Want to buy Unmetered Bandwidth Servers in Euorpe

matteob

@William said:

stefeman said: SeFlow is solid and inexpensive and perfectly meets your requirements

Sure. If it is online.

What you mean? Can you please elaborate?

We report every outages here http://status.seflow.net

p.s. @wa44io4 have one test server from us, so he can really know the stability and performance of our network, without someone that lie because it just hate my attitude :-)

wa44io4

@matteob said:
p.s. @wa44io4 have one test server from us, so he can really know the stability and performance of our network, without someone that lie because it just hate my attitude :-)

Matteo offered a server just to test the network and stability. So far it seems to be perfectly fine for me, though due to holidays in Italy I couldn't order the Unmetered Servers with Matteo

But after testing for this whole month I should have more experience about SeFlow. I will be looking forward to solid performance and buying more servers from SeFlow.

matteob

@wa44io4 said:

@matteob said:
p.s. @wa44io4 have one test server from us, so he can really know the stability and performance of our network, without someone that lie because it just hate my attitude :-)

Matteo offered a server just to test the network and stability. So far it seems to be perfectly fine for me, though due to holidays in Italy I couldn't order the Unmetered Servers with Matteo

Yes correct we sold all E5 2620v4 CPUs and need wait tomorrow that supplier reopen warehouse to restock them. i'm sorry for that but suppliers closed for 20 days and we was not able to restock in time.

wa44io4

Got both the server ready with WorldStream ... Benchmark here -

System Info
-----------
Processor   : Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
CPU Cores   : 32
Frequency   : 1238.415 MHz
Memory      : 128660 MB
Swap        :  MB
Uptime      : 49 min,

OS      : \S
Arch        : x86_64 (64 Bit)
Kernel      : 4.12.8-1.el7.elrepo.x86_64
Hostname    : localhost


Speedtest (IPv4 only)
---------------------
Your public IPv4 is 192.168.0.1

Location        Provider    Speed
CDN         Cachefly    235MB/s

Atlanta, GA, US     Coloat      16.6MB/s 
Dallas, TX, US      Softlayer   16.0MB/s 
Seattle, WA, US     Softlayer   13.3MB/s 
San Jose, CA, US    Softlayer   13.3MB/s 
Washington, DC, US  Softlayer   2.64MB/s 

Tokyo, Japan        Linode      8.92MB/s 
Singapore       Softlayer   5.60MB/s 

Rotterdam, Netherlands  id3.net     150MB/s
Haarlem, Netherlands    Leaseweb    235MB/s 


Disk Speed
----------
I/O (1st run)   : 629 MB/s
I/O (2nd run)   : 622 MB/s
I/O (3rd run)   : 634 MB/s
Average I/O : 628.333 MB/s

William

matteob said: We report every outages here http://status.seflow.net

Sure. Global ones.

Not if your NETIX (that was last one) link fails less than your monitoring limit, or when your appliance seems to manipulate TCP-ACK packets (why else would they arrive on DST with OTHER checksum? This happens right now between you and seemingly anyone behind Level3, especially Vultr...), or when unreachable entirely...

Host [X] Proxmox UI : PORT is back up after 1 minute of downtime as of Wed Aug 16 2017 20:16:56 GMT.

Host [X] Proxmox UI : PORT is back up after 2 minutes of downtime as of Fri Jul 28 2017 12:29:40 GMT.

Host [X] Proxmox UI : PORT is back up after 4 minutes of downtime as of Sat Jul 22 2017 00:59:56 GMT.

Host [X] Proxmox UI : PORT is back up after 1 minute of downtime as of Wed Jul 19 2017 01:44:58 GMT.

Host [X] Proxmox UI : PORT is back up after 3 minutes of downtime as of Fri Jul 14 2017 19:43:30 GMT.

Host [X] Proxmox UI : PORT is back up after 18 minutes of downtime as of Tue Jul 11 2017 10:18:54 GMT.

At this time aside of the 99EUR Gbit i would not recommend your services, because at 100Mbit the HW and this issues are not worth anything over a Hetzner or Leaseweb server and Hetzner even provides better protection on top.

matteob

@William said:
Sure. Global ones.

