New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Linode / Akamai - How have they been? How is the DDoS mitigation?
MeltedMembrane
Member
in Providers
I was hoping to get some info on how Linode has been since the Akamai acquisition? Specifically, I'm curious about how the Linode DDoS mitigation has been? I'd guess it's not "as good" as the Prolexic/Akamai enterprise protection, but I was wondering if it improved? This is for a non-gaming product we're building out. I know this forum loves to recommend Path.net but I'm a little concerned about the accusations that are flying about them.
Thanked by 1greentea
Comments
They are launching new locations left and right, it's awesome! Regular VMs are rock solid, we have hundreds of VM running on Linode and now and then we get emails about VMs being live migrated off to a new host. I think only once there was downtime involved, apart from that live migration works wonders. I can really recommend them, new hardware, great EPYC hosts and good performance.
Everything else like their Kubernetes stuff or even Object Storage I would not touch from miles away, it's not stable at all and you will have downtime!
I don't have much info about their DDoS protection, but since every PoP is peered with the main Akamai ASN I would assume if shit hits the fan like years ago they should be fine.
Linode use Corero for DDoS mitigation so I would expect it's quite reasonable.
Akamai have very recently renewed their deal with Corero too - https://www.akamai.com/newsroom/press-release/akamai-extends-ddos-defense-with-prolexic-on-prem-and-hybrid-options
That's great to know because those are both services we were interested in. I checked their status page and I see a couple of issues they had. It's unfortunate they occurred across all DCs.
Right, I'm just curious if they are performing any additional filtering now or if it's the same protection as before. How has the network been since they started blending in Akamai?
Interesting, I didn't realize Akamai uses Corero. I thought they would have built out their mitigation in-house. Thank you!
1.From my experience, in terms of free DDoS Proction, Linode, Digitalocean, Hetzner, AWS are not bad. At least, They won't null route your IP when your VM gets DDoSed.
2.But for Vultr and many other smaller cloud providers(Racknerd, for example), they'll null route your IP for at least 2 hours when the volume of a DDoS attack exceeds a certain threshold, and I have to say their threshold are quiet low.
3.Most DDoS attacks typically last for a short duration, ranging from a few minutes to a few hours. In fact, many DDoS attacks do last only a few minutes or even a few seconds. Image you VM gets DDoSed only for a few seconds and if choose Vultr, you VM will remain unreachable for a few unbearable hours even if the attack has stopped a long time ago. But for Linode, they won't do like what Vultr do, you VM will almost immediately be alive when the DDoS attcks (the volume of which exceeds their threshold) stop.
4.As for the threshold (how much free DDoS Protection they can offer), most providers won't tell you exact number since it'll attract more DDoS attacks that comes from testers
5.Caution when you see providers who claim to offer Tbps+ DDoS Protection free of charge.
6.The above are just my personal experience and insights, which may be incorrect.
Echoing @nik, we also have started using Linode for anything we need backups, mirrors, redundancy, and just diversity from our own offerings for and I've been quite happy. Obviously it's not really low-end priced, but it's been very reliable. Can't speak to their other products besides regular VMs.
Also same as @Doo we had previously used Vultr but we had a lot of problems spanning many VM's and dedi's there. Hypervisor reboots, anytime a "DDoS" came in that was >10Gbps (according to them) they would just nullroute us for an hour despite paying for "DDoS protection". Their incoming attack graphs/table never worked so we would only know by opening a ticket and having a tech confirm 1+ hours later. I should have read the fine print: if the DDoS exceeds 10G, they null you. Absolute scam. The final straw was in one month 2 of our VMs (different hypervisors) rebooted more times than all of our own customer-facing servers combined and we had a >10Gbps DDoS come in and got nulled for over nearly 2 hours. I would understand if it was priced accordingly, but it is very premium-tier priced for a pretty unspectacular product.
Actually DDoS protection you guys are offering free of charge is much better than Vultr, I'm 100% certain
.
I'm certain it is too. Though to be fair it's not "free", we just assume everyone wants it and it's baked in across the entire product spectrum.
I just can't believe they charge for what we had, definitely changed my opinion massively after running stuff there for awhile.
We use their LKE product in Sydney and in Newark. Its got its issues, its certaintly required far more of our effort than a product of its supposed advantages should. But that being said its very modifiable and tweakable. And with enough time and effort invested its quite a nice deal.
If I was to spin up a new cluster these days I would probably spin my own, but for now it does the job for us.
I'd give it around a 6/10 but I can see why anyone who wasnt incredibly technical or who was lacking in time / resources might not be able to acheive good results.
As for their object storage. A few interruption to date, nothing as bad as Vultrs. And its been pretty decent of late. Object Storage and Kubernetes in the same Datacenter with affordable billing (unused egress from Kubernetes nodes is usable for object storage) is a big plus.
Because of our effectively unlimited egress bandwidth (and hence operations) via what we don't use the pricing is pretty much unmatched by compeditors
Don't touch Vultr with a 10 foot poll, currently involved in a project to get data out of Vultr NJ. It spent 2w offline about an month ago. And currently most file requests still fail. Its never been a great object storage (this client has been using them for years out of legacy) but its fallen in a heap lately.
Can't speak to the DDoS mitigation extensively, everything that gets real threat we of course protect ourselves. Only attack I've ever seen there for a client under management (was not under X4B protection at the time) it wasnt handled well (effective nullroute through bad filter application) but all things considered better than a nullroute or service suspension. Probably more than adequate if you are going to get some UDP Amp etc. Its free and baked in, if thats all you need then its probably enough.