Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How would one do this?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How would one do this?

lele0108lele0108 Member
edited October 2012 in General

Let's say I wanted to do very cheap DDOS protection through BuyVM.

How would I pipe all my server from one VPS, into a awknet protected BuyVM? Would this be reasonable? Would it be insanely slow? (Same DC, so I don't think so). How much resources do I need RAM wise?

Thanks!

Comments

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    http://wiki.buyvm.net/index.php/gre_tunnel

    GRE has almost no overhead CPU or RAM wise.

    You'd have the latency bump within coresite (about 0.3ms?) + the 10ms to awknet but that's aboot it.

    You'd be burning bandwidth both ways but hopefully you need the protection more than you need gobs of transit.

    If you had multiple targets to protect you could actually buy a subnet from us and have it static routed to your node, that way you'd be able to attach 209.141.39.x right to your VM's (like we do with awknet).

    Hope it helps,

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    I should also add that with that guide, if your users don't need a full IP to themselves you could swap from a /30 to a /24 and just assign them a LAN ip w/ a port forwarded.

    It's the cheapest solution though i'm not 100% sure what your setup is or what your users need :)

    Francisco

    Thanked by 1lele0108
  • lele0108lele0108 Member
    edited October 2012

    Wow, awesome.

    I just have a couple of customers who seem to attract DDOSing, and instead of kicking them out, I like to present this as a option.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @lele0108 said: I just have a couple of customers who seem to attract DDOSing, and instead of kicking them out, I like to present this as a option.

    You sell to MC clients, i'm surprised this isn't a bigger issue for you :)

    We've had more than a few very large MC servers pick up plans just for filtering. I had a fellow the other day that told me if I'd lend him a hand with a GRE he'd buy our biggest plan w/ a filtered IP just to say thanks. 15 minutes later I had him all done.

    I actually wrote the guide since he was the ~10th person I had helped to date with GREing out of us.

    It's a pretty funky setup and for many it's the cheapest filtering they'll find.

    If I can work out a deal with the minecraftforums guys i'm fairly sure I'd sell GRE's hand over fist.

    Francisco

  • It is actually not a huge issue for us, though I know hosts that have huge DDOS issues.

    I think the cheaper you price your servers, the more prone to DDOSing.

  • Any Minecraft host will be a target of many DDoS attacks. Don't learn the hard way :D

  • @Francisco doesn't your filtering service consist of a dedicated server at awknet?

  • @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    @dempom said: @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

    3$ per month and you can buy it as upgrade/addon from the services tab. As far as I know it is available in SJ only.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @dempom said: @Fancisco How much does a filtered IP cost through BuyVM? I am a client but I cannot find this info (because its not available for my current VPS's?).

    It's only available in SJ.

    @ChrisK said: @Francisco doesn't your filtering service consist of a dedicated server at awknet?

    The nitty gritty is that we have a dedicated with awknet and we use it as a router to push traffic back home. Awknet only handles a select few types of floods so we have to work around that with our own rules. Awknet's own SYN filtering is crappy at best and doesn't really clean much so we do that on our own.

    SYN is always a pain in the ass and is what most providers charge the most for. To date though we've cleaned out some very large floods and been able to build some very SYN resistant gaming VPN's for people :)

    We filtered up to 800k pps of SYN for a client, something he would have had to pay $2k/m - $4k/m at Staminus/direct Awknet.

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Jack said: I wonder who that was...

    Well, you hold the record for SYN and someone holds the record for UDP.

    The fellow that setup the GRE with me earlier in the week decided to load test off a 10Gbit port box he had and pushed ~4 - 5Gbit/sec to his filtering box and he didn't see a spec of it in a tcpdump or suffer any disconnects.

    He was so impressed he plans to get a few filtering boxes for his own servers (since the original release was for his friend).

    Francisco

  • @Francisco thanks for the explanation. Do you know if there are any plans to provide filtered IPs for Buffalo-based VPS's?

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @dempom said: @Francisco thanks for the explanation. Do you know if there are any plans to provide filtered IPs for Buffalo-based VPS's?

    At some point but for now we want to perfect SJ :)

    Francisco

  • @Francisco Sounds good. Just letting you know that you have at least one customer when you roll out filtered IP's for NY

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @dempom said: @Francisco Sounds good. Just letting you know that you have at least one customer when you roll out filtered IP's for NY

    Glad to hear it :)

    Francisco

  • netomxnetomx Moderator, Veteran

    @Francisco said: Glad to hear it :)

    nice to see you back btw!

  • @Francisco Hehe sent you a PM in the morning. :P

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @netomx said: nice to see you back btw

    Not back, just handling a thread about us :)

    Francisco

    Thanked by 1eastonch
  • VPNshVPNsh Member, Host Rep

    @Francisco I've been following this thread, and from what I've gathered, users can send all of their traffic from VPS's with other providers through a filtered IP with you, for just the price of a standard box + filtered IP?

    If this is the case then I'll be popping over to upgrade one of my SJ boxes to a filtered IP pretty soon :P.

    Also, as @netomx said, if you were actually "back" it'd be great.. but I assume you and Aldyric are both still active on your IRC? Not gonna lie, this place is bloody dull without you two lmfao :P.. think I might have to pop in and say hi and have a few giggles at some point :)

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    You can do the route through but remember, there is a latency penalty when doing it. If you're protecting a box on the east coast you'll be looking at a worst case +140ms latency.

    I'm almost always active in IRC and Aldryic is there during US business hours. Channel is usually pretty busy :)

    Francisco

  • VPNshVPNsh Member, Host Rep

    Yeah, that's fine. Latency wouldn't matter for what I'm intending on using it for :). I get around a 80ms round trip though so it isn't too bad :).

    Ahh that's great :), I'll just need to setup IRC again now... hate getting new laptops :P.

    Sorry to hijack @lele0108 !

  • No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @lele0108 said: No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

    OVZ is fine if you're doing just NAT.

    You'll want KVM if you want to static route and such.

    Francisco

  • netomxnetomx Moderator, Veteran

    @Francisco said: Not back, just handling a thread about us :)

    I hate you :(

    Thanked by 1Randy
  • and you should be studying for your classes and not starting the next kiddie mc host. get out of let now!

    lol just kidding!

    @lele0108 said: No problem. Just a PSA, you guys should be ordering KVM, not OPENVZ!

Sign In or Register to comment.