Not if your NETIX (that was last one) link fails less than your monitoring limit

This was reported in our status page and fixed while ago:
http://status.seflow.net/incidents/6fpyqxk13rd5

Host [X] Proxmox UI : PORT is back up after 1 minute of downtime as of Wed Aug 16 2017 20:16:56 >GMT.

>

Host [X] Proxmox UI : PORT is back up after 2 minutes of downtime as of Fri Jul 28 2017 12:29:40 GMT.

>

Host [X] Proxmox UI : PORT is back up after 4 minutes of downtime as of Sat Jul 22 2017 00:59:56 GMT.

this happen when the ip receive DDoS and is forwarded under mitigation mode. If you have DDoS Protected plan open a ticket to SOC to find a solution (best is, if your server receive frequent DDoS, move it under AlwaysON mode). Here differencies about standard Sensor mode and AlwaysON mode:

https://manage.seflow.it/index.php?/knowledgebase/article/30/ddos-mitigation--sensor-mode-vs-alwayson/

If you're in sensor mode, the protection take 22sec to start mitigation and this is why you get 1 minutes outages. Under AlwaysON mode you're filtered immediately and your server is not hitten.

when your appliance seems to manipulate TCP-ACK packets

If you not have any security product we not manipulate anything, please elaborate this.

because at 100Mbit the HW and this issues are not worth anything over a Hetzner or Leaseweb server and Hetzner even provides better protection on top.

Every company have different products this mean that there is no absolute better company. This only mean that for your needs we not offer any value added service then them.

For example Hetzner DDoS Mitigation does not provider Alwayson protection mode or packet validation solution. We have lot of customers switched to us with word "your protection is better than..." and i think some other will leaved us for opposite reasons. It's the way the business work.

For packet validation feature https://manage.seflow.it/index.php?/knowledgebase/article/72/ddos-seguard-custom-port-list-protection/

I will be happy to clarify any issue you get to see you happy with us.

Regards

Butters

@wa44io4

worldstream doesn't allow streaming.

source: https://www.worldstream.nl/WorldStream_TOS.pdf

you can ask at https://10gbps.io or https://10g.amsterdam for a custom quote

3W INFRA has also a good promotion running http://www.webhostingtalk.com/showthread.php?t=1667160

there is also nforce.com but i think they don't allow streaming on every network class, you may have to ask

and last but not least https://www.m247.ro/en/services/dedicated-servers/

nik

@wa44io4 said:
Got both the server ready with WorldStream ... Benchmark here -

System Info
-----------
Processor : Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
CPU Cores : 32
Frequency : 1238.415 MHz
Memory        : 128660 MB
Swap      :  MB
Uptime        : 49 min,

OS        : \S
Arch      : x86_64 (64 Bit)
Kernel        : 4.12.8-1.el7.elrepo.x86_64
Hostname  : localhost


Speedtest (IPv4 only)
---------------------
Your public IPv4 is 192.168.0.1

Location      Provider    Speed
CDN           Cachefly    235MB/s

Atlanta, GA, US       Coloat      16.6MB/s 
Dallas, TX, US        Softlayer   16.0MB/s 
Seattle, WA, US       Softlayer   13.3MB/s 
San Jose, CA, US  Softlayer   13.3MB/s 
Washington, DC, US    Softlayer   2.64MB/s 

Tokyo, Japan      Linode      8.92MB/s 
Singapore         Softlayer   5.60MB/s 

Rotterdam, Netherlands    id3.net     150MB/s
Haarlem, Netherlands  Leaseweb    235MB/s 


Disk Speed
----------
I/O (1st run) : 629 MB/s
I/O (2nd run) : 622 MB/s
I/O (3rd run) : 634 MB/s
Average I/O   : 628.333 MB/s

This test only benches the inbound speed, which is completely meaningless for streaming.

Clouvider

matteob said: Under AlwaysON mode you're filtered immediately and your server is not hitten.

