All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
X4B | Anycast DDoS Protection | Beta Testers Required (FREE for 2 months)
X4B DDoS Protection is proud to announce that we are almost ready to launch our next generation Anycast DDoS Protection product. We are seeking your help and feedback.
The terms, how do I enrol?
Shoot me a PM or Reply here and I'll add you to the list. Once there is a slot available. I will create you a service expiring in 14-days. Provide some feedback and this will be extended by an additional 46-days free of charge (2 months FREE).
Feedback can be as simple as "I setup X, no problems" but we would prefer as much information as you can offer 
Please be honest in your report, we need to fine tune our product.
The beta service setup will be a 50GB clean bandwidth service unless you request more.
During the Beta period we are limiting mitigation to 100Gbps, however upon renewal outside of the Beta window you will receive an upgrade.
AS136165: The network
Current PoPs:
- Amsterdam, Netherlands
- London, United Kingdom
- Dallas, TX, USA
- Los Angeles, CA, USA
- Asburn, VA, USA
Test IP / Looking Glass: https://lg.x4b.net/ (103.77.224.2)
The 20 Questions:
Why Anycast?
An anycast network is more redundant, and fault resilient than a regular single PoP network. By announcing in multiple distinct locations we gain redundancy against network and server failure. In the events of most interruptions the PoP can fall offline without any interrupting existing connection by way of failover to the next closest PoP (until the failing PoP is restored).
Anycast also allows for an increase in Mitigation capacity (particularly Layer 7) and overall throughput per service.
Is this more complicated than a regular filtered service?
There are a few more knobs available, however we hope to make this as easy to use as our regular services. We will keep working based on feedback and planned features to make this so throught the beta period.
Anycast Documentation is currently being written and will be rolled out after the beta period.
Can I point one or more Anycast PoP at a single server?
Yes you can select which Anycast PoP should be forwarding to each defined backend.
Can each PoP communicate with my server direct?
Yep.
Optionally with GRE Tunnelling you can also choose to have all PoPs pointed at a single backend, and for that backend to communicate with the appropriate PoP all via a single internal IP address; or you can define only a single tunnel (the choice is yours!)
This is an Anycast IP, can I connect out?
We have worked hard to build a solution that is able to function in every way like a regular Remote Protection service. With a GRE tunnel you can make outgoing connections. There may be a small delay for the first few packets while we create an optimized route through the network.
How can I continue after the beta period?
We are after feedback and bug reports, send me a PM with your username and some feedback and you will be able to continue using the Anycast service for a special offer of $7/month (including the protected IPv4, and all backend IPs). Additional bandwidth at a reasonable cost, I'll try and work something out for you. Any special offers made are non-transferable unless otherwise stated (sorry).
What about Support?
During the beta period support is best effort, paying customers will be prioritized over Anycast beta services. You may be able to get quicker support from the community by asking in this thread for certain types of questions.
The Technical Stuff
Featuring:
- Redundant internal backhaul, resilient against communication failures
- Internal Mesh network, ingress traffic at one PoP and egress it at another (no complex configuration required!)
- Direct Server Return (DSR) from the first filtering hop wherever possible for minimal latency
- Able to handle all kinds of PoP switches, rejoins and splits without interruption
- Support for tunnels to one or more filtering PoPs (with or without BGP) for redundancy
- China Telecom optimized routes in L.A
- Multihomed w/ Telia and Tinet and Peering
Comments
Please add me to the list.
p/s: i already had an account at x4b
Sign me up, also a current customer.
Please sign me up
@sonic, @rickey318 PM's have been sent.
For those curious it's first in best dressed rules. And it's open to anyone regardless of current customer status.
Please sign me up
It sounds great to try out. Sign me up!
@busbr, @inthecloudblog PMs sent.
More later
Hi sign me up please looking forward to trying this.
Very nice work @SplitIce! Fantastic idea!
Count me in
Interested. Most of my traffic will likely hit US West.
If I'm eligible count me in. Really nice idea and I think should come a long way
great . Sign me up!
