[Share your knowledge] ❓ OVH Game & GRE Tunnel ❓

FlorinMarian

Hi, there!
I'm Florin, one of the owners of https://hazi.ro.
I would like to talk with those who have experience with OVH dedicated servers & GRE tunnels having OVH at one end.

My question is: Did you had network issues for tunneled traffic? If yes, how did you solved them?

For me, the difference is so huge as I download directly something with 10Mbps and with tunneled IP only 500Kbps (same source).

Any feedback is welcome!

Best regards, Florin.

One more thing:
Moved tunnel from OVH Germany -> Romania to OVH Germany -> OVH France and got exactly same result.

MikeA

It is OVH and tunneled traffic, you don't fix it.

FlorinMarian

@MikeA said:
It is OVH and tunneled traffic, you don't fix it.

Thank you for reply!
Unfortunatelly OVH can't confirm this but having this issue everywhere is an important point.

Their reply on my request related to this fact:

Hello,

Following our conversation, we would like to inform you that we don't set any limits on the  GRE tunnels speed, you may need to wait the confirmation in the other ticket if the server has any hardware issue, otherwise, you may need to look into your software configuration for further assistance,

We remain at your disposal for further assistance.

wdmg

OVHs VAC will pickup that traffic super quickly and rate-limit or even block it outright. VAC does not respect firewall rules either when it comes to "mitigating attacks"... often GRE gets dropped entirely for many people.

cybertech

does buyvm support such protocol/service? maybe they can help idk

FlorinMarian

@wdmg said:
OVHs VAC will pickup that traffic super quickly and rate-limit or even block it outright. VAC does not respect firewall rules either when it comes to "mitigating attacks"... often GRE gets dropped entirely for many people.

Thank you for feedback!
This could be a good starting point but as far I know, they don't filter internal traffic and this issue is active also when I have OVH servers on both ends.
Best regards, Florin.

FlorinMarian

@MikeA said:
It is OVH and tunneled traffic, you don't fix it.

@wdmg said:
OVHs VAC will pickup that traffic super quickly and rate-limit or even block it outright. VAC does not respect firewall rules either when it comes to "mitigating attacks"... often GRE gets dropped entirely for many people.

I'm sorry for that I didn't understood that it is impossible to be fixed and I've played again with it.
In my opinion one-way is already fixed (500Mbps Deutschland - Romania) is quite good.

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed
                |                           |                 |
Clouvider       | London, UK (10G)          | 480 Mbits/sec   | 74.9 Mbits/sec
Online.net      | Paris, FR (10G)           | 241 Mbits/sec   | 108 Mbits/sec
WorldStream     | The Netherlands (10G)     | 623 Mbits/sec   | 94.3 Mbits/sec
WebHorizon      | Singapore (1G)            | 96.8 Mbits/sec  | 108 Mbits/sec
Clouvider       | NYC, NY, US (10G)         | 416 Mbits/sec   | 72.7 Mbits/sec
Velocity Online | Tallahassee, FL, US (10G) | 333 Mbits/sec   | 87.1 Mbits/sec
Clouvider       | Los Angeles, CA, US (10G) | 311 Mbits/sec   | 24.5 Mbits/sec
Iveloz Telecom  | Sao Paulo, BR (2G)        | 218 Mbits/sec   | 114 Mbits/sec

Next I'll have to discover why it is so bad during download

CiprianoOscar

@FlorinMarian said:
Hi, there!
I'm Florin, one of the owners of https://hazi.ro.
I would like to talk with those who have experience with OVH dedicated servers & GRE tunnels having OVH at one end.

My question is: Did you had network issues for tunneled traffic? If yes, how did you solved them?

For me, the difference is so huge as I download directly something with 10Mbps and with tunneled IP only 500Kbps (same source).

Any feedback is welcome!

Best regards, Florin.

One more thing:
Moved tunnel from OVH Germany -> Romania to OVH Germany -> OVH France and got exactly same result.

check that the interface is with the correct mtu (1476 for the classic gre).

FlorinMarian

@CiprianoOscar said:

@FlorinMarian said:
Hi, there!
I'm Florin, one of the owners of https://hazi.ro.
I would like to talk with those who have experience with OVH dedicated servers & GRE tunnels having OVH at one end.