The software I believe you use says it's in own datasheet it needs ~5s to detect an attack in this mode.

matteob

@Clouvider said:

Wansight is only for customer reporting. We not use it for mitigation and detection.

wa44io4

@Butters said:
@wa44io4

worldstream doesn't allow streaming.

source: https://www.worldstream.nl/WorldStream_TOS.pdf

I had 1 server previously with WorldStream and today got 2 more. So, far they never said they won't allow video streaming on Unmetered Bandwidth servers.

Their TOS says they allow it on-permission and I think I have the permission.

Thanks for other recommendations ....

NFOrce - I am their regular customer but their network / bandwidth is costly.
M247 - Can match WorldStream prices but the network is 2Gbps hard limit and the CPU isn't same.
3W INFRA - Didn't really contacted them this time but I should have tried getting a quote
10Gbps.io - Far more costly and network is 2Gbps hard limit.

wa44io4

@nik said:
This test only benches the inbound speed, which is completely meaningless for streaming.

Please link me to a better benchamarking script ... thanks

Zerpy

@Butters said:
@wa44io4

worldstream doesn't allow streaming.

source: https://www.worldstream.nl/WorldStream_TOS.pdf

Sure they do, if they approved it on a case-by-case basis.

Network

>

No CDN or Media Streaming. Customer shall not be entitled
to use the products and services for the purpose of (1)
operating ‘Content Delivery Network’; and/or (2) ‘Streaming
Media Services’; except with WorldStream’s prior written
consent, which consent may be granted or withheld at
WorldStream’s sole discretion.

source: https://www.worldstream.nl/WorldStream_TOS.pdf

nik

@wa44io4 said:

@nik said:
This test only benches the inbound speed, which is completely meaningless for streaming.

Please link me to a better benchamarking script ... thanks

It's hard to simulate streaming in a real world scenario. To simply test outbound bandwidth (inbound is completely irrelevant for streaming) you could use something like iperf 0. The problem is that this is always from server to server, the hard part about streaming is that the actual people who watch your streams don't have access to a backbone with multiple carriers, they are solely with their ISP. And if the ISP is for example DTAG it is more or less guaranteed to be laggy even though you might have enough capacity from server to server, since DTAG transit is very expensive and most providers don't have direct access to it. (So they can't control if your stream will be laggy or not).

Worldstream for example doesn't have direct access to DTAG or UPC, both combined have a market share of > 50% in Germany 1. So alone for Germany they don't have it in their hand if you streams will be laggy or not even though they might offer you the theoretical "capacity" for it. So even iPERF doesn't matter, what matters is a quality network with enough capacity.

wa44io4

@nik said:

Got it ... however, I am satisfied with the network and I am getting good speed from even Germany. Also, I am not trying to build something like Youtube so I am not going to invest thousands of EUROs for getting streaming servers. Hope you understand that.

So far everything is fine for me and I am happy with all the providers I used for video streaming. The migrations or, changing providers is becuase of better price mainly. However, the DDoS protection and better support matters too which I am getting with WorldStream.

kh81

@Butters said:
worldstream doesn't allow streaming.

That's funny. I remember when one of the biggest illegal streaming sites used Worldstream.

wa44io4

@kh81 said:

@Butters said:
worldstream doesn't allow streaming.

That's funny. I remember when one of the biggest illegal streaming sites used Worldstream.

hmm

Butters

i would contact worldstreams support

wa44io4

@Butters said:
i would contact worldstreams support

You can contact these Skype Sales Staffs ...

[WorldStream] Nick de Jong #115 - nick.de.jong0
[WorldStream] Rick Vollebregt - rickvol1

wa44io4

Updated network usage -

Fusl

matteob said: please elaborate this.