This supports BGP? If so might be interested.
Please let me sign up
To ask the asshole-question: Would it be allowed to stress-test this protection through third-party services, or is this not allowed?
Sidenote: I am personally not looking for ddos protection, and would never use such stress testers.
All our commonly included features, including GRE+BGP tunnels are available. If however you are referring to us announcing resources for you (forgive me, it's commonly misused terminology) - contact us, it's not something covered by a free beta.
No thanks. We have enough people stressing the looking glass as it is. The mitigation works, we already know that.
@MarcusVinicius, @Edmond PMs sent
@trewq not your turn yet, but is that a request to be put in the list?
@zenith, @lurch PMs sent
@Yoda, @hzr PMs sent
Next batch on Monday. Don't be dismayed, there is enough to go around.
Just so I know, where do I submit the feedback again? I mean it's working great, just that I feel like there should be more PoPs due to the ping, it gets routed to the location nearest to the user, not necessarily routing it so it's making the connection closer to the server that's being protected.
Everyone, next batch might be sent after the weekend, perhaps earlier. There is enough space for some more people to enrol, no one will miss out.
@Edmond You can pop me a PM or Skype at any time. I'll be doing a PM run before the 2-week window as well, to make sure all services get their renewals bumped.
You can PM me or post here any routes that you think could be better and I'll take a look. We have put alot of time (weeks) into optimising the ping and are very happy with the results of our testing but there are alot of networks out there. Ideally the route should always ingress at the closest point to the client, and providing you have it configured (RP, or a tunnel from that location/unified tunnel) go straight to your backend.
Optimisation wise we have tried to keep this range neutral, if we sell enough to warrant it however we may do a range that's optimised to East/West USA and one for Europe.
We have also investigated further PoPs and may release a network with more PoPs in the future. Probably with at additional cost however.
Some of the PoPs we have investigated are:
All have their problems (ability to balance transit, capacity, network quirks / downsides or just cost). That's not to say we won't explore adding any of these, or alternate PoPs in the future.
In Europe we are also getting access to AMS-IX and LINX soon(ish) and as major peering locations that should further improve routes to the rest of Europe (currently Telia & Tinet which are pretty good though).
@GenjiSwitchPls, @Leonn and @Clouvider PMs sent.
I can see the locations you considered as great ones for your customers but I don't think everyone's going to pay for extra, but I guess bandwidth does cost money.
I probably should just stick to Cloudflare for my websites and in house DDoS protection for my voice/game servers. In house doesn't add extra ping, and Cloudflare has too many PoPs to count.
Quite a big price difference there mate, with our services starting at $15+ (depending on bandwidth), and theirs at $200 per domain (if you need anything more than basic protection).
No point doing a comparison really. CF is a Web Accelerator w/ DDoS protection in the upper plans all for HTTP(s). We are a DDoS Protection company, Load Balancer & providing HA tools for the full stack (TCP/UDP/HTTP(s)).
Oh, if we charged $200 per domain all that money
I'm still in discussion with some of the guys from that list, it may still be possible to net a couple supporting PoPs. The locations we have chosen however are major internet connection points, most peoples traffic goes through these locations anyway, and most game servers with latency sensitive requirements are based in these locations
Well the one good point you got there is they bill like $200 for layer 7 protection which is a lot more. Just saying that some more PoPs would help.
By charging a bit more I mean like +$5-15 (depending on the locations added, AU bandwidth for example is roughly 4 times the cost). But that would be a separate product line. We are targeting just above LET pricing for this.
If our discussions and capability testing go well we may trial adding Miami as an outlying PoP. Originally we did plan on 6 PoPs for this network but one fell through (additional EU PoP) so this could be a good match if all our requirements are met.
Adding Miami probably would be a good idea because there isn't any PoPs for eastern US.
@Edmond Ashburn (IAD) is Eastern US (~5ms from NY and a major entry/exit point for EU traffic).
Not that I am saying Miami wouldn't be an asset.
Perhaps you are seeing some non optimal route? Could you PM it to me?