Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

How would one do this?

How would one do this?

lele0108lele0108 Member
edited October 2012 in General

Let's say I wanted to do very cheap DDOS protection through BuyVM.

How would I pipe all my server from one VPS, into a awknet protected BuyVM? Would this be reasonable? Would it be insanely slow? (Same DC, so I don't think so). How much resources do I need RAM wise?

Thanks!

~ Jimmy VortexUnit. Who likes poptart.cats?

Comments

  • http://wiki.buyvm.net/index.php/gre_tunnel

    GRE has almost no overhead CPU or RAM wise.

    You'd have the latency bump within coresite (about 0.3ms?) + the 10ms to awknet but that's aboot it.

    You'd be burning bandwidth both ways but hopefully you need the protection more than you need gobs of transit.

    If you had multiple targets to protect you could actually buy a subnet from us and have it static routed to your node, that way you'd be able to attach 209.141.39.x right to your VM's (like we do with awknet).

    Hope it helps,

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • I should also add that with that guide, if your users don't need a full IP to themselves you could swap from a /30 to a /24 and just assign them a LAN ip w/ a port forwarded.

    It's the cheapest solution though i'm not 100% sure what your setup is or what your users need :)

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
    Thanked by 1lele0108
  • lele0108lele0108 Member
    edited October 2012

    Wow, awesome.

    I just have a couple of customers who seem to attract DDOSing, and instead of kicking them out, I like to present this as a option.

    ~ Jimmy VortexUnit. Who likes poptart.cats?
  • ZenZen Member

    GRECeption up in this bitch @Francisco

  • @lele0108 said: I just have a couple of customers who seem to attract DDOSing, and instead of kicking them out, I like to present this as a option.

    You sell to MC clients, i'm surprised this isn't a bigger issue for you :)

    We've had more than a few very large MC servers pick up plans just for filtering. I had a fellow the other day that told me if I'd lend him a hand with a GRE he'd buy our biggest plan w/ a filtered IP just to say thanks. 15 minutes later I had him all done.

    I actually wrote the guide since he was the ~10th person I had helped to date with GREing out of us.

    It's a pretty funky setup and for many it's the cheapest filtering they'll find.

    If I can work out a deal with the minecraftforums guys i'm fairly sure I'd sell GRE's hand over fist.

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • It is actually not a huge issue for us, though I know hosts that have huge DDOS issues.

    I think the cheaper you price your servers, the more prone to DDOSing.

    ~ Jimmy VortexUnit. Who likes poptart.cats?
  • Any Minecraft host will be a target of many DDoS attacks. Don't learn the hard way :D

  • @Francisco doesn't your filtering service consist of a dedicated server at awknet?

  • @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

  • @dempom said: @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

    3$ per month and you can buy it as upgrade/addon from the services tab. As far as I know it is available in SJ only.

    Disclosure: I work for Query Foundry LLC.
    I own DA International Group Ltd.
  • @ChrisK said: @Francisco doesn't your filtering service consist of a dedicated server at awknet?

    @ChrisK I believe he announced a /24 there and Tunnels the good traffic back to San Jose after the UDP/SYN Filtering is done at the box in Awknet.

    You seem to say it like some type of bad thing? Would you rather do it off 20G of Commit that you had with Hostdime or have it off-site on a network that is specialised in that type of thing?

  • @dempom said: am a client but I cannot find this info (because its not available for my current VPS's?).

    @dempom Go to https://my.frantech.ca/clientarea.php?action=products then click the VM you want the IP on then Click 'Management actions' , 'Upgrade/Downgrade Option'

    Then you should get a page like this:

    image

  • @dempom said: @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

    It's only available in SJ.

    @ChrisK said: @Francisco doesn't your filtering service consist of a dedicated server at awknet?

    The nitty gritty is that we have a dedicated with awknet and we use it as a router to push traffic back home. Awknet only handles a select few types of floods so we have to work around that with our own rules. Awknet's own SYN filtering is crappy at best and doesn't really clean much so we do that on our own.

    SYN is always a pain in the ass and is what most providers charge the most for. To date though we've cleaned out some very large floods and been able to build some very SYN resistant gaming VPN's for people :)

    We filtered up to 800k pps of SYN for a client, something he would have had to pay $2k/m - $4k/m at Staminus/direct Awknet.

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • @Francisco said: We filtered up to 800k pps of SYN for a client, something he would have had to pay $2k/m - $4k/m at Staminus/direct Awknet.

    I wonder who that was...

  • @Jack said: I wonder who that was...

    Well, you hold the record for SYN and someone holds the record for UDP.

    The fellow that setup the GRE with me earlier in the week decided to load test off a 10Gbit port box he had and pushed ~4 - 5Gbit/sec to his filtering box and he didn't see a spec of it in a tcpdump or suffer any disconnects.

    He was so impressed he plans to get a few filtering boxes for his own servers (since the original release was for his friend).

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • @Francisco thanks for the explanation. Do you know if there are any plans to provide filtered IPs for Buffalo-based VPS's?

  • @dempom said: @Francisco thanks for the explanation. Do you know if there are any plans to provide filtered IPs for Buffalo-based VPS's?

    At some point but for now we want to perfect SJ :)

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • @Francisco Sounds good. Just letting you know that you have at least one customer when you roll out filtered IP's for NY

  • @dempom said: @Francisco Sounds good. Just letting you know that you have at least one customer when you roll out filtered IP's for NY

    Glad to hear it :)

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • @Francisco said: Glad to hear it :)

    nice to see you back btw!

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • @Francisco Hehe sent you a PM in the morning. :P

    ~ Jimmy VortexUnit. Who likes poptart.cats?
  • @netomx said: nice to see you back btw

    Not back, just handling a thread about us :)

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
    Thanked by 1eastonch
  • @Francisco I've been following this thread, and from what I've gathered, users can send all of their traffic from VPS's with other providers through a filtered IP with you, for just the price of a standard box + filtered IP?

    If this is the case then I'll be popping over to upgrade one of my SJ boxes to a filtered IP pretty soon :P.

    Also, as @netomx said, if you were actually "back" it'd be great.. but I assume you and Aldyric are both still active on your IRC? Not gonna lie, this place is bloody dull without you two lmfao :P.. think I might have to pop in and say hi and have a few giggles at some point :)

    VPN.sh - Secure and affordable VPN services

  • You can do the route through but remember, there is a latency penalty when doing it. If you're protecting a box on the east coast you'll be looking at a worst case +140ms latency.

    I'm almost always active in IRC and Aldryic is there during US business hours. Channel is usually pretty busy :)

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • Yeah, that's fine. Latency wouldn't matter for what I'm intending on using it for :). I get around a 80ms round trip though so it isn't too bad :).

    Ahh that's great :), I'll just need to setup IRC again now... hate getting new laptops :P.

    Sorry to hijack @lele0108 !

    VPN.sh - Secure and affordable VPN services

  • No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

    ~ Jimmy VortexUnit. Who likes poptart.cats?
  • @lele0108 said: No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

    OVZ is fine if you're doing just NAT.

    You'll want KVM if you want to static route and such.

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
  • @Francisco said: Not back, just handling a thread about us :)

    I hate you :(

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
    Thanked by 1Randy
  • and you should be studying for your classes and not starting the next kiddie mc host. get out of let now!

    lol just kidding!

    @lele0108 said: No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

Sign In or Register to comment.