• Click on Internet On-Dermand and then click Add new.
• Select the Data Centre Port or Edge Port where you would like to add your IO-D service.

• You will then be taken to the Routing menu. 
• Choose between Dynamic (private ASN), Dynamic (public ASN) and Static, or contact us if none of these options apply to you.

• You will then be taken to the Service menu, where you can provide a name for your service. 
• Choose whether to enable Burstable Bandwidth. To understand more about burstable billing, see below. 
• Select your Committed Bandwidth from 1Mbps up to 999Mbps.
• If you’ve enabled Burstable Bandwidth, select your Burst Limit. This can be up to 999Mbps. 
• Choose whether to let Console Connect auto-assign your Private ASN, or you’ll be able to assign the public IP block size yourself in a later step. To learn more about our IP prefix policy, see below. 
• Choose whether to let Console Connect auto-assign your VLAN, or you’ll be able to assign this yourself a later step.  
• Choose your Internet Protocol. There are 3 choices available: IPv4 & IPv6, IPv4, and IPv6.
• Choose whether you require Console Connect to Auto-assign you a BGP authentication key, or you will do it manually or not at all. 
• Choose your contract duration by number of days, weeks or years. Please note for burstable bandwidth, there is a one month minimum contract length.  
• 

• Next you will be taken to the Public IP menu, where you are able to assign the size of your public IP block. Different packages will be displayed here. Please note that the assignment of IPv4 addresses is subject to availability. 
• Select the geolocation for your public IP address. 
• The price of your base service and burstable bandwidth (if enabled) will then be displayed. 

• Click Review and then check and confirm the details of your service. 
• Click on Payment to finalise your setup.
• Accept the Terms and conditions and click on Create New Service.

Yes if you don’t have a public ASN.

Burstable billing is a method of measuring bandwidth based on peak use. It also allows usage to exceed a specified threshold for brief periods of time without the financial penalty of purchasing a higher committed data rate (CDR). Console Connect currently offers a 95th percentile burstable billing calculation. 

Please note that the burst limit is dependent on CDR, which must be 10% or greater of your total port capacity (i.e. a burstable service up to 1Gbps requires a minimum CDR of 100Mbps).

The 95th percentile is a widely used mathematical calculation to evaluate the regular and sustained use of a network connection.

Bandwidth is measured from the switch or router and recorded in a log file. At the end of the month, the samples are sorted from highest to lowest, and the top 5% (which equal to approximately 36 hours of a 30-day billing cycle) of data is thrown away. The next highest measurement becomes the billable use for the entire month.

Based on this model, the top 36 hours (top 5% of 720 hours) of peak traffic is not taken into account when billed for an entire month. Bandwidth could be used at a higher rate for up to 72 min a day with no financial penalty.

Burstable billing is only available for customers who are paying for their Internet On-Demand service via Invoice. Charged for the committed data rate will be invoiced on the first day of each month as per usual. Burstable billing charges will be invoiced monthly in arrears.

Once your order is received and provisioned, it may take up to an hour for your prefixes to appear in our systems. This will depend largely on when you registered your route object(s) in the approved IRR database(s). Note that you must advertise a /24 subnet or larger.

Adding or updating ASN or AS-SET is only supported by the backend.

To add or update ASN or AS-SET, contact [email protected].

What you are choosing here is between receiving the full internet routing table, which is approximately 850 thousand routes / prefixes or receiving one route, that is the default route (0.0.0.0/0). Usually if you have a smaller router, and you are buying Internet On-Demand from Console Connect, you will want to leave this option as is, as getting the default route from us will be the easiest option in terms of configuration. If however you are a network engineer and want to set routes, communities and other BGP attributes, you will definitely want to disable this option to get the full internet routing table.

DDoS (Distributed Denial of Service) attacks have become a great security threat, especially to customers who operate popular websites or do business via the internet.

