New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ddos attack and colocation
Hello everyone !
Newbie here and I have a few questions about ddos attacks with a full rack colocation. For example a server in the full rack is getting ddos attacked, does the other servers in the whole rack get affected aswell or only the targeted server? Because I want to know if it is better to have multiple small nodes or a few powerful nodes for a full rack colocation. Ty!!
Comments
It will be affected on the concerned target or ip only unless it is really a heavy attack that will affect the entire data center. If your data center has huge ddos protection capacity, then you are safe. You should verify this with your DC.
Ty jonesolutions!! let's say I have multiple vps on a dedi server and each vps has their own dedicated IP. Again if someone targets one VPS with dedicated IP, will all VPS on that dedi be affected?
I am glad your not a provider here, because your answer didn't take anything he asked into actual consideration at all.
If you are colocating your hardware and purchasing a full rack, in most cases you will supply your own networking equipment and power equipment as well. There are some cases where those spending this type of money decide to rely on the DC directly for network hardware, but generally if your are going for you own full rack your going to also have your own switches and maybe even routing gear as you are not going to want to pay to rent network equipment from the DC. As such, the answer to your question varies wildly based on your network setup.
If you have a 1Gbit drop to your switch / router that is then serving all the servers in your rack via that that uplink, then any attack that would equal or exceed 1Gbit would effectively take your whole rack down unless you have some type of DDOS mitigation equipment or an agreement with the DC you are in to filter / clean / null route traffic before it reaches your equipment. Same logic applies with a 10Gbit uplink, if the attack is equal to or exceeds the available link and there is no external protection, then all servers in the rack, connected through that uplink, will become unreachable until the IP being attacked is either null routed or some type of DDOS protection implemented.
Colocation is broadly different than just renting servers from a DC directly. When renting they will often provide their own 10Gbit uplink to their own network equipment in each rack and then connect each server in the rack with 1Gbit. They will then have hardware firewalls in place to automatically detect abuse against any single port which will either automatically null route the IP or instantiate any DDOS protection product they are using. Because they can afford to drop 10Gbit at each cabinet, they can also afford a small attack there before it actually starts to effect any other customers -- if you are just colocating at an entry level your most likely going to have a max 1Gbit to your rack to start with -- so with limited throughput it would be a lot easier to take your rack offline wich attacking just a single server and filling the full pipe.
The biggest thing though is cost of bandwidth in a situation where you are being attacked and don't have any type of protection in place or any agreement for automatic null routing -- failing to have these in place, as most DCs will bill at 95th percentile in most cases, you can see your bandwidth bill grow exponentially just from a small attack or in cases where you are provided an bandwidth allotment, burn through it and possibly exceed your allotment.
@1337 I wish there was an easier, more direct answer to your question, such as the one provided before me, but it will vastly depend on the choices you make when colocating regarding bandwidth, network equipment, DDOS protection hardware / options, etc.
my 2 cents.
Cheers!
I am glad that you provided the long version
Mine is just general which is why I mentioned capacity and the reason to contact his DC as only them can provide more details depending on their setup.
Great job!
Quick answer:
-Assuming you have a 1gbit internet
-Assuming DDOS attack is larger then 1gbit
-Assuming your datacenter only provides automatic null-routing
All servers are affected until your datacenter's null route kicks in (Blocking that specific server's IP from receiving the DDOS and internet).
Small or powerful nodes don't matter if your internet is clogged with a DDOS
(Explain like im five: Bigger and smaller toilets dont matter if the poop too big to go down the pipe)
Ty so much thelinuxbug and actavus!!
I ask about multiple small nodes or a few powerful nodes because I didn't know ddos attack can affect the whole rack. I thought about splitting into smaller server nodes because if someone attacks that server, all the other servers in the same rack will continue to run, but I guess that is not the case