All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anycast-as-a-service and DDoS protection
Hi Gals and Lads
As some of you probably know we are working on new service (codename Hydra) which will provide anycast-as-a-service.
The service will offer two modes:
regular anycast - you can rent one or more anycast IPs announced currently in three locations (Los Angeles, Chicago and Amsterdam) and route them via GRE to your existing server (later on we will add more locations, for sure Asia and second one in EU);
protected anycast - you can rent one or more anycast IPs announced currently in three locations (Los Angeles, Chicago and Amsterdam) and route them via GRE to your existing server, beside that you can buy dedicated DDoS protection (we are Staminus Channel Partner and have direct BGP sessions with them).
We are not sure about pricing yet but for sure:
regular anycast price will cover all locations,
protected anycast will combine regular anycast price plus DDoS protection.
Planned functionality:
GRE/IPIP tunnels,
BGP support (you can run quagga/bird and setup session with us even with /32),
possibility of announcing your own subnet,
IPv6 support
Current locations:
Amsterdam, Nikhef DC
Chicago, Digital Lakeside, 350 E Cermak Rd.
Los Angeles, CoreSite, 900 N. Alameda,
We have few ideas in mind but we want to know YOUR opinion first! Feel free to post ideas, comments or feature requests and we will do our best to include them.
Planned public launch date - second half of February 2014
Cheers
Peter
Comments
Ohh I want to try
VERY interesting, I have been looking at the possibility of integrating your services in to LowEndSpirit.
Interesting. This could be useful for a CDN, yes?
Not really, you would be better off using there GEODNS and multiple servers.
@shovenose - yes, anycast is useful with CDN but depends from number of locations
Yes
More locations than you could shake a stick at Edit: 100?
@shovenose - with DNS we have 1.5 times more than CloudFlare, with Hydra the plan is for 5 locations total in 2014 and depending from customer feedback maybe more in 2015
I would appreciate if you could indicate use cases for such service or indicate some related articles. As i understand main use could be distributing DDoS attacks, build CDN network, IPv6 tunneling, GeoDNS etc. But there are such services already at very competitive prices.
I am very interested in this!
@Amfy and I were designing something like this at some point. We initially did not continue due to time constraints.
When OVH pulled the trigger on affordable DDoS protection (and Online.net to follow) we never ever actually came back on continuing the idea (there were more, private, factors).
At this point @joepie91 and I are working on a project for sharing more efficiently, which can't be DDoS'd by design anyway.
Ontopic:
From the tests @Amfy and I conducted, anycast was very efficient to filter DDoS.
@gbshouse - why don't you provide small Xen or KVM boxes so people can route traffic themselves?
@Jupiter - I'll try to write a little bit more tonight
@MitchellRobert - in fact @Amfy is our team member we don't want to run our own vps/hosting services as it's the area for our customers and partners, we want to do network related services only
What about offering VPS or Dedi's services at each location instead of just GRE tunnels for our own
See:
As for me, I'm pretty interested in this, if the pricing is right I can't wait to buy in. I assume I could buy for example a /28 or something? (With justification and such obviously) If so, any idea on IP pricing?
@Ruchirablog
@gbshouse Looks like we did it at the same time or something.
I'm aware
I assume you will allow GRE tunnels with different destination IP at different locations then?
@MitchellRobert - yes, all GRE stuff will be self-configurable, we are even thinking about multiple tunnels per location
Nice product. I have the interest on it too.
Is there any place we can preorder for this anycast service?
I would love this.
Are you going to peer with the same provider in all three locations? If not then the routing could be a mess.
@CNSjack - yes, we use the same provider for all locations
First of all, apologies, if my writing is a bit confusing or some detail is asking for mis-understandings, but I'm feeling quite ill
Yes, generally that is possible, however, justification will be checked very carefully by us.
As no one commented/asked about this, I want to explain at least a bit about the BGP support:
There is no need for public ASN allocated by RIR, but you can request a private ASN from us either from the reserved 16bit or 32bit range - both should give us enough room to meet customer need. Of course you can not announce the /32 yourself to any other DC/provider than us, since it's just part of larger announcement from us like >/24. The announcement from you, in this case is only handled internally. As Piotr already wrote, if you have your own /24 or larger, a public announcement is also possible, feel free to contact us at any time.
Why can BGP still be interesting for some of you guys?
Imagine: You have a VPS in the US and one in Europe. You want to run some service that should be anycasted (like reachable under the same /32 IPv4 and should be routed to the closest server). Since anycast is useless, if there is no redundancy at all, just setting up GRE on all servers, there is the possibility to have one of your servers going down and we still route traffic in that direction... now with BGP the session would change its state and we stop routing traffic towards the faulty server within seconds.
Besides that, it might be handy to use prependings or some BGP communities to control the /32 announcement. I'm sure you guys will be creative to find something we can implement for you
(Yes, this can also be skipped using specific VPN tools, but at least not really possible with GRE - BGP is one of the nicest ways solving this)
I was going to ask about that, so thanks for confirming. Definitely interested now
@Zen - never!
Also, do you maybe plan on providing DDoS filtering without anycast too? Preferably with GeoDNS on Rage4 because anycast can be too volatile for what it's worth in most cases.
@Zen - we have connection to Staminus in US and EU - all current Hydra locations offer DDoS protection.
@MitchellRobert - we can help you with getting protection directly from Staminus, if you do not need anycast then using our infrastructure makes no sense ...
Who provides the protection in Chicago? Last I heard Staminus is only in LA, NYC, and the Netherlands.