Sure:

Usually, connections built from Vultr (NL-AMS) to SeFlow work perfectly fine:

tcpdump at seflow:

23:46:47.747519 IP vultr.41966 > seflow.22: Flags [S], seq 2624180695, win 29200, options [mss 1460,sackOK,TS val 3732532184 ecr 0,nop,wscale 7], length 0
23:46:47.747530 IP seflow.22 > vultr.41966: Flags [S.], seq 1712787133, ack 2624180696, win 28960, options [mss 1460,sackOK,TS val 801492753 ecr 3732532184,nop,wscale 7], length 0
23:46:47.763342 IP vultr.41966 > seflow.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 3732532188 ecr 801492753], length 0
23:46:47.763557 IP vultr.41966 > seflow.22: Flags [P.], seq 1:11, ack 1, win 229, options [nop,nop,TS val 3732532188 ecr 801492753], length 10
23:46:47.763561 IP seflow.22 > vultr.41966: Flags [.], ack 11, win 227, options [nop,nop,TS val 801492757 ecr 3732532188], length 0
23:46:47.767100 IP seflow.22 > vultr.41966: Flags [P.], seq 1:40, ack 11, win 227, options [nop,nop,TS val 801492758 ecr 3732532188], length 39
23:46:47.767237 IP seflow.22 > vultr.41966: Flags [FP.], seq 40:59, ack 11, win 227, options [nop,nop,TS val 801492758 ecr 3732532188], length 19
23:46:47.782769 IP vultr.41966 > seflow.22: Flags [.], ack 40, win 229, options [nop,nop,TS val 3732532193 ecr 801492758], length 0
23:46:47.782930 IP vultr.41966 > seflow.22: Flags [F.], seq 11, ack 60, win 229, options [nop,nop,TS val 3732532193 ecr 801492758], length 0
23:46:47.782948 IP seflow.22 > vultr.41966: Flags [.], ack 12, win 227, options [nop,nop,TS val 801492762 ecr 3732532193], length 0

tcpdump at vultr:

23:46:47.740120 IP vultr.41966 > seflow.22: Flags [S], seq 2624180695, win 29200, options [mss 1460,sackOK,TS val 3732532184 ecr 0,nop,wscale 7], length 0
23:46:47.755820 IP seflow.22 > vultr.41966: Flags [S.], seq 1712787133, ack 2624180696, win 28960, options [mss 1460,sackOK,TS val 801492753 ecr 3732532184,nop,wscale 7], length 0
23:46:47.755854 IP vultr.41966 > seflow.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 3732532188 ecr 801492753], length 0
23:46:47.756144 IP vultr.41966 > seflow.22: Flags [P.], seq 1:11, ack 1, win 229, options [nop,nop,TS val 3732532188 ecr 801492753], length 10
23:46:47.771848 IP seflow.22 > vultr.41966: Flags [.], ack 11, win 227, options [nop,nop,TS val 801492757 ecr 3732532188], length 0
23:46:47.775354 IP seflow.22 > vultr.41966: Flags [P.], seq 1:40, ack 11, win 227, options [nop,nop,TS val 801492758 ecr 3732532188], length 39
23:46:47.775405 IP vultr.41966 > seflow.22: Flags [.], ack 40, win 229, options [nop,nop,TS val 3732532193 ecr 801492758], length 0
23:46:47.775457 IP seflow.22 > vultr.41966: Flags [FP.], seq 40:59, ack 11, win 227, options [nop,nop,TS val 801492758 ecr 3732532188], length 19
23:46:47.775604 IP vultr.41966 > seflow.22: Flags [F.], seq 11, ack 60, win 229, options [nop,nop,TS val 3732532193 ecr 801492758], length 0
23:46:47.791187 IP seflow.22 > vultr.41966: Flags [.], ack 12, win 227, options [nop,nop,TS val 801492762 ecr 3732532193], length 0

Let's compare the second packet (SYN-ACK):

tcpdump at seflow: 23:46:47.747530 IP seflow.22 > vultr.41966: Flags [S.], seq 1712787133, ack 2624180696, win 28960, options [mss 1460,sackOK,TS val 801492753 ecr 3732532184,nop,wscale 7], length 0
tcpdump at vultr:  23:46:47.755820 IP seflow.22 > vultr.41966: Flags [S.], seq 1712787133, ack 2624180696, win 28960, options [mss 1460,sackOK,TS val 801492753 ecr 3732532184,nop,wscale 7], length 0

