New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDoS Mitigation Vendor Selection
cras4202tw
Member
Why are the Anti DDoS upstreams commonly seen among hosting providers almost the following?
Cloudflare Magic Transit
Stormwall
DDoS Guard
Voxility
Path
DP/CDN77
And Akamai, Gcore, F5 and Imperva are very rare?
Comments
Different use cases
Cloudflare Magic Transit, from what I’ve heard, is really good. But, the price per clean traffic is expensive.
It’s meant for businesses where each GB is worth a lot of $. For example, it might fit some SaaS services etc. It’s dosen’t fit hosting providers offering relatively cheap bandwidth.
Path is good and cheap but ran by complete idiots whom I’d never trust with anything important to me.
I am surprised to not see Datapacket/CDN77, it gains popularity recently
In my knowledge
CFMT should be at the same level as Akamai and Imperva, and both also provide BGP protection.
At least they both consider each other rivals
But for the Hosting industry, in the end I see everyone choosing CFMT.
If you choose at least one of these three companies.
It was indeed my mistake, and I also know CDN77/DP
Path is kinda curse word here
No solution will fit your exact use case to 100%.
That being said, every solution has it's own limitations and issues.
There may be 100 positive reviews about provider x and 100 negative.
The negative may have had issues they were not able to solve, the positive may have had simple or no attacks.
Not all Hosting providers need application specific mitigation. They simply want to protect their network. If one server is down, who cares?
Since you mentioned Gcore - Gcore's Transit offering is pretty expensive with low commitment, everything below 10G will probably kill any budget.
Hi there,
This is Rene with CosmicGuard. We also offer DDoS Mitigation services. (Our AS is 30456)
We're not as big as the parties listed above, but we've grown into a decent size over the past year.
Happy to discuss our offerings with you over a call if interested.
Kind regards,
Rene
I'd not call this a full fledged DDoS-Protection. You cant change much, filters for UDP do not exist AFAIK - as well as the Layer7 capabilities which you'd need for game servers are non existent. I guess their target audience is something else
Can confirm this.
Cloudflare Magic Transit is done via AS. Most websites are hidden behind Cloudflare on it's main ASN (AS13335), and NOT done over Magic Transit. You would see that on their Main AS, or over the "Cloudflare BYOIP Customers" ASN (AS209242).
The cost for that would be well in 5-6 figures ($50K-$80K). Only for Enterprise customers, and I believe the figure amount is for a 1-10G.
Akamai, Gcore, Imperva, etc.. are geared towards large enterprises with complex needs, which makes them less accessible for smaller hosting providers.
Unfortunately, our business traffic is mainly in Asia
If there are any new developments in Asia, can we talk about them?
Yes, mainly talking about BGP protection
Purchasing BGP protection requires a complicated configuration process, I think, even for Cloudflare Magic Transit.
It’s just that the choices on the market seem to be leaning towards using CFMT instead of Akamai, Gcore, Imperva,
If Gcore is based on price factors, what about Akamai and Imperva?
At least they all consider each other to be competitors in the same class, but the choice in the market seems to be leaning towards CFMT
Akamai is priced only for billion dollar companies.
Gcore is relatively new and expensive. Some are starting to move to them from Path.
Never heard of F5 or Imperva.
All the others you mentioned are either older or less expensive.
Datapacket is a god send for people that can make their own filters. They have mostly the same transit anywhere you want which is crucial for setting up anycast, and >10gb ports without the price of a full 10gb commit.