Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    PHP-Friends (First-colo) vs Fastpipe (Combahton) DDOS Protection
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    PHP-Friends (First-colo) vs Fastpipe (Combahton) DDOS Protection

    Hello everyone,

    I am running a Hetzner server but I want to utilize the GRE tunneling concept to make use of the ddos protection offered by a different host.

    Now the Hetzner server is just for hosting a game server with a simple website running next to it. I've looked at PHP-Friends and Fastpipe for their VPS line-up that I could use for the GRE tunnel but I am not quite sure which host to choose.

    I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

    Is there a clear winner or will it not really matter?

    Greetings,
    Merlijn

    Comments

    • first-colo has been great. good value.

      Remember the value of LET is purely based on its traffic.

    • pikepike Member
      edited January 19

      They're both good hosts with very good firewalls, fastpipe is cheaper but you get less CPU share. About the GRE you may want to ask @combahton_it and @PHP_Friends

      Thanked by 1MerlijnD
    • RickBakkrRickBakkr Member, LIR

      MerlijnD said: I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

      There are other means to run a tunnel other than GRE, may GRE be blocked through an Anti-DDoS appliance. Think of say Wireguard (UDP based - so maybe also filtered out), or even an OpenVPN tunnel over TCP. (Anyone: feel free to DM me may you ever require assistance with such solution)

    • @RickBakkr said:

      MerlijnD said: I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

      There are other means to run a tunnel other than GRE, may GRE be blocked through an Anti-DDoS appliance. Think of say Wireguard (UDP based - so maybe also filtered out), or even an OpenVPN tunnel over TCP. (Anyone: feel free to DM me may you ever require assistance with such solution)

      Right, I understand. GRE just seemed the most appropriate one as I am not trying to achieve anything more than a simple tunnel.

    • pikepike Member

      You could also get a VPS with two IPs, one unprotected and one protected. BuyVM offers this with Voxility in Luxembourg.

    • I have had voxility in the past but we had the issue that sometimes voxility would kick random people connected to the server or drop certain countries completely. I don't know if this is still a thing.

      I mean I can also tunnel through OVH frankfurt. But I was just interested in Combahton and First colo.

    • PHP_FriendsPHP_Friends Member, Provider

      We don't drop GRE traffic, however it's a good idea to whitelist the GRE "partner" as such traffic might be rate-limited. Whitelisting can be done via our support.

      Thanked by 3pike MerlijnD vimalware
    • combahton_itcombahton_it Member, Provider

      Hi,

      just get a second ip with your server and run the GRE tunnel over that one. Our DDoS Filters block all GRE traffic by default.

      Thanked by 2pike vimalware

      combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

    • @PHP_Friends said:
      We don't drop GRE traffic, however it's a good idea to whitelist the GRE "partner" as such traffic might be rate-limited. Whitelisting can be done via our support.

      Thanks for your response!

      @combahton_it said:
      Hi,

      just get a second ip with your server and run the GRE tunnel over that one. Our DDoS Filters block all GRE traffic by default.

      Hi @combahton_it . Thanks for your reponse as well, but I dont quite get what you wrote. You mean get an extra IP when I rent a VPS from you and whitelist GRE?

    • combahton_itcombahton_it Member, Provider

      @MerlijnD said:
      Hi @combahton_it . Thanks for your reponse as well, but I dont quite get what you wrote. You mean get an extra IP when I rent a VPS from you and whitelist GRE?

      Yes, just get a second ip-address from us and run the GRE Tunnel over that. The attacker does not know that ip-address and there will be no DDoS-Filter active, which would block GRE.

      Thanked by 1MerlijnD

      combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

    • Right, right. I understand, this is how I am doing it currently with OVH and have done with BuyVM in the past. Thanks again for your response!

    • MerlijnDMerlijnD Member
      edited January 19

      @combahton_it Sorry last question but what is your mitigation capacity? Im mostly getting between 10-25 Gbit/s or 1-2Mpkts/s attacks.

    • combahton_itcombahton_it Member, Provider

      @MerlijnD said:
      @combahton_it Sorry last question but what is your mitigation capacity? Im mostly getting between 10-25 Gbit/s or 1-2Mpkts/s attacks.

      Depends on the attack, most traffic is filtered before it even hits our network - we could avertise basically the overall capacity of our upstreams or just the capacity of our inhouse filters, which is currently 250Gbit/s.

      Thanked by 1MerlijnD

      combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

    Sign In or Register to comment.