Everything works fine, but randomly TCP connections fail to establish:

tcpdump at seflow:

23:48:00.668059 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732550414 ecr 0,nop,wscale 7], length 0
23:48:00.668090 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801510983 ecr 3732550414,nop,wscale 7], length 0
23:48:01.664357 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732550664 ecr 0,nop,wscale 7], length 0
23:48:01.664365 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801511232 ecr 3732550414,nop,wscale 7], length 0
23:48:02.690292 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801511488 ecr 3732550414,nop,wscale 7], length 0
23:48:03.668247 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732551165 ecr 0,nop,wscale 7], length 0
23:48:03.668270 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801511733 ecr 3732550414,nop,wscale 7], length 0
23:48:05.694310 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801512240 ecr 3732550414,nop,wscale 7], length 0
23:48:07.680182 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732552168 ecr 0,nop,wscale 7], length 0
23:48:07.680194 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801512736 ecr 3732550414,nop,wscale 7], length 0
23:48:11.702304 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801513742 ecr 3732550414,nop,wscale 7], length 0
23:48:15.696124 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732554172 ecr 0,nop,wscale 7], length 0
23:48:15.696133 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801514740 ecr 3732550414,nop,wscale 7], length 0
23:48:23.722291 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801516747 ecr 3732550414,nop,wscale 7], length 0
23:48:31.712217 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732558176 ecr 0,nop,wscale 7], length 0
23:48:31.712242 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801518744 ecr 3732550414,nop,wscale 7], length 0
23:48:47.934299 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801522800 ecr 3732550414,nop,wscale 7], length 0
23:49:03.776198 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732566192 ecr 0,nop,wscale 7], length 0
23:49:03.776205 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801526760 ecr 3732550414,nop,wscale 7], length 0

tcpdump at vultr:

23:48:00.660659 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732550414 ecr 0,nop,wscale 7], length 0
23:48:00.676687 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784733767 ecr 3732550414,nop,wscale 7], length 0
23:48:01.656797 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732550664 ecr 0,nop,wscale 7], length 0
23:48:01.672695 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784734016 ecr 3732550414,nop,wscale 7], length 0
23:48:02.698873 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784734272 ecr 3732550414,nop,wscale 7], length 0
23:48:03.660798 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732551165 ecr 0,nop,wscale 7], length 0
23:48:03.676637 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784734517 ecr 3732550414,nop,wscale 7], length 0
23:48:05.702636 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784735024 ecr 3732550414,nop,wscale 7], length 0
23:48:07.672801 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732552168 ecr 0,nop,wscale 7], length 0
23:48:07.688506 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784735520 ecr 3732550414,nop,wscale 7], length 0
23:48:11.710672 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784736526 ecr 3732550414,nop,wscale 7], length 0
23:48:15.688765 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732554172 ecr 0,nop,wscale 7], length 0
23:48:15.704484 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784737524 ecr 3732550414,nop,wscale 7], length 0
23:48:23.730593 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784739531 ecr 3732550414,nop,wscale 7], length 0
23:48:31.704790 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732558176 ecr 0,nop,wscale 7], length 0
23:48:31.720553 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784741528 ecr 3732550414,nop,wscale 7], length 0
23:48:47.942610 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784745584 ecr 3732550414,nop,wscale 7], length 0
23:49:03.768787 IP vultr.42030 > seflow.22: Flags [S], seq 51348194, win 29200, options [mss 1460,sackOK,TS val 3732566192 ecr 0,nop,wscale 7], length 0
23:49:03.784543 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784749544 ecr 3732550414,nop,wscale 7], length 0

Let's compare the second packet (SYN-ACK) here as well:

tcpdump at seflow: 23:48:00.668090 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 801510983 ecr 3732550414,nop,wscale 7], length 0
tcpdump at vultr:  23:48:00.676687 IP seflow.22 > vultr.42030: Flags [S.], seq 3120254658, ack 51348195, win 28960, options [mss 1460,sackOK,TS val 784733767 ecr 3732550414,nop,wscale 7], length 0

