All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for DDoS Mitigation Recommendations
juniorrrrr
Member
Hey everyone,
I’m running a small colo setup on the East Coast with currently 8 servers. In almost two years, we’ve only seen two DDoS attacks, both very short (around 3 minutes each). The network didn’t actually go down, but I’m starting to think about adding some sort of DDoS protection, just to be safe.
I’d like to ask for recommendations on providers or approaches that make sense for a small operation like mine. I’ve looked into options like Cloudflare Magic Transit and Lumen, but the cost is simply too high for us right now.
One idea I had was to use a dedicated server at OVH and set up a GRE tunnel + BGP to divert traffic there on demand (since their network has built-in mitigation). Has anyone here tried this? Does it actually work in practice? And would OVH consider that “abuse” of their service if used mainly as a scrubbing point for a colo elsewhere?
Really appreciate any advice or experiences you can share!
Comments
Budget?
Cloudflare Magic Transit is not cheap.
The most cheap far I know, is Voxility.
https://www.voxility.com/anti-ddos
You can use the tier "Occasionally used"
Another option is to:
https://www.datapacket.com/server-configuration
Pick a DataPacket Dedicated Server, Create a GRE Tunnel / BGP and you are ready to go.
Another option is to use 3rd party
https://stormwall.network/products/network-ddos-protection
Good luck.
@EvolutionHost has built their business on top of this model. They sell DDoS protection by GRE tunneling their clients' servers with OVH.
That said, OVH's DDoS protection has its bypasses. If you are specifically targetted by someone with OVH bypass(it is getting more common on medium-high profile ddos4hire communities), then it may not work in your favour.
We have had an issue where OVH was scrubbing DDoS but was also scrubbing the haproxy connection being made to the backend on our server(we used OVH VPS as frontend), causing intermittent outages that became more annoying than DDoS itself.
But the type of attacks that you receive, I think you'll be good for now considering the budget.
You should look into buyvm.net( @Francisco )'s PATH.net DDoS protection.
In simple words, they sell VPS with addon DDoS protection option which you can use as a GRE tunnel to your home network. I've seen Path.net as a better ddos protection provider than OVH.
Best in business IMO is Aurologic(?) that was(maybe still is?) used by @labze's TURIN lineup(pls correct me if I'm wrong).
What location are you needing to reach? We generally have good coverage of the east coast (NY/ASH/MTL) with low latency.
We offer stateful mitigation with a full firewall manager and control panel for full analytics. We offer up to 200Tbps of volume mitigation, and we have over 12Tbps of stateful capacity across our anycast network (US + Canada + Europe + Asia).
In the next 90 days we'll also be adding Dubai to our mitigation system with 200Gbit of capacity in the UAE.
Send me a message here with your bandwidth requirements, and I can give you a price. We're pretty fairly priced compared to the market.
hello bro , i also checking good protection server but i have low budget. my friend has a big game he working with telegram firstads . if you have good budget hi resolve your under the atttack problem easy.
I wouldn't.
The GRE tunnel's we offer are intentionally gimped as to not step on Path's toes.
There's no app filters, there's some basic volumetric blanket filters we do. It works fine for some users that want it and maybe that works for you, but if you're wanting something fancier or something you're wanting to market, its probably not what you want.
If you're just wanting it as a Cover Your Ass kinda thing "incase shit happens", it'd likely do great.
Francisco
If you look at OP's request, thats what the request seems to be.
Nevertheless, it is the layer 3/4 attack that often cause most disruption.
Unless OP is a gameserver hosting provider because, like Fran said, its whole another mess.
We’re not hosting game servers. Most of our clients are running websites, ERP systems, mail services, and similar workloads. So L3/L4 attacks are the main concern for us, not the game-related stuff at L7.
Thanks for the mention, appreciated!
To add further context to this, we leverage OVH's network to absorb large quantities of attack traffic but as you've alluded to, OVH's protection has quite a few shortcomings and is vulnerable to quite a lot of L7 based attacks still. The Evolution Host approach is to fill in those gaps and provide an all-encompassing protection suite by combining our own custom built protection suites with OVH's large network absorption capacity.
You can view our remote DDoS protection solution here: https://evolution-host.com/remote-ddos-protection.php
Are you open to moving your equipment to another datacenter? We provide up to 100Gbps DDOS protection powered by corero hardware onsite. We have dual uplinks 100Gbps each to Lumen and Cogent. We are located in Houston, TX
https://oplink.net/houston-colocation/
All you would have to do is ship your servers we can take care of the rack/stack if your not local and you can use our free helping hands for support.
Thanks,
Ryan
For websites, the free version of Cloudflare will work as long as you properly configure the WAF.
This guy says Cloudflare isnt cheap and then refers you to VOXILITY TO A CHEAP ALTERNATIVE? LOL???
Hey, Ive seen you about quite a lot recently with this DDoS protection you offer.
quick question, is it backhauled by DP, hence the "200Tbps of volume capacity"?
Also may I PM you for further questions and perhaps a purchase of a server with your L7 http/s protection, pretty please?
Feel free to send us a message, happy to chat. Yes, we utilize DP, we get cross connections in almost every region except Asia, where we have metal with them. In Dubai, we plan to add them as well for transit once they're live in UAE to keep things consistent
In terms of purchasing a server, we have some promotions coming up with EPYC 7443P-based builds, shoot me a message for pricing
Magic Transit is incredibly expensive. I don't recommend Voxility but Voxility is much much much less expensive than Magic Transit is.
Thats right, repeat my point so the special people can understand it.
I mean Voxility is a cheap alternative to MT, I don't see why you jumped on them like that
Theyre both poo & expensive. Pretty sure Voxility nullroute at 1Tbps too.
@EvolutionHost recommended costly but there ddos protection sheild is very strong!
Compared with Cloudflare Magic Transit, Voxility is more cheap obviously.
Their Tier OCCASIONAL USED is more cheap and probably the Frequently Used still more cheap rather than CF.
This does not mean that Voxility is "Cheap", though. MT is a bit of an outliner, they'll try to shell you out of as much money as possible. Voxility is different, but it is still on the costly side.
You are right, Voxility is not cheap. That's why I said comparing with MT, Voxility is more Cheap.
But that's what I said. The fact is that Voxility is cheaper than MT. If I'm not mistaken, it costs around €4,000, if not more. Around that. There was a company here that used it.
So if we compare the prices between Voxility and MT, Voxility is cheaper. But it has problems with certain types of attacks such as UDP and Layer 7, which they say it has, it doesn't work so well, far below expectations.
That's what I said, that in terms of price difference between MT and Voxility, Voxility is cheaper.
In the OP's place, who has a position. The cheapest solution is to move to another data centre that offers basic or better protection.
stormwall