New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SEFLOW Benchmarks
Hi,
I purchased a 512MB VPS PRO with SEFLOW with their latest coupon that offered a Free DDOS protected ip.
I was just curious if anyone wanted to share their benchmark results to see if we were all getting the same thing?
lets start with the freevps bench.sh network results:
Location Provider Speed CDN Cachefly 76.7MB/s Atlanta, GA, US Coloat 1.22MB/s Dallas, TX, US Softlayer 1.23MB/s Seattle, WA, US Softlayer 1.05MB/s San Jose, CA, US Softlayer 772KB/s Washington, DC, US Softlayer 1.05MB/s Tokyo, Japan Linode 1.27MB/s Singapore Softlayer 699KB/s Rotterdam, Netherlands id3.net 3.45MB/s Haarlem, Netherlands Leaseweb 4.57MB/s`
Great network performance over peering, everywhere else not so much.
Thanked by 1yomero
Comments
Expected since they have so many rate limits everywhere. Their protection is solely based off ACL's with Level3 if I'm correct.
So the tradeoff for having good (yet to be determined) ddos protection is having slow network throughput ?
I'm thinking it would be the rate limits doing so, I may be wrong. I remember last year I had a box with them and I was able to push 1gig up and down so I assume it's that.
Here's mine:
Looks like I'm experiencing the same as you
@sin yes I posted the 'best' of my benchmarks, most of the time all the U.S. locations are well under 1MB/s
Hey, that's still way faster than any 56k modem has ever been!
@Matteob said low speeds were due to rate limiting but I'm not really all that satisfied with serving files or downloading files at well under 1MB/sec .
hi,
i can confirm that in single thread level3 uplinks are rate-limited to optimize our ddos protection. We taken this decision based on our customers habits where nobody have service > 300kB/s.
This is why our protection is so effective and, at the moment, mitigated 100% of attacks we received without any packet loss on customers and targets.
Please keep in mind that this is a limitation for single thread and only in upload (incoming). i mean, if you launch multiple upload you can push at full 1gbps uplink speed. If you use your server as repository, you can push at full speed. In our experience this configuration accomodated every needs and nobody had any trouble in production enviroment.
Not correct, ACL's are only the first defense laye, our protection is now based on 5 layers that are:
Last layer is now in testing from some premium customers.
In addition, we're ready to launch full website protection with waf advanced firewall included and 0 days vulnerabilites for major CMS.
We're now planning to convert some scrubbing point into full remote ddos mitigation service point. We planned at first Amsterdam and washington to have capabilites to activate gre tunnels. We also evaluating london, but we need first explore the market demands. Expanding these point will allow us to reactivate peerings on AMS-IX and LINX that should improve a lot upload speed for real users and reduce any latency in europe.
Is upload, if you serve files is download and you're not affected! Honestly when you really need to push over 1MB/s in upload in production enviroment? :-)
I intentionally deleted a post in this thread just now. I mean no offense, please contact me privately if it upsets you.
@matteob I presume you have no HD video streaming customers then.
Many reasons. Downloading backups to start with the simplest. CDN nodes. Uploading websites. The whole bunch of things that makes you use Datacentre with a symmetric connection.
Haha, funny read.
@matteob: Same thing on your dedicated servers?
this happen if someone use our service only as backup server and not use any incremental script. I mean most of the backup software, bacula, idera, sync, etc, send file in multi-thread at full speed. Only affected case is when a customer zip whole server locally then send to our server AND use level3 link network. In other case rate-limit no affect the service
lots of little files in multi-thread node during the sync. Rate-limit no affect the service
Same as CDN node. And if you upload website from your home connection you need to be outside our exchange and you need home connection > 12Mbps .
Other examples?
Yes and one of the biggest italian production television buy transit from us. Streaming is mostly in download and rate limit work only for single thread uploads. If you use our server as vpn service for example, and you want see netflix, you will generate 1-2 Mbps, you still have 10Mbps free for other service that need to use same ports... maybe impossible? :-)
I understand that for speed-test fanatic this is a big offense, but nobody with service in production sent us any trouble ticket.
I will be happy to cover any customer doubt in this forum or in private.
Regards
Is this rate limit also causing your site (seflow.net) taking 17 seconds to load?
No, this is the WAF firewall that we're testing and is in front on it. No customers are using it because is in beta. Working amazing, but is slow and we're working to speed up the checks before put in public beta.
Regards
Right after this post your site became fast again...
Could you please answer this question as well?
Yes i asked to my engegneer to update latest rules that should improve a lot.
All service inside our network are affected: vps, dedicated server, remote protection, ip transit
Please keep in mind that this rate-limit, as we can see by our monitor, is triggered only during ddos or speed test. We not had see any counting on these rules during production service
To be fair we'd need to test how well does the DDoS protection works.
If it's as good as they try to sell it, the compromise would be reasonable.
DDoS protection is not just something that you can set up and forget with no side effects. See CloudFlare for example, they are very annoying and still plenty of customers use them.
I'd love to see a streaming CDN Client pulling source with 1Mbps throttling. Or taking larger static files from the source.
are MB/s not Mbps, please read carefully... again CDN clients work in multi-thread so they push at full speed everytime... We had various CDN vendor inside our network and i see their server pushing 1ge full transfer. Some of these are now generating 4Gbps without troubles
Yeah, you're right, our protection is choosed daily by new customers and some review are coming (like https://www.lowendtalk.com/discussion/comment/1698585/#Comment_1698585 )
Looking at your Clients benchmarks in this thread they are getting only a small fraction of MB/s over transit.
Are you not the person that "scolded" me because i talked about a competitor? :-)
I will be happy to assist you when you will have production service with us and you will get trouble. Judjing a competitors without tried it before is not professional and you can not be objective.
You're only one that firing that discussion when existing customers are happy with it, funny
Not really, I'll pass here. Wasn't me who started it, and yes, your attitude towards your competitors, and overstretched claims regarding 'your' mitigation capacity, brought up by numerous members here on the forums, allowed me to relax my usual rules on this occasion. :-).
Have a good day and good luck.
As I would probably need a dedi here in Italy, I have another question. Is there any limitation on max concurrent connections from the same IP?
Hi,
no the only limit is rate limit on some protocols for each established connection and only in uplinks. No other limitations except you setup it in our external firewall interface.
Regards
Iperf with single TCP connection is 5.40 Mbits/sec, 20 connections 92.0 Mbits/sec on a 100mbit server.
Upload can reach full 93.1 mbit with 1 connection to UK.
?
Speaking of ddos protection... @matteob I just got this email
When infact my IP is 158.58.xx.xxx, and that's the only IP I have.. interesting
i suggest you to subscribe to our status page http://status.seflow.net
There is an open incident about wrong alerting with latest update:
http://status.seflow.net/incidents/22qzj8sbkp15
Regards