PCCW Global offers its anti-DDoS service in two packages, On-Demand and Hybrid. In the On-Demand package, we monitor your internet traffic utilisation at your CE router for possible DDoS attacks. When a DDoS attack is detected, all traffic destined for the victim IP will be manually rerouted to an intelligent filtering device. The attack traffic will be filtered out and legitimate traffic sent onwards to your network.

In the Hybrid package, an Intrusion Prevention System (IPS) is provided and installed in your premises. The IPS will monitor all internet traffic for possible DDoS attacks. When a DDoS attack is detected, the IPS will perform auto-mitigation on suspicious traffic. If the traffic volume is so large that the internet link is saturated, the DDoS attack traffic will be routed (upon Customer approval) to our Premium Scrubbing Centre for traffic mitigation.

An online Anti-DDoS Customer Portal allows you to view the above processes online.

Note: Anti-DDoS is not available for pure IPv6 connections. For dual-stack connections, Anti-DDoS is available for only the IPv4 portion.

Many customers prefer to outsource the provisioning and management of their Customer Edge (CE) routers, which connect to the PCCW Global network.

PCCW Global MRS provides different service packages from pure CE router management to a full ‘one stop shop’ service, including CE router rental, maintenance and management for all Internet on Demand customers.

From installation, operation, upgrade, and maintenance, to parts and end-of-life/end-of-support process monitoring, PCCW Global’s Managed Firewall Service takes the overhead out of regular configuration and maintenance tasks that can be tedious and time-consuming.

We support offerings from the leading firewall vendor Fortinet. Combined with our Threat Intelligence and Management Service, organisations get a reporting dashboard and firewall configuration system, along with professional services for firewall management, security monitoring and incident reporting.

A web-based Looking Glass site is available for potential customers who want to examine the PCCW Global IP Network (AS3491) and its performance to and from the internet.

The site is equipped with tools that enable customers to perform “ping” or “traceroute” from:

• Any AS3491 PoP to another AS3491 PoP.
• Any AS3491 PoP to any internet destination in the form of an IP address or domain name.

The PCCW Global Looking Glass can be found here.

Speedtest servers are set up in selected PCCW Global PoPs to allow customers to test the download and upload performance of their Internet on Demand connections. Contact us to find out more.

PCCW Global maintains the following distributed name servers for customers to perform domain name resolution.

Note: PCCW Global name servers are deployed by region, not by country, and may not comply with the legal restrictions of individual jurisdictions or countries within a region. For this reason, the most common setup is to use country-based open resolvers like Google’s 8.8.8.8/8.8.4.4 or Cloudflare’s 1.1.1.1/1.0.0.1. A more complete listing of open resolvers can be found here.

Asia (IPv4)

63.218.60.5/32
63.218.60.6/32
Americas (IPv4)

63.216.0.5/32
63.216.0.6/32
Europe (IPv4):

63.218.12.5/32
63.218.12.6/32
All regions (IPv6)

2400:8800:1e80::2/128

Traditionally, DNS lookups are sent to resolvers in plain text, which can leave end users vulnerable to eavesdropping and person-in-the-middle attacks. DNS-over-HTTPS (DoH), addresses this issue by sending lookups over an encrypted HTTPS connection between the end host (stub resolver) and the recursive resolver. Using DoH improves privacy by preventing your queries being seen by someone lurking on public WiFi or personal information related to your browsing behaviour being gathered and/or sold.
Oblivious DNS over HTTPS (ODoH) is a new proposed standard that separates user IP addresses from queries so that no single entity can see both at the same time, as illustrated below.

Setup

Configure your web browser to use DoH using the following instructions:

Microsoft Edge
On the edge://settings/privacy page, select Use secure DNS to specify how to lookup the network address for websites.

Google Chrome
Select Use secure DNS on the chrome://settings/security page.

Firefox
Follow the instructions provided here.

Questions
Here are the answers Mozilla gave to some frequently asked questions about DoH.