Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SEFLOW Benchmarks
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SEFLOW Benchmarks

JoeMeritJoeMerit Veteran
edited May 2016 in General

Hi,

I purchased a 512MB VPS PRO with SEFLOW with their latest coupon that offered a Free DDOS protected ip.

I was just curious if anyone wanted to share their benchmark results to see if we were all getting the same thing?

lets start with the freevps bench.sh network results:

Location                Provider        Speed

CDN                     Cachefly        76.7MB/s
Atlanta, GA, US         Coloat          1.22MB/s
Dallas, TX, US          Softlayer       1.23MB/s
Seattle, WA, US         Softlayer       1.05MB/s
San Jose, CA, US        Softlayer       772KB/s
Washington, DC, US      Softlayer       1.05MB/s
Tokyo, Japan            Linode          1.27MB/s
Singapore               Softlayer       699KB/s
Rotterdam, Netherlands  id3.net         3.45MB/s
Haarlem, Netherlands    Leaseweb        4.57MB/s`

Great network performance over peering, everywhere else not so much.

Thanked by 1yomero
«1

Comments

  • EricBEricB Member

    Expected since they have so many rate limits everywhere. Their protection is solely based off ACL's with Level3 if I'm correct.

  • JoeMeritJoeMerit Veteran

    So the tradeoff for having good (yet to be determined) ddos protection is having slow network throughput ?

  • EricBEricB Member

    I'm thinking it would be the rate limits doing so, I may be wrong. I remember last year I had a box with them and I was able to push 1gig up and down so I assume it's that.

  • sinsin Member

    JoeMerit said: Great network performance over peering, everywhere else not so much.

    Here's mine:

    Location        Provider    Speed
    CDN         Cachefly    50.6MB/s
    
    Atlanta, GA, US     Coloat      214KB/s 
    Dallas, TX, US      Softlayer   711KB/s 
    Seattle, WA, US     Softlayer   983KB/s 
    San Jose, CA, US    Softlayer   526KB/s 
    Washington, DC, US  Softlayer   878KB/s 
    
    Tokyo, Japan        Linode      467KB/s 
    Singapore       Softlayer   544KB/s 
    
    Rotterdam, Netherlands  id3.net     1.37MB/s
    Haarlem, Netherlands    Leaseweb    2.98MB/s
    

    Looks like I'm experiencing the same as you

  • JoeMeritJoeMerit Veteran

    @sin yes I posted the 'best' of my benchmarks, most of the time all the U.S. locations are well under 1MB/s

  • AmitzAmitz Member

    Hey, that's still way faster than any 56k modem has ever been!

  • JoeMeritJoeMerit Veteran

    @Matteob said low speeds were due to rate limiting but I'm not really all that satisfied with serving files or downloading files at well under 1MB/sec .

  • matteobmatteob Barred

    hi,
    i can confirm that in single thread level3 uplinks are rate-limited to optimize our ddos protection. We taken this decision based on our customers habits where nobody have service > 300kB/s.

    This is why our protection is so effective and, at the moment, mitigated 100% of attacks we received without any packet loss on customers and targets.

    Please keep in mind that this is a limitation for single thread and only in upload (incoming). i mean, if you launch multiple upload you can push at full 1gbps uplink speed. If you use your server as repository, you can push at full speed. In our experience this configuration accomodated every needs and nobody had any trouble in production enviroment.

    @EricB said:
    Expected since they have so many rate limits everywhere. Their protection is solely based off ACL's with Level3 if I'm correct.

    Not correct, ACL's are only the first defense laye, our protection is now based on 5 layers that are:

    • worldwide Level 3 ACL's
    • SeFlow Edge ACL's in 9 scrubbing points
    • SeFlow Statefull Firewalls
    • SeFlow level3/4 dynamic cloud inspection
    • SeFlow layer 7 cloud mitigation (added recently, about 1 weeks ago).

    Last layer is now in testing from some premium customers.

    In addition, we're ready to launch full website protection with waf advanced firewall included and 0 days vulnerabilites for major CMS.

    We're now planning to convert some scrubbing point into full remote ddos mitigation service point. We planned at first Amsterdam and washington to have capabilites to activate gre tunnels. We also evaluating london, but we need first explore the market demands. Expanding these point will allow us to reactivate peerings on AMS-IX and LINX that should improve a lot upload speed for real users and reduce any latency in europe.

    @JoeMerit said:
    @Matteob said low speeds were due to rate limiting but I'm not really all that satisfied with serving files or downloading files at well under 1MB/sec .

    Is upload, if you serve files is download and you're not affected! Honestly when you really need to push over 1MB/s in upload in production enviroment? :-)

    Thanked by 1ManofServer
  • jarjar Patron Provider, Top Host, Veteran

    I intentionally deleted a post in this thread just now. I mean no offense, please contact me privately if it upsets you.

    Thanked by 1theroyalstudent
  • hawchawc Moderator, LIR

    @matteob I presume you have no HD video streaming customers then.

    Thanked by 2MikeA inthecloudblog
  • ClouviderClouvider Member, Patron Provider

    Many reasons. Downloading backups to start with the simplest. CDN nodes. Uploading websites. The whole bunch of things that makes you use Datacentre with a symmetric connection.

    Thanked by 1hawc
  • AnthonySmithAnthonySmith Member, Patron Provider

    Haha, funny read.

  • GeekoineGeekoine Member
    edited May 2016

    Please keep in mind that this is a limitation for single thread and only in upload (incoming).

    @matteob: Same thing on your dedicated servers?

