Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Best Anti-DDoS Solution for Hosting Provider?
New on LowEndTalk? Please Register and read our Community Rules.

Best Anti-DDoS Solution for Hosting Provider?

sandozsandoz Member

Hi.

We are looking for a good anti-ddos Solution, we want a good solution. Doesn't need to BE perfect.

Being able to filter most commons attacks, and that ensures some stability in filtering, blocking, preventing.

The budget is not high, we are a small / médium hosting provider. We need something that guaraantes being reliable.

What you recommend? Hardware based but which One? Or other solution?

I know anti-ddos isn't cheap, we are looking for the best affordable one. Doesn't mean that needs to BE cheap cheap. But Acceptable for our conditions in terms of number clients.

So, anyone to recommend one?
Thank you

Comments

  • stefemanstefeman Member
    edited April 18

    Remote protection for ASN or via tunnel is probly best for you.

    Path.net
    OVH Anti-DDoS for networks
    Cloudflare Magic Transit
    Voxility anti-ddos
    Colt IP Guardian

    Just to name a few. Ideally you should consult to your colocation datacenter and ask which options are available at discount and which options they suggest to you. They can usually offer a better deal rather than having to contact the protection provider directly.

    Thanked by 1mrTom
  • sandozsandoz Member

    @stefeman said:
    Remote protection for ASN or via tunnel is probly best for you.

    Path.net
    OVH Anti-DDoS for networks
    Cloudflare Magic Transit
    Voxility anti-ddos
    Colt IP Guardian

    Just to name a few. Ideally you should consult to your colocation datacenter and ask which options are available at discount and which options they suggest to you. They can usually offer a better deal rather than having to contact the protection provider directly.

    We have own datacenter..
    We need something that can be affordable, Stable.

  • @sandoz said:
    We have own datacenter..
    We need something that can be affordable, Stable.

    Can recommend Voxility. Sometimes their routing is not the best (like my internal hops) but very stable for years.

  • sandozsandoz Member

    @webcraft said:

    @sandoz said:
    We have own datacenter..
    We need something that can be affordable, Stable.

    Can recommend Voxility. Sometimes their routing is not the best (like my internal hops) but very stable for years.

    We have Voxility provided by our partners, not directly from Peering from our datacenter.
    Do you think it is the reason why Voxility is not scrubbing the traffic?

    Corero seems a good solution, unfortunately I don't know their prices.

  • dfroedfroe Member, Provider

    @sandoz said: [...] unfortunately I don't know their prices.

    Ask them. That's why they have sales representatives. ;)

    Do you have large enough pipes towards your transit providers or/and possibilities to send filters via BGP, OpenFlow or similiar?
    Otherwise an inhouse AntiDDoS will most likely make no sense as someone will simply saturate your internet uplink and scrubbing traffic behind that bottlenock won't help much to reduce the flood.

    it-df.net: IT-Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

  • pierrepierre Member

    Where is your datacenter located? I'd recommend looking for something that has a close POP to you.

    Path.net & Voxility might be your best bet as CF MT is pricey as hell and timeouts like no other.

  • Try Path.net

  • @sandoz said:

    @webcraft said:

    @sandoz said:
    We have own datacenter..
    We need something that can be affordable, Stable.

    Can recommend Voxility. Sometimes their routing is not the best (like my internal hops) but very stable for years.

    We have Voxility provided by our partners, not directly from Peering from our datacenter.
    Do you think it is the reason why Voxility is not scrubbing the traffic?

    I don't know, they're sitting right in front of me at eshalter in FRA, everything is smooth. IP addresses come from DC provider directly with Voxility integrated.

  • ClouviderClouvider Member, Provider

    Depending on your definition of affordable (you mentioned you run your own datacenter), I recommend Corero, you won’t look at anything by else when you’re with them :-)

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • sandozsandoz Member

    @Clouvider said:
    Depending on your definition of affordable (you mentioned you run your own datacenter), I recommend Corero, you won’t look at anything by else when you’re with them :-)

    Yes, I understand Im looking for corero.

    When I say affordable, I'm saying something we can afford monthly.

    For example lets say we can pay 5000€ One time, but we can afford that every single month, not because of us, but because we can't afford such payments monthly. (Just an example)

    We have been target by large attacks, and that are making us losing customers, and is a headache.

    Thanks I will take a look in Corero seems interesting

  • 5000€ wont get you full corero equipment. If you want to setup inhouse anti-ddos your gonna need to increase your budget.

    Unless you buy second hand equipment.

  • markdmarkd Member, Provider

    I've heard some good things about Path.Net protection, but I'm not really a big fan of a system. I always prefer an on-premises system.

  • telimptelimp Member
    edited April 19

    Take a look on Wanguard 8.0 - is in your budget and depends on the pipe that you have and the settings, you can compare it with Corero.( is at Corero's level)

  • telimptelimp Member
    edited April 19

    @sandoz said: Do you think it is the reason why Voxility is not scrubbing the traffic?

    Voxility work fine at L4 , at L7 allmost not at all. ( same as Arbor,Radware,Corero...)

    @sandoz said: provided by our partners

    • depending from the contract between partner and Voxility - you can have "not scrubbing the traffic"
  • DataIdeas-JoshDataIdeas-Josh Member, Provider

    @sandoz look into Path.net
    Corero is nice and all but on the small side your looking at $60K+ plus $10K annual.
    Corero has some nice hardware/software though so you are paying for something that is nice.
    Highly recommend Path.net Let them know that DataIdeas-Josh sent you.

    Alien Data: VPS and Colo Based In Texas, Unmetered Bandwidth.
    RPIServers: Dedicated Micro Servers - Micro Colo - Unmeterd Bandwidth

  • sandozsandoz Member

    @DataIdeas-Josh said:
    @sandoz look into Path.net
    Corero is nice and all but on the small side your looking at $60K+ plus $10K annual.
    Corero has some nice hardware/software though so you are paying for something that is nice.
    Highly recommend Path.net Let them know that DataIdeas-Josh sent you.

    That is to high for us, unfortunately..

  • CourvixCourvix Member

    +1 for Path

    Even better if you can also use their bidirectional filtering which will pretty much make any attack with out of state packets useless.

    And for new connections, they have some layer 7 filters for FiveM, MCPE, Source, and an excellent syn proxy.

  • combahton_itcombahton_it Member, Provider

    Feel free to get in touch with me, we offer our self developed flowShield appliance for inhouse usage, which mitigates over 12k attacks per month.

    Thanked by 1webcraft

    combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

  • CConnerCConner Member, Provider
    edited April 21

    Keep in mind that the various variants of Flowspec or Wanguard are not on the same playing field as hardware solutions and thus, in my optinion, should not be compared to each other.

    If you are going to implement any anti DDoS solution you need plenty excess capacity to not get your uplink saturated by the DDoS attack. Renting space or servers from a provider that has a good system in place is always the better move if you are not operating at sufficient scale vs trying to set it up yourself.

    If you are looking for Corero protected transit or dedicated servers in Amsterdam, Frankfurt or London, feel free to DM me. We have just launched our new site in Amsterdam and will be working on the others in the next few weeks. Each site has over 100 Gbit/s of always-on DDoS protection, and because its an anycast network we can deliver over a total of 1.4 Tbit/s of Corero DDoS protection.

    GameDash, an AIO solution uniting billing, support & game server management.
    Visit our website or join our Discord to find out more.

  • @CConner said:
    Keep in mind that the various variants of Flowspec or Wanguard are not on the same playing field as hardware solutions and thus, in my optinion, should not be compared to each other.

    If you are going to implement any anti DDoS solution you need plenty excess capacity to not get your uplink saturated by the DDoS attack. Renting space or servers from a provider that has a good system in place is always the better move if you are not operating at sufficient scale vs trying to set it up yourself.

    If you are looking for Corero protected transit or dedicated servers in Amsterdam, Frankfurt or London, feel free to DM me. We have just launched our new site in Amsterdam and will be working on the others in the next few weeks. Each site has over 100 Gbit/s of always-on DDoS protection, and because its an anycast network we can deliver over a total of 1.4 Tbit/s of Corero DDoS protection.

    What is the name of your network and/or company and ASN number? Do you offer colocation and/or server renting and if so, for how much?

  • CConnerCConner Member, Provider
    edited April 21

    @stefeman said:

    @CConner said:
    Keep in mind that the various variants of Flowspec or Wanguard are not on the same playing field as hardware solutions and thus, in my optinion, should not be compared to each other.

    If you are going to implement any anti DDoS solution you need plenty excess capacity to not get your uplink saturated by the DDoS attack. Renting space or servers from a provider that has a good system in place is always the better move if you are not operating at sufficient scale vs trying to set it up yourself.

    If you are looking for Corero protected transit or dedicated servers in Amsterdam, Frankfurt or London, feel free to DM me. We have just launched our new site in Amsterdam and will be working on the others in the next few weeks. Each site has over 100 Gbit/s of always-on DDoS protection, and because its an anycast network we can deliver over a total of 1.4 Tbit/s of Corero DDoS protection.

    What is the name of your network and/or company and ASN number? Do you offer colocation and/or server renting and if so, for how much?

    We utilize GSL Networks ( https://www.peeringdb.com/net/16620 ) for our connectivity and DDoS protection. GSL and us are located in Equinix AM5, FR5 and LD8. GSL's network is completely unrivalled when it comes to DDoS protection and latency, primarily because they operate tons of locations around the world.

    We'd be happy to discuss options for racks in AM5, FR5 or LD8 and can offer you shared colocation in AM5.

    Because we are a game server hosting provider at heart, we have plenty of powerful hardware available (we even run watercooled, overclocked hardware) for renting. Send us your request and we can definitely find the right solution for you. We have plenty cqpacity as we have just finished setting our all-Juniper network core with 400 Gbit/s of total capacity in AM5.

    GameDash, an AIO solution uniting billing, support & game server management.
    Visit our website or join our Discord to find out more.

  • I would suggest you to inquire with following DDOS services:
    1. Cloudflare
    2. Link11
    3. Nexusguard

  • royal_oakroyal_oak Member
    edited April 21

    @CConner said:
    Keep in mind that the various variants of Flowspec or Wanguard are not on the same playing field as hardware solutions and thus, in my optinion, should not be compared to each other.

    If you are going to implement any anti DDoS solution you need plenty excess capacity to not get your uplink saturated by the DDoS attack. Renting space or servers from a provider that has a good system in place is always the better move if you are not operating at sufficient scale vs trying to set it up yourself.

    Could you please explain that a bit further? Of course one need enough capacity to handle high volumetric attacks but that is what bgp flowspec is designed for when you don't have access to some 100g backbones.

    Is there that much difference between hardware appliances from like arbor networks or commodity hardware equipped with NICs which can do in-nic filtering? I'm not sure but I guess that arbor and co. don't build the components for their appliances inhouse.

Sign In or Register to comment.