It looks like you're new here. If you want to get involved, click one of these buttons!
Hi, I want create a GRE tunnel in a Voxility antiDDoS server and filter my traffic in other locations,
anybody has tried?
Seems his antiDDoS is only available in Romania?
The DDoS Protection is available on their other Locations too as i know.
|Ixam-Hosting.com - Offshore VPS
@IxamHosting do you provide dedicated offers?
Yeah, you can do that, I can't see why not.
Not sure, but they probably offer the DDoS protection at their other locations too, since much of their capacity isn't local to Romania.
Anyway, ask them.
OpenVPN installer | WireGuard installer
and, if the attacker knows that, he can just ddos your real network or your upstream to sh*t entirely avoiding the protection.
It is not possible to GRE out BGP for announcements to third parties from servers at Voxility. They make good money off recurring announcement fee's so it will most likely never possible. They also have a more expensive / enterprise upstream protection program and allowing BGP over GRE is one of its selling points. http://www.voxility.com/shop/security/anti-ddos/isp
EDIT: I see now it is possible to get some form of BGP access on new setups (from their wholesale page), I don't recall that being an option 6-12mo ago.
There is no problem with GRE/IPIP, you may need to make tweaks to firewall rules in the DC level filter as well as any level 2 hardware you are leasing / colocating (such as the Rioreys in our setup).
If you plan on going Voxility direct you will most likely need something to act as a level 2 filter. Their filter either has to run on a "high" (and be over sensitive) rulset or "low" and let floods through. The best approach we have found is low + rioreys. Now we see patterns like (http://puu.sh/5gxA5.png) for many floods. Rioreys handle detection and mitigation of complex patterns but most of the time as can be seen with those spikes they can be used to create blocklists for the upstream firewall. You will need to develop these rules and interface yourself if you choose to go down that path.
Voxility upgraded their DDoS protection in the last months (dont remember exactly, could have been 6 months since). They have own solution, built inhouse by directly programming some ASICs. It is expected to go better in time as they can see patterns and adapt on the go while with most hardware tools you are limited in some ways at least.
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
ASICs are not that flexible ASICS are set at the time they are cast, unless you are referring to FFPGA's (or kin) which are not ASICs. Software is far more flexible. ASICs are performant.
Hm, own ASICs, that will be nicely easy to circumvent - They don't have the knowledge for that.
I doubt it's FPGA, not very fast with currently available hardware unless you design a lot yourself.