  • matteobmatteob Barred
    edited May 2016

    @Clouvider said:
    Many reasons. Downloading backups to start with the simplest.

    this happen if someone use our service only as backup server and not use any incremental script. I mean most of the backup software, bacula, idera, sync, etc, send file in multi-thread at full speed. Only affected case is when a customer zip whole server locally then send to our server AND use level3 link network. In other case rate-limit no affect the service

    CDN nodes.

    lots of little files in multi-thread node during the sync. Rate-limit no affect the service

    Uploading websites.

    Same as CDN node. And if you upload website from your home connection you need to be outside our exchange and you need home connection > 12Mbps .

    The whole bunch of things that makes you use Datacentre with a symmetric connection. Rate-limit no affect the service used byour datacenter customers and transit customer

    Other examples?

    @hawc said:
    @matteob I presume you have no HD video streaming customers then.

    Yes and one of the biggest italian production television buy transit from us. Streaming is mostly in download and rate limit work only for single thread uploads. If you use our server as vpn service for example, and you want see netflix, you will generate 1-2 Mbps, you still have 10Mbps free for other service that need to use same ports... maybe impossible? :-)

    I understand that for speed-test fanatic this is a big offense, but nobody with service in production sent us any trouble ticket.

    I will be happy to cover any customer doubt in this forum or in private.

    Regards

  • teamaccteamacc Member
    edited May 2016

    Is this rate limit also causing your site (seflow.net) taking 17 seconds to load?

  • matteobmatteob Barred
    edited May 2016

    @teamacc said:

    No, this is the WAF firewall that we're testing and is in front on it. No customers are using it because is in beta. Working amazing, but is slow and we're working to speed up the checks before put in public beta.

    Regards

  • teamaccteamacc Member

    @matteob said:

    @teamacc said:

    No, this is the WAF firewall that we're testing and is in front on it. No customers are using it because is in beta. Working amazing, but is slow and we're working to speed up the checks before put in public beta.

    Regards

    Right after this post your site became fast again...

    @Geekoine said:
    @matteob: Same thing on your dedicated servers?

    Could you please answer this question as well?

  • matteobmatteob Barred

    @teamacc said:
    Right after this post your site became fast again...

    Yes i asked to my engegneer to update latest rules that should improve a lot.

    @Geekoine said:

    Could you please answer this question as well?

    All service inside our network are affected: vps, dedicated server, remote protection, ip transit

    Please keep in mind that this rate-limit, as we can see by our monitor, is triggered only during ddos or speed test. We not had see any counting on these rules during production service

    Thanked by 1Geekoine
  • NyrNyr Community Contributor, Veteran

    To be fair we'd need to test how well does the DDoS protection works.

    If it's as good as they try to sell it, the compromise would be reasonable.

    DDoS protection is not just something that you can set up and forget with no side effects. See CloudFlare for example, they are very annoying and still plenty of customers use them.

  • ClouviderClouvider Member, Patron Provider

    I'd love to see a streaming CDN Client pulling source with 1Mbps throttling. Or taking larger static files from the source.

  • matteobmatteob Barred
    edited May 2016

    @Clouvider said:

    are MB/s not Mbps, please read carefully... again CDN clients work in multi-thread so they push at full speed everytime... We had various CDN vendor inside our network and i see their server pushing 1ge full transfer. Some of these are now generating 4Gbps without troubles

    Yeah, you're right, our protection is choosed daily by new customers and some review are coming (like https://www.lowendtalk.com/discussion/comment/1698585/#Comment_1698585 )

  • ClouviderClouvider Member, Patron Provider

    Looking at your Clients benchmarks in this thread they are getting only a small fraction of MB/s over transit.

  • matteobmatteob Barred
    edited May 2016

    @Clouvider said:

    Are you not the person that "scolded" me because i talked about a competitor? :-)

    I will be happy to assist you when you will have production service with us and you will get trouble. Judjing a competitors without tried it before is not professional and you can not be objective.

    You're only one that firing that discussion when existing customers are happy with it, funny

    Thanked by 1asf
  • ClouviderClouvider Member, Patron Provider
    edited May 2016

    Not really, I'll pass here. Wasn't me who started it, and yes, your attitude towards your competitors, and overstretched claims regarding 'your' mitigation capacity, brought up by numerous members here on the forums, allowed me to relax my usual rules on this occasion. :-).

    Have a good day and good luck.

  • @matteob said:

    As I would probably need a dedi here in Italy, I have another question. Is there any limitation on max concurrent connections from the same IP?

  • matteobmatteob Barred
    edited May 2016

    @Geekoine said:

    Hi,
    no the only limit is rate limit on some protocols for each established connection and only in uplinks. No other limitations except you setup it in our external firewall interface.

    Regards

    Thanked by 1Geekoine
  • linuxthefishlinuxthefish Member
    edited May 2016

    Iperf with single TCP connection is 5.40 Mbits/sec, 20 connections 92.0 Mbits/sec on a 100mbit server.

    Upload can reach full 93.1 mbit with 1 connection to UK.

  • @matteob said:
    upload (incoming)

    ?

    Thanked by 1sandro
  • TomTom Member

    Speaking of ddos protection... @matteob I just got this email

    Dear Customer,
    we want inform you that there is an incoming UDP attack to the ip 95.141.xx.xxx.
    
    Peak UDP 51612 pkts/s
    Target 95.141.xx.xxx
    Reverse DNS: "-.not my domain.COM"
    Anomaly #: 135
    
    No action is required on your part. You server is already moved in our protected area and we will filter the attack. We will move in the normal state when flood will be expired.
    
    
    Best Regards
    SeGuard Monitor System
    

    When infact my IP is 158.58.xx.xxx, and that's the only IP I have.. interesting

  • matteobmatteob Barred

    @Yoda said:

    i suggest you to subscribe to our status page http://status.seflow.net

    There is an open incident about wrong alerting with latest update:
    http://status.seflow.net/incidents/22qzj8sbkp15

    Regards

Sign In or Register to comment.