Rackspace DDOS Mitigation Addendum
The Rackspace DDoS Mitigation Service is a shared, multi-tenant hardware platform designed to assist multiple customers in off-loading DDoS attacks to the Rackspace infrastructure. In addition to the other terms of the Agreement, your use of the Rackspace DDoS Mitigation Service is subject to the following terms and conditions:
1. Rackspace DDoS Mitigation Subscription Service.
DDoS Mitigation Service consists of the following two states: (i) 24 hour proactive monitoring of designated IPs, and (ii) mitigation of malicious attacks upon Rackspace detection or customer request.
Once we have received your order for the Rackspace DDoS Mitigation Service, we will evaluate your Hosted System and application(s). Your Hosted System must meet our minimum configuration and engineering requirements to purchase Rackspace’s DDoS Mitigation Service, and we may cancel your order and refund your money if we discover that these requirements are not met.
Once we have completed our qualification process, you must designate the IP address you want monitored before the service can be configured. Each subscription of Rackspace DDoS Mitigation Service is limited to a specific region which will include monitoring for up to 100 IP addresses per subscription.
When we detect an attack, we will proactively activate the mitigation service. If you detect an attack, please contact your support team and we will activate the service upon your request. When the Rackspace DDoS Mitigation Service is activated, traffic to the covered IP addresses will be redirected through our mitigation systems with countermeasures applied in an attempt to limit the impact on legitimate traffic.
2. Changes to Website Address.
You must notify us if you wish to change the IP addresses that are being monitored by the Rackspace DDoS Mitigation Service.
3. Insufficient Mitigation & Traffic Blocking.
3.1 Due to the complexity and sophistication of DDOS attacks, you must notify Rackspace if you believe the Rackspace DDoS Mitigation Service is not satisfactorily mitigating the attack or not responding in accordance with your service expectations. We will confer with you regarding additional measures that may be available.
3.2 Warning. In the event that the attack begins to approach the Rackspace DDoS Mitigation Service capacity, we will promptly notify your designated technical representative to warn of impending escalation procedures, such as null routing, upstream blocking, or suspension of service. We will confer with you regarding measures that may be available, if any, to avoid further escalation.
3.3 Critical. In the event that: (i) the attack exceeds the Rackspace DDoS Mitigation Service capacity, or (ii) the attack exceeds the applicable bandwidth utilization threshold, we may null route your traffic, engage in upstream blocking, suspend access to your Hosted System, or take other measures as necessary to protect our network and other customers (collectively “Traffic Blocking”) without prior notice to you, but we will notify you promptly of the steps taken and confer with you regarding measures available, if any, to mitigate the attack or de-escalate its severity level as described in this Section 3.
3.4 Null Route Policy. If Rackspace engages in Traffic Blocking as described in Section 3.3 Rackspace shall review such protective measures as follows:
3.4.1 First Blocking. The first time Rackspace engages in Traffic Blocking, Rackspace’s NetOps team will review the traffic affecting your Hosted System every 12 hours to determine if the attack is still occurring at levels requiring Traffic Blocking. When Rackspace confirms the attack has abated, it will remove the Traffic Blocking measures.
3.4.2 Second Blocking. The second time Rackspace engages in Traffic Blocking, Rackspace’s NetOps team will review the traffic affecting your Hosted System every 24 hours to determine if the attack is still occurring at levels requiring Traffic Blocking. When Rackspace confirms the attack has abated, it will remove the Traffic Blocking measures.
3.4.3 Third Blocking. If Rackspace determines it must engage in Traffic Blocking a third time, then Rackspace may (i) continue to block traffic to your Hosted System on an on-going basis until we determine in our reasonable opinion that the risk of normalizing traffic flow is acceptable and (ii) require you to make arrangements with a third-party DDoS mitigation solution provider as a requirement of continuing to provide you with Hosting Services (including without limitation the Rackspace DDoS Mitigation Service).
4. Latency & Optimization. During an attack, and following one, you should expect increased latency across all affected IP addresses. Rackspace may be able to provide professional services to assist you with minimizing latency which results from an attack, but makes no guarantee that the DDoS Mitigation Service will alleviate latency during an attack. No Network SLA or other credit is available due to latency experienced during an attack, even if the Rackspace DDoS Mitigation Service is active.
5. Hardware Failure & Service Unavailability. In the event that the Rackspace DDoS Mitigation Service appliance(s) experience a hardware failure, Rackspace will replace the impacted hardware within 12 hours of problem identification. In the event of such failure, your website(s) will not be protected by the DDoS Mitigation Service during the restoration period. If your Hosted System is attacked during a period of unavailability, Rackspace may engage in Traffic Blocking until we are able to restore the functionality of the DDoS Mitigation Service. If Rackspace fails to meet this guarantee, and the failure adversely affects your Hosted System, you are entitled to a credit in the amount of 5% of your monthly recurring fee for the Rackspace DDoS Mitigation Service per hour of additional unavailability due to hardware failure, up to 100% of your monthly recurring fee for the Rackspace DDoS Mitigation Service. The maximum total credit for any calendar month for failure to meet this guarantee shall not exceed 100% of your monthly recurring fee for the Rackspace DDoS Mitigation Service. Credits that would be available but for this limitation will not be carried forward to future months.
6. Disclaimer. You acknowledge that the Rackspace DDoS Mitigation Service may not successfully mitigate all attacks, and may also result in some legitimate traffic being mitigated from your website(s). We reserve the right to escalate to a Warning or Critical status as we deem necessary in our sole discretion to protect our network and other customers. We may refuse or discontinue the Rackspace DDoS Mitigation Service at any time by giving reasonable advance notice if we determine, in our sole discretion, that the website(s) and/or domains for which you have requested the service pose an undue risk to our network or other customers. Otherwise, the Rackspace DDoS Mitigation Service is provided subject to the terms and conditions of the Agreement and these terms.
RACKSPACE MAKES NO WARRANTY OR GUARANTY WHATSOEVER REGARDING THE RACKSPACE DDOS MITIGATION SERVICE, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, DISCLAIMS ANY AND ALL WARRANTIES INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
7. Rackspace DDOS Mitigation Subscription Service SLA. We guarantee that within 30 min of (i) our detection of an attack or (ii) your request via phone, we will activate the protection functionality of the Rackspace DDOS Mitigation Service. If we fail to meet this guarantee, you are entitled to a credit of 10% of your then current monthly fee for the Rackspace DDOS Mitigation Service for every 30 minutes during which we fail to activate the protection functionality of the Rackspace DDOS Mitigation Service (after the initial 30 minutes).