Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Anycast-as-a-service and DDoS protection
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anycast-as-a-service and DDoS protection

gbshousegbshouse Member, Host Rep
edited January 2014 in General

Hi Gals and Lads

As some of you probably know we are working on new service (codename Hydra) which will provide anycast-as-a-service.

The service will offer two modes:

  • regular anycast - you can rent one or more anycast IPs announced currently in three locations (Los Angeles, Chicago and Amsterdam) and route them via GRE to your existing server (later on we will add more locations, for sure Asia and second one in EU);

  • protected anycast - you can rent one or more anycast IPs announced currently in three locations (Los Angeles, Chicago and Amsterdam) and route them via GRE to your existing server, beside that you can buy dedicated DDoS protection (we are Staminus Channel Partner and have direct BGP sessions with them).

We are not sure about pricing yet but for sure:

  • regular anycast price will cover all locations,

  • protected anycast will combine regular anycast price plus DDoS protection.

Planned functionality:

  • GRE/IPIP tunnels,

  • BGP support (you can run quagga/bird and setup session with us even with /32),

  • possibility of announcing your own subnet,

  • IPv6 support

Current locations:

  • Amsterdam, Nikhef DC

  • Chicago, Digital Lakeside, 350 E Cermak Rd.

  • Los Angeles, CoreSite, 900 N. Alameda,

We have few ideas in mind but we want to know YOUR opinion first! Feel free to post ideas, comments or feature requests and we will do our best to include them.

Planned public launch date - second half of February 2014

Cheers
Peter

Thanked by 3Mark_R Asim dnom
«1

Comments

  • MunMun Member

    Ohh :D I want to try :D

  • AnthonySmithAnthonySmith Member, Patron Provider

    VERY interesting, I have been looking at the possibility of integrating your services in to LowEndSpirit.

  • shovenoseshovenose Member, Host Rep

    Interesting. This could be useful for a CDN, yes?

  • MunMun Member

    @shovenose said:
    Interesting. This could be useful for a CDN, yes?

    Not really, you would be better off using there GEODNS and multiple servers.

  • gbshousegbshouse Member, Host Rep

    @shovenose - yes, anycast is useful with CDN but depends from number of locations

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    @shovenose said:
    Interesting. This could be useful for a CDN, yes?

    Yes

  • shovenoseshovenose Member, Host Rep
    edited January 2014

    More locations than you could shake a stick at :) Edit: 100?

  • gbshousegbshouse Member, Host Rep

    @shovenose - with DNS we have 1.5 times more than CloudFlare, with Hydra the plan is for 5 locations total in 2014 and depending from customer feedback maybe more in 2015

  • JupiterJupiter Member
    edited January 2014

    I would appreciate if you could indicate use cases for such service or indicate some related articles. As i understand main use could be distributing DDoS attacks, build CDN network, IPv6 tunneling, GeoDNS etc. But there are such services already at very competitive prices.

  • I am very interested in this!

  • edited January 2014

    @Amfy and I were designing something like this at some point. We initially did not continue due to time constraints.

    When OVH pulled the trigger on affordable DDoS protection (and Online.net to follow) we never ever actually came back on continuing the idea (there were more, private, factors).

    At this point @joepie91 and I are working on a project for sharing more efficiently, which can't be DDoS'd by design anyway.

    Ontopic:
    From the tests @Amfy and I conducted, anycast was very efficient to filter DDoS.

    @gbshouse - why don't you provide small Xen or KVM boxes so people can route traffic themselves?

  • gbshousegbshouse Member, Host Rep
    edited January 2014

    @Jupiter - I'll try to write a little bit more tonight

    @MitchellRobert - in fact @Amfy is our team member :) we don't want to run our own vps/hosting services as it's the area for our customers and partners, we want to do network related services only

    Thanked by 1Zen
  • What about offering VPS or Dedi's services at each location instead of just GRE tunnels for our own

  • SetsuraSetsura Member
    edited January 2014

    @Ruchirablog said:
    What about offering VPS or Dedi's services at each location instead of just GRE tunnels for our own

    See:

    @gbshouse said:
    we don't want to run our own vps/hosting services as it's the area for our customers and partners, we want to do network related services only

    As for me, I'm pretty interested in this, if the pricing is right I can't wait to buy in. I assume I could buy for example a /28 or something? (With justification and such obviously) If so, any idea on IP pricing?

  • gbshousegbshouse Member, Host Rep

    @Ruchirablog

    gbshouse said: we don't want to run our own vps/hosting services as it's the area for our customers and partners, we want to do network related services only

  • @gbshouse Looks like we did it at the same time or something.

  • @gbshouse said:
    in fact Amfy is our team member :)

    I'm aware

    @gbshouse said:
    we don't want to run our own vps/hosting services as it's the area for our customers and partners, we want to do network related services only

    I assume you will allow GRE tunnels with different destination IP at different locations then?

  • gbshousegbshouse Member, Host Rep

    @MitchellRobert - yes, all GRE stuff will be self-configurable, we are even thinking about multiple tunnels per location

  • Nice product. I have the interest on it too.

  • Is there any place we can preorder for this anycast service?

  • I would love this.

  • Are you going to peer with the same provider in all three locations? If not then the routing could be a mess.

  • gbshousegbshouse Member, Host Rep

    @CNSjack - yes, we use the same provider for all locations

  • AmfyAmfy Member
    edited January 2014

    First of all, apologies, if my writing is a bit confusing or some detail is asking for mis-understandings, but I'm feeling quite ill :(

    Setsura said: I assume I could buy for example a /28 or something? (With justification and such obviously) If so, any idea on IP pricing?

    Yes, generally that is possible, however, justification will be checked very carefully by us.

    said: BGP support (you can run quagga/bird and setup session with us even with /32),

    As no one commented/asked about this, I want to explain at least a bit about the BGP support:

    There is no need for public ASN allocated by RIR, but you can request a private ASN from us either from the reserved 16bit or 32bit range - both should give us enough room to meet customer need. Of course you can not announce the /32 yourself to any other DC/provider than us, since it's just part of larger announcement from us like >/24. The announcement from you, in this case is only handled internally. As Piotr already wrote, if you have your own /24 or larger, a public announcement is also possible, feel free to contact us at any time.

    Why can BGP still be interesting for some of you guys?
    Imagine: You have a VPS in the US and one in Europe. You want to run some service that should be anycasted (like reachable under the same /32 IPv4 and should be routed to the closest server). Since anycast is useless, if there is no redundancy at all, just setting up GRE on all servers, there is the possibility to have one of your servers going down and we still route traffic in that direction... now with BGP the session would change its state and we stop routing traffic towards the faulty server within seconds.
    Besides that, it might be handy to use prependings or some BGP communities to control the /32 announcement. I'm sure you guys will be creative to find something we can implement for you :)

    (Yes, this can also be skipped using specific VPN tools, but at least not really possible with GRE - BGP is one of the nicest ways solving this)

  • I was going to ask about that, so thanks for confirming. Definitely interested now :)

  • gbshousegbshouse Member, Host Rep

    @Zen - never!

  • Also, do you maybe plan on providing DDoS filtering without anycast too? Preferably with GeoDNS on Rage4 because anycast can be too volatile for what it's worth in most cases.

  • gbshousegbshouse Member