Not seeing it yet? Let's trim it down:

tcpdump at seflow: options [mss 1460,sackOK,TS val 801510983 ecr 3732550414,nop,wscale 7]
tcpdump at vultr:  options [mss 1460,sackOK,TS val 784733767 ecr 3732550414,nop,wscale 7]

Still not? What about that:

tcpdump at seflow: TS val 801510983
tcpdump at vultr:  TS val 784733767

That's right, the TCP packet timestamp has been changed to something else. Now, here's the thing: I have another VPS at another provider (Melbicom) that seems to take the same route between SeFlow and Melbicom both inbound and outbound, however it does not happen there, nor was I able to reproduce it with some other servers that I have tried this. At the same time, the server at Vultr seems to work perfectly fine and is able to repeatedly build connections without any hiccups to other providers. I also don't have Vultr DDoS protection or the firewall enabled for this server.

Here's an MTR in both directions:

1.|-- ???                                100.0    10    0.0   0.0   0.0   0.0   0.0
2.|-- vl199-br1-cer.ams1.choopa.net       0.0%    10    0.3   0.5   0.3   1.9   0.3
3.|-- 5-1-40.ear3.Amsterdam1.Level3.net   0.0%    10    1.5   3.3   1.3  16.2   4.7
4.|-- ae-121-3507.bar2.Milan1.Level3.net  0.0%    10   16.2  16.4  16.2  17.4   0.0
5.|-- 212.73.241.250                      0.0%    10   16.4  32.7  16.2 132.9  38.2
6.|-- ???                                100.0    10    0.0   0.0   0.0   0.0   0.0
7.|-- seflow                              0.0%    10   15.8  16.6  15.7  24.1   2.6

1.|-- 95.141.32.1                0.0%    10    0.5  13.1   0.3  94.0  30.3
2.|-- 192.168.21.5               0.0%    10    0.3   0.3   0.2   0.4   0.0
3.|-- as57463.0.181.netix.net    0.0%    10  101.9  44.3   9.3 162.4  52.5
4.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
5.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
6.|-- vultr                      0.0%    10   15.8  15.8  15.8  15.8   0.0

Let's have a closer look at the packets with tcpdumps checksum functionality:

tcpdump at seflow:

00:00:50.945198 IP (tos 0x0, ttl 58, id 36048, offset 0, flags [DF], proto TCP (6), length 60)
    vultr.42652 > seflow.22: Flags [S], cksum 0x02c1 (correct), seq 2764091288, win 29200, options [mss 1460,sackOK,TS val 3732742984 ecr 0,nop,wscale 7], length 0
00:00:50.945207 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    seflow.22 > vultr.42652: Flags [S.], cksum 0x9f29 (correct), seq 2832303451, ack 2764091289, win 28960, options [mss 1460,sackOK,TS val 801703552 ecr 3732742984,nop,wscale 7], length 0

Everything looks good with the packets and checksums at SeFlow, correct checksum is sent out to the client (Vultr) where it should arrive with the same checksum:

tcpdump at vultr:

00:00:50.937817 IP (tos 0x0, ttl 64, id 36048, offset 0, flags [DF], proto TCP (6), length 60)
    vultr.42652 > seflow.22: Flags [S], cksum 0x02c1 (correct), seq 2764091288, win 29200, options [mss 1460,sackOK,TS val 3732742984 ecr 0,nop,wscale 7], length 0
00:00:50.953491 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    seflow.22 > vultr.42652: Flags [S.], cksum 0x9f29 (incorrect -> 0xa029), seq 2832303451, ack 2764091289, win 28960, options [mss 1460,sackOK,TS val 784926336 ecr 3732742984,nop,wscale 7], length 0

See the part where it says "incorrect"? That's the incorrect checksum of the TCP packet calculated on the virtual NIC at Vultr.

