in the case of a restart.
Customers can reserve static public IPv4 addresses for a fee. These reserved IPv4 addresses can be assigned to a virtual network interface card, which is connected to the Internet, as primary or additional IP addresses.

In networks that are not connected to the Internet, each virtual network interface card is automatically assigned a private IPv4 address. This is assigned by the DHCP service. These IPv4 addresses are assigned statically to the MAC addresses of the virtual network interface cards.
The use of the IP address assignment can be enabled or disabled for each network interface card. Any private IPv4 addresses pursuant to RFC 1918 can be used in private networks.
Network address range
CIDR notation
Abbreviated CIDR notation
Number of addresses
Number of networks as per network class (historical)
10.0.0.0 to 10.255.255.255
10.0.0.0/8
10/8
224 = 16.777.216
Class A: 1 private network with 16,777,216 addresses; 10.0.0.0/8
172.16.0.0 to 172.31.255.255
172.16.0.0/12
172.16/12
220 = 1.048.576
Class B: 16 private networks with 65,536 addresses; 172.16.0.0/16 to 172.31.0.0/16
192.168.0.0 to 192.168.255.255
192.168.0.0/16
192.168/16
216 = 65.536
Class C: 256 private networks with 256 addresses; 192.168.0.0/24 to 192.168.255.0/24

IONOS DDoS Protect is a managed Distributed Denial of Service defense mechanism, which ensures that every customer resource hosted on IONOS Cloud is secure and resilient against Layer 3 and Layer 4 DDoS attacks. This is facilitated by a filtering and scrubbing technology, which in event detection of an attack filters the malicious DDoS traffic and lets through only the genuine traffic to its original destination. Hence, enabling applications and services of our customers to remain available under a DDoS attack.
Known attack vectors regularly evolve and new attack methods are added. IONOS Cloud monitors this evolution and dedicates resources to adapt and enhance DDoS Protect as much as possible to capture and mitigate the threat.
The service is currently available in the following data centers: Berlin, Frankfurt, and Karlsruhe, and will be available in the remaining data centers soon.
The service is available in two packages:
DDoS Protect Basic: This package is enabled by default for all customers and does not require any configuration. It provides basic DDoS Protection for every resource on IONOS Cloud from common volumetric and protocol attacks and has the following features:
  • DDoS traffic filtering - All suspicious traffic is redirected to the filtering platform where the DDoS traffic is filtered and the genuine traffic is allowed to the original destination.
  • Always-On attack detection - The service is always on by default for all customers and does not require any added configuration or subscription.
  • Automatic Containment - Each time an attack is identified the system automatically triggers the containment of the DDoS attack by activating the DDoS traffic and letting through only genuine traffic.
  • Protect against common Layer 3 and 4 attacks - This service protects every resource on IONOS Cloud from common volumetric and protocol attacks in the Network and Transport Layer such as UDP, SYN floods, etc.
DDoS Protect Advanced: This package offers everything that's part of the DDoS Protect Basic package plus advanced security measures and support.
  • 24/7 DDoS Expert Support - Customers have 24/7 access to IONOS Cloud DDoS expert support. The team is available to assist customers with their concerns regarding ongoing DDoS attacks or any related issues.
  • Proactive Support - The IONOS Cloud DDoS support team, equipped with alarms, will proactively respond to a DDoS attack directed towards a customer's resources and also notify the customer in such an event.
  • On-demand IP specific DDoS filtering - If a customer suspects or anticipates a DDoS attack at any point in time, he can request to enable DDoS filtering for a specific IP or server owned by him. Once enabled, all traffic directed to that IP will be redirected to the IONOS Cloud filtering platform where DDoS traffic will be filtered and genuine traffic will be passed to the original destination.
  • On-demand Attack Diagnosis - At the customer's request, a detailed report of a DDoS attack is sent to the customer, explaining the attack and other relevant details.
Note! IONOS Cloud sets forth Security as a Shared Responsibility between IONOS Cloud and the customer. We at IONOS Cloud strive at offering a state-of-the-art DDoS defense mechanism. Successful DDoS defense can only be achieved by a collective effort on all aspects including optimal use of firewalls and other settings in the customer environment.
Export as PDF
Copy link
On this page
Network Interface Cards
External Network
Internal Network
Core Network
IP Address Management
DDoS Protect