New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How would one do this?
Let's say I wanted to do very cheap DDOS protection through BuyVM.
How would I pipe all my server from one VPS, into a awknet protected BuyVM? Would this be reasonable? Would it be insanely slow? (Same DC, so I don't think so). How much resources do I need RAM wise?
Thanks!
Comments
http://wiki.buyvm.net/index.php/gre_tunnel
GRE has almost no overhead CPU or RAM wise.
You'd have the latency bump within coresite (about 0.3ms?) + the 10ms to awknet but that's aboot it.
You'd be burning bandwidth both ways but hopefully you need the protection more than you need gobs of transit.
If you had multiple targets to protect you could actually buy a subnet from us and have it static routed to your node, that way you'd be able to attach 209.141.39.x right to your VM's (like we do with awknet).
Hope it helps,
Francisco
I should also add that with that guide, if your users don't need a full IP to themselves you could swap from a /30 to a /24 and just assign them a LAN ip w/ a port forwarded.
It's the cheapest solution though i'm not 100% sure what your setup is or what your users need
Francisco
Wow, awesome.
I just have a couple of customers who seem to attract DDOSing, and instead of kicking them out, I like to present this as a option.
You sell to MC clients, i'm surprised this isn't a bigger issue for you
We've had more than a few very large MC servers pick up plans just for filtering. I had a fellow the other day that told me if I'd lend him a hand with a GRE he'd buy our biggest plan w/ a filtered IP just to say thanks. 15 minutes later I had him all done.
I actually wrote the guide since he was the ~10th person I had helped to date with GREing out of us.
It's a pretty funky setup and for many it's the cheapest filtering they'll find.
If I can work out a deal with the minecraftforums guys i'm fairly sure I'd sell GRE's hand over fist.
Francisco
It is actually not a huge issue for us, though I know hosts that have huge DDOS issues.
I think the cheaper you price your servers, the more prone to DDOSing.
Any Minecraft host will be a target of many DDoS attacks. Don't learn the hard way
@Francisco doesn't your filtering service consist of a dedicated server at awknet?
@Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).
3$ per month and you can buy it as upgrade/addon from the services tab. As far as I know it is available in SJ only.
It's only available in SJ.
The nitty gritty is that we have a dedicated with awknet and we use it as a router to push traffic back home. Awknet only handles a select few types of floods so we have to work around that with our own rules. Awknet's own SYN filtering is crappy at best and doesn't really clean much so we do that on our own.
SYN is always a pain in the ass and is what most providers charge the most for. To date though we've cleaned out some very large floods and been able to build some very SYN resistant gaming VPN's for people
We filtered up to 800k pps of SYN for a client, something he would have had to pay $2k/m - $4k/m at Staminus/direct Awknet.
Francisco
Well, you hold the record for SYN and someone holds the record for UDP.
The fellow that setup the GRE with me earlier in the week decided to load test off a 10Gbit port box he had and pushed ~4 - 5Gbit/sec to his filtering box and he didn't see a spec of it in a tcpdump or suffer any disconnects.
He was so impressed he plans to get a few filtering boxes for his own servers (since the original release was for his friend).
Francisco
@Francisco thanks for the explanation. Do you know if there are any plans to provide filtered IPs for Buffalo-based VPS's?
At some point but for now we want to perfect SJ
Francisco
@Francisco Sounds good. Just letting you know that you have at least one customer when you roll out filtered IP's for NY
Glad to hear it
Francisco
nice to see you back btw!
@Francisco Hehe sent you a PM in the morning. :P
Not back, just handling a thread about us
Francisco
@Francisco I've been following this thread, and from what I've gathered, users can send all of their traffic from VPS's with other providers through a filtered IP with you, for just the price of a standard box + filtered IP?
If this is the case then I'll be popping over to upgrade one of my SJ boxes to a filtered IP pretty soon :P.
Also, as @netomx said, if you were actually "back" it'd be great.. but I assume you and Aldyric are both still active on your IRC? Not gonna lie, this place is bloody dull without you two lmfao :P.. think I might have to pop in and say hi and have a few giggles at some point
You can do the route through but remember, there is a latency penalty when doing it. If you're protecting a box on the east coast you'll be looking at a worst case +140ms latency.
I'm almost always active in IRC and Aldryic is there during US business hours. Channel is usually pretty busy
Francisco
Yeah, that's fine. Latency wouldn't matter for what I'm intending on using it for . I get around a 80ms round trip though so it isn't too bad .
Ahh that's great , I'll just need to setup IRC again now... hate getting new laptops :P.
Sorry to hijack @lele0108 !
No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!
OVZ is fine if you're doing just NAT.
You'll want KVM if you want to static route and such.
Francisco
I hate you
and you should be studying for your classes and not starting the next kiddie mc host. get out of let now!
lol just kidding!