Let's bring the lines closer together:

    seflow.22 > vultr.42652: Flags [S.], cksum 0x9f29 (correct),             seq 2832303451, ack 2764091289, win 28960, options [mss 1460,sackOK,TS val 801703552 ecr 3732742984,nop,wscale 7], length 0
    seflow.22 > vultr.42652: Flags [S.], cksum 0x9f29 (incorrect -> 0xa029), seq 2832303451, ack 2764091289, win 28960, options [mss 1460,sackOK,TS val 784926336 ecr 3732742984,nop,wscale 7], length 0

Are you still following? Because the timestamp value of the packet is incorrect, the checksum is as well and the Linux kernel therefore drops the packet.

matteob

@Fusl said:

This is what in a real world is called asynmetrical route.

echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter

echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

To be persistent

nano -w /etc/sysctl.conf

net.ipv4.conf.default.rp_filter = 2

net.ipv4.conf.all.rp_filter = 2

This should fix your issue if you have dual interface in your vm/dedicated. If not please check next reply with another possible cause.

But this is not a provider network related issue and need to be investigated on host level.

Regards

CConner

matteob said: And bad seflow network will now start to be good seflow network :-)

Why don't you go fix it on your end (because clearly, there is one) instead of making petty excuses.

I know from what provider I won't be buying servers when we expand our network.

matteob

@CConner said:

Because,

1. Is not a SeFlow issue
2. All providers do these
3. Provider can control only outbound. Incoming routes can be "suggested" (like prepending for example), but is other one (in this case vultr) that choose the way.

RP Filtering is a linux feature that is not enabled by default, probably the customer enabled it for security reason not considering that.

Please also remember that i suggest this **only ** if on your machine you have two active interfaces. If this is not the case there is something else that cause this and need to be investigated, but is something on the servers because we have nothing that can manipulate packets in our networks.

If above is not the case, also remember that checksum error on tcpdump is a common issue if you have checksum offloading on your NIC.

Please check it with:

ethtool -k eth0 | grep on

Replace eth0 with your network interface.

If is enabled type:

ethtool -K eth0 tx off rx off

and retry.

Regards

@CConner said:
I know from what provider I won't be buying servers when we expand our network.

i'm sorry to read that, we will do our best to improve our service to see your decision changed

Have nice monday

Clouvider

How is the TCP timestamp related to the asymmetric i routing ?

I don't think asymmetric routing is what @Fusl has a problem with. I know it's a long post, but you could make an effort to actually read it.

matteob

@Clouvider said:
How is the TCP timestamp related to the asymmetric i routing ?

Not directly related, but is related to how tcpdump handle it. If you read both of my reply i posted two possible cause, one if you use 2 nics in same host and other one for offloading.

I not know which service he have with us and vultr so i need to take all possible cause.

Please refer to tcpdump documentation for further details.

MaikoB

@wa44io4 said:
Hello,

I am looking for Unmetered Bandwidth Servers in Euorpe.

Hi,

OVH have a big and very good network if you target EU and NA.

In Europe, all our servers come with 500Mbps guarantee bandwidth with a paid option to get 1Gbps guarantee (upto 3Gbps on some models).

https://www.ovh.com/us/dedicated-servers/enterprise/
https://www.ovh.com/us/dedicated-servers/hosting/
https://www.ovh.com/us/dedicated-servers/storage/
https://www.ovh.com/us/dedicated-servers/hg/

If you have any questions, I'll be happy to help.

Clouvider

@matteob said:

@Clouvider said:
How is the TCP timestamp related to the asymmetric i routing ?

Not directly related, but is related to how tcpdump handle it. If you read both of my reply i posted two possible cause, one if you use 2 nics in same host and other one for offloading.

I not know which service he have with us and vultr so i need to take all possible cause.

Please refer to tcpdump documentation for further details.

Tcpdump documentstion for RF Filtering in Linux (kernel feature) ? I don't think so.

Clouvider

@MaikoB that includes your London PoP where no one could get their guaranteed BW, or any reasonable BW really, to any Major UK eyeball ? Dunno if that improved recently, but frankly it proved this guarantees mean nothing.

matteob

@Clouvider

No, RP_filtering for kernel dropping that he wrote.

Offloading for warnings on tcpdump