Internet on Demand (IO-D)
Internet On-Demand allows customers to extend internet connectivity to their existing sites on the Console Connect platform. Learn more about Internet On-Demand in the Service Specification.
Yes if you don’t have a public ASN.
Not at the moment. This feature is on our roadmap.
Customer IP Prefix Policy
Customers with their own IP address ranges are subject to the PCCW Global Customer IP Prefix Policy, which requires that as-set and route objects are created in approved IRR databases for all customer (including downstream) prefixes. The policy also recommends the use of RPKI ROAs.
Read the Customer IP Prefix Policy.
Once your order is received and provisioned, it may take up to an hour for your prefixes to appear in our systems. This will depend largely on when you registered your route object(s) in the approved IRR database(s). Note that you must advertise a /24 subnet or larger.
What you are choosing here is between receiving the full internet routing table, which is approximately 850 thousand routes / prefixes or receiving one route, that is the default route (0.0.0.0/0). Usually if you have a smaller router, and you are buying Internet On-Demand from Console Connect, you will want to leave this option as is, as getting the default route from us will be the easiest option in terms of configuration. If however you are a network engineer and want to set routes, communities and other bgp attributes, you will definitely want to disable this option to get the full internet routing table.
IO-D value-added services
DDoS (Distributed Denial of Service) attacks have become a great security threat, especially to customers who operate popular websites or do business via the internet.
PCCW Global offers its anti-DDoS service in two packages, On-Demand and Hybrid. In the On-Demand package, we monitor your internet traffic utilization at your CE router for possible DDoS attacks. When a DDoS attack is detected, all traffic destined for the victim Ip will be manually rerouted to an intelligent filtering device. The attack traffic will be filtered out and legitimate traffic sent onwards to your network.
In the Hybrid package, an Intrusion Prevention System (IPS) is provided and installed in your premises. The IPS will monitor all internet traffic for possible DDoS attacks. When a DDoS attack is detected, the IPS will perform auto-mitigation on suspicious traffic. If the traffic volume is so large that the internet link is saturated, the DDoS attack traffic will be routed (upon Customer approval) to our Premium Scrubbing Center for traffic mitigation.
An online Anti-DDoS Customer Portal allows you to view the above processes online.
Note: Anti-DDoS is not available for pure IPv6 connections. For dual-stack connections, Anti-DDoS is available for only the IPv4 portion.
Many customers prefer to outsource the provisioning and management of their Customer Edge (CE) routers, which connect to the PCCW Global network.
PCCW Global MRS provides different service packages from pure CE router management to a full ‘one stop shop’ service, including CE router rental, maintenance and management for all Internet on Demand customers.
From installation, operation, upgrade, and maintenance, to parts and end-of-life/end-of-support process monitoring, PCCW Global’s Managed Firewall Service takes the overhead out of regular configuration and maintenance tasks that can be tedious and time-consuming.
We support offerings from the leading firewall vendor Fortinet. Combined with our Threat Intelligence and Management Service, organisations get a reporting dashboard and firewall configuration system, along with professional services for firewall management, security monitoring and incident reporting.
A web-based Looking Glass site is available for potential customers who want to examine the PCCW Global IP Network (AS3491) and its performance to and from the internet.
The site is equipped with tools that enable customers to perform “ping” or “traceroute” from:
- Any AS3491 PoP to another AS3491 PoP.
- Any AS3491 PoP to any internet destination in the form of an IP address or domain name.
Speedtest servers are set up in selected PCCW Global PoPs to allow customers to test the download and upload performance of their Internet on Demand connections. Contact us to find out more.
PCCW Global maintains the following distributed name servers for customers to perform domain name resolution.
Note: PCCW Global name servers are deployed by region, not by country, and may not comply with the legal restrictions of individual jurisdictions or countries within a region. For this reason, the most common setup is to use country-based open resolvers like Google’s 188.8.131.52/184.108.40.206 or Cloudflare’s 220.127.116.11/18.104.22.168. A more complete listing of open resolvers can be found here.
All regions (IPv6)
Traditionally, DNS lookups are sent to resolvers in plain text, which can leave end users vulnerable to eavesdropping and person-in-the-middle attacks. DNS-over-HTTPS (DoH), addresses this issue by sending lookups over an encrypted HTTPS connection between the end host (stub resolver) and the recursive resolver. Using DoH improves privacy by preventing your queries being seen by someone lurking on public WiFi or personal information related to your browsing behaviour being gathered and/or sold.
Oblivious DNS over HTTPS (ODoH) is a new proposed standard that separates user IP addresses from queries so that no single entity can see both at the same time, as illustrated below.
Configure your web browser to use DoH using the following instructions:
On the edge://settings/privacy page, select Use secure DNS to specify how to lookup the network address for websites.
Select Use secure DNS on the chrome://settings/security page.
Follow the instructions provided here.
Here are the answers Mozilla gave to some frequently asked questions about DoH.