My question is: Did you had network issues for tunneled traffic? If yes, how did you solved them?

For me, the difference is so huge as I download directly something with 10Mbps and with tunneled IP only 500Kbps (same source).

Any feedback is welcome!

Best regards, Florin.

One more thing:
Moved tunnel from OVH Germany -> Romania to OVH Germany -> OVH France and got exactly same result.

check that the interface is with the correct mtu (1476 for the classic gre).

Thank you for feedback!

Is still hard to figure out what's wrong.

Here's IPIP tunnel with 1454 mtu:

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed
                |                           |                 |
Clouvider       | London, UK (10G)          | 478 Mbits/sec   | 173 Mbits/sec
Online.net      | Paris, FR (10G)           | 423 Mbits/sec   | 172 Mbits/sec
WorldStream     | The Netherlands (10G)     | 405 Mbits/sec   | 291 Mbits/sec
WebHorizon      | Singapore (1G)            | 101 Mbits/sec   | 154 Mbits/sec
Clouvider       | NYC, NY, US (10G)         | 157 Mbits/sec   | 55.6 Mbits/sec
Velocity Online | Tallahassee, FL, US (10G) | 193 Mbits/sec   | 90.9 Mbits/sec
Clouvider       | Los Angeles, CA, US (10G) | 108 Mbits/sec   | 147 Mbits/sec
Iveloz Telecom  | Sao Paulo, BR (2G)        | 153 Mbits/sec   | 152 Mbits/sec

and here is GRE tunnel with 1476 mtu:

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed
                |                           |                 |
Clouvider       | London, UK (10G)          | 391 Mbits/sec   | 190 Mbits/sec
Online.net      | Paris, FR (10G)           | 412 Mbits/sec   | 274 Mbits/sec
WorldStream     | The Netherlands (10G)     | 350 Mbits/sec   | 260 Mbits/sec
WebHorizon      | Singapore (1G)            | 114 Mbits/sec   | 94.8 Mbits/sec
Clouvider       | NYC, NY, US (10G)         | 179 Mbits/sec   | 127 Mbits/sec
Velocity Online | Tallahassee, FL, US (10G) | 125 Mbits/sec   | 162 Mbits/sec
Clouvider       | Los Angeles, CA, US (10G) | 102 Mbits/sec   | 65.0 Mbits/sec
Iveloz Telecom  | Sao Paulo, BR (2G)        | 121 Mbits/sec   | 105 Mbits/sec

Both setups have 1428 as mss value.

Best regards, Florin.

Neoon

Try using different IP's.

FlorinMarian

@Neoon said:
Try using different IP's.

What you mean?

Neoon

@FlorinMarian said:

@Neoon said:
Try using different IP's.

What you mean?

You use one IP for ingress and another one for egress.
Also, regarding the 500Kbps, it makes sense, the client usually does not send that much, even if you got 2-3 clients per IP.

AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

FlorinMarian

@Neoon said:

@FlorinMarian said:

@Neoon said:
Try using different IP's.

What you mean?

You use one IP for ingress and another one for egress.
Also, regarding the 500Kbps, it makes sense, the client usually does not send that much, even if you got 2-3 clients per IP.

AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.
I've bypassed few kbps limit but still 30% of total network speed isn't cool.
Best regards, Florin.

Neoon

@FlorinMarian said:

@Neoon said:

@FlorinMarian said:

@Neoon said:
Try using different IP's.

What you mean?

You use one IP for ingress and another one for egress.
Also, regarding the 500Kbps, it makes sense, the client usually does not send that much, even if you got 2-3 clients per IP.

AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.
I've bypassed few kbps limit but still 30% of total network speed isn't cool.
Best regards, Florin.

Get a Kimsufi, test it, they used to be very cheap.
Otherwise just get a OVH VPS I guess.

FlorinMarian

@Neoon said:

@FlorinMarian said:

@Neoon said:

@FlorinMarian said:

@Neoon said:
Try using different IP's.

What you mean?

You use one IP for ingress and another one for egress.
Also, regarding the 500Kbps, it makes sense, the client usually does not send that much, even if you got 2-3 clients per IP.

AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.
I've bypassed few kbps limit but still 30% of total network speed isn't cool.
Best regards, Florin.

Get a Kimsufi, test it, they used to be very cheap.
Otherwise just get a OVH VPS I guess.

Kimsufi & VPS servers are not suitable because my goal is to forward IPs from OVH to Romania and Kimsufi has only 1 IP address and VPS has max. 16, still useless.
Best regards, Florin.

CiprianoOscar

I don't know if this can help but it can be a test.

In the anti ddos protection control panel, try to whitelist the ipv4 of the server in romania.

FlorinMarian

@CiprianoOscar said:
I don't know if this can help but it can be a test.

In the anti ddos protection control panel, try to whitelist the ipv4 of the server in romania.

Did it with v4 and GRE protocols, nothing changed.

CiprianoOscar

@FlorinMarian said:

@CiprianoOscar said:
I don't know if this can help but it can be a test.

In the anti ddos protection control panel, try to whitelist the ipv4 of the server in romania.

Did it with v4 and GRE protocols, nothing changed.

contact me on telegram : @oscarcipriano

FlorinMarian

Hello!
As far I remember, I've discussed with some LET providers which said that they have succeed to solve GRE bottleneck using OVH support system.
May I have a DM from one of them to talk about this?
Thank you!

yoursunny

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

Neoon

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

FlorinMarian

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

How many push-ups you did to discover my secret plan?
You're unbelievable !

yoursunny

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

How many push-ups you did to discover my secret plan?
You're unbelievable !

How many push-ups will you do in my honor for finding this solution?
You're incredible!

FlorinMarian

@yoursunny said:

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

How many push-ups you did to discover my secret plan?
You're unbelievable !

How many push-ups will you do in my honor for finding this solution?
You're incredible!

I'll do all of them, you deserve this

yoursunny

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

How many push-ups you did to discover my secret plan?
You're unbelievable !

How many push-ups will you do in my honor for finding this solution?
You're incredible!

I'll do all of them, you deserve this

Once you got the solution working, will you contribute a push-up video for broadcast on https://pushups.ndn.today ?

ehab

i will not use GRE

bandwidth eater

vps suspender

FlorinMarian

@ehab said:
i will not use GRE

bandwidth eater

vps suspender

What you mean regarding "VPS suspender"?

ehab

@FlorinMarian said:
What you mean regarding "VPS suspender"?

i had my vps suspended with a provider some years ago because of GRE, it consumed 1T25GB just overnight and had reached my monthly limit.

once burned, never again.

FlorinMarian

@ehab said:

@FlorinMarian said:
What you mean regarding "VPS suspender"?

i had my vps suspended with a provider some years ago because of GRE, it consumed 1T25GB just overnight and had reached my monthly limit.

once burned, never again.

GRE doesn't affect amount of traffic consumed, so that could happen also without any tunnel behind. Single thing involved is that you consume bandwidth at two ends at the same time, but not double bandwidth on same host.

FlorinMarian

@yoursunny said:

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@yoursunny said:

@FlorinMarian said:

@Neoon said:
AntiDDoS applies only external, maybe worth trying forwarding it through another OVH box without Game AntiDDoS and forwarding from there.

Unfortunately both boxes I have on OVH are on GAME range.

Tunnel through Kimsufi?

\    GRE         GRE
 OVH-----Kimsufi-----Romania 
/

Kimsufi acts as a router for the OVH IPs.
From OVH point of view, GRE traffic comes from Kimsufi, so that it doesn't trigger DDoS alert.

How many push-ups you did to discover my secret plan?
You're unbelievable !

How many push-ups will you do in my honor for finding this solution?
You're incredible!

I'll do all of them, you deserve this

Once you got the solution working, will you contribute a push-up video for broadcast on https://pushups.ndn.today ?

Don't say that again.
Keep in mind I've realised 2 months ago that thing I can't do even a push-up.
Count those 5 as 50 because for a while I'm an indoor man.

https://hazi.ro/5-for-yoursunny.mp4

natural

good info.