New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes, I assume that it would be the firewall that is set in the control panel (outside of the VPS), otherwise it would seem rather intrusive (to go into the OS of the VPS to take a snapshot of the firewall settings)
There is no "firewall snapshot" function at Hetzner. It's just a lack of punctuation. The OP's statement should read "firewall, snapshots, private network and hourly billing! "
A snapshot will usually contain all the relevant info as well, won't it? I should check my Hetzner snapshots.
Snapshot contains everything what you had on your drive with, even the OS and such, so you can restore server fully from snapshot without future configuration needed.
Exactly, that's what I was saying, it contains also the settings. I use to use clonezilla in the past as well for servers without control panels or without backup options built in. I had some bad experiences in restoring some of my backups, and I no longer use it.
Just wish there were APAC locations but it's obvious impossible at that price.
A nice example of why punctuation matters
I admit that the notion "firewall snapshot" was new to me, but I figured that this was due to my being behind the times (which I often am!)
Okay: firewall, [comma] snapshots
Cant really blame them, honestly
don't underestimate hetzner always. firewall snapshot may mean pfsense image cloning.
Seriously?
Have you seen the setup costs? €22.80 setup fee for a single IP? €182 for a /29? (Inc. Vat @ 20%).
It's beyond exorbitant in my opinion.
If I remember correctly, they ere the first major provider in the industry to announce these prices for IPv4s
I believe you're right. No one else has such high prices on setting up IPv4s, at least I haven't seen any other provider with such high fees.
Look into IPv4 exchanges like https://ipv4.global and you will find out that Hetzner is STILL quite cheap for IPv4s. And those prices will come to other providers too.
Why, tho?
Script your firewall rules.
Modern systems use nftables. iptables is legacy and will eventually go the way of ipchains before it.
Which EPYC Zen2 processor? Ryzens aren't always faster than older EPYCs with actual real workloads (not synthetic benchmarks).
This is usually true, the 5950x's max RAM is 128GB, while the 7742 will be equipped with at least 512GB of RAM, and the 5950x has 1.6 times the single-core performance of the 7742.
One that Hetzner uses. 7742 IIRC
You have valid point with synthetic benchmarks BUT that doesnt apply here.
Ryzen has 16core, 128GB RAM max.
If EPYC has 64 core (or 2 sockets 32c) and 512GB of RAM then there is 4x more clients on same hardware.
What you are missing here is that L1, L2, L3 cache bandwidth is limited, RAM bandwidth is limited. EPYC doesnt have 4x faster everything, some things are just slighly faster, some things are the same.
That is making big difference in real applications.
Also kernel/scheduler is not that efficient with many cores, with every core added theres some inefficiency.
And we are not talking about frequency, just that thing above makes Ryzen VPSes faster (ofc as long as they are oversold same amount)
EPYCs are great for providers because of density, but Ryzens instances are pretty much always faster.
But because Ryzen machines are not that dense that means it is more ecpensive and you'll get less cores per dollar - and in that situation EPYC will be faster in multithreaded apps.
Very aware of how much IPs cost - what I find exorbitant are the setup costs.
What resource did you use to get up to speed on nftables? There's the Arch wiki but its incomplete, and the fact that Docker is still on iptables took away any motivation I had to learn it.
I face disk corruption on the Ashburn VM and never went back. maybe they've fixed their issues now.... anyone else faced disk corruption issues?
I've read cloudflare's test before, nftables is even slower than iptables in some scene https://blog-cloudflare-com.webpkgcache.com/doc/-/s/blog.cloudflare.com/how-to-drop-10-million-packets/
That post literally says:
Debian 10 and higher use nftables by default. It uses
iptables-nft
which is a conversion layer to convert iptables rules to nftables rules - When you runiptables
, it's really runningnftables
behind the scenes. This doesn't use the full power of nftables, but it lets people configure nftables using their old iptables commands. Since it is just using nftables in the backend, it's worth learning about it eventually.I'm still not 100% up-to-date on nftables, but I very rarely write iptables or nftables rules directly.
firewalld is what Debian recommends using, and it makes the firewall use case relatively easy:
https://wiki.debian.org/nftables#Use_firewalld
Linode's tutorial is pretty decent: https://www.linode.com/docs/guides/introduction-to-firewalld-on-centos/
Some of my systems only have one service exposed externally (Nginx) with everything else listening locally, and Nginx has rate limiting configured. I'm also using CrowdSec to block attackers both through detecting attacks on my servers and using their community blocklists. CrowdSec (or Denyhosts) can see the Nginx rate limit errors in the Nginx logs and block the corresponding IPs.
On topic:
Only storage stuff is a bit expensive . I wish one could create volumes with the same price as the storage boxes they sell. Or reduced IO performance on the SSDs, whatever.
Just get their storage box and mount via CIFS.
Their volume is also 40% price of digitalocean vultr etc.
Performance is quite bad, sadly. I had this running for a while but with a large number of files it just breaks >
@fadedmaple said:
Still, compared to Contabo for example, I get a lot more "SSD" storage. I don't mind the bandwith limits, 200MBps Disk-IO is fine. I'd like to see something like the oracle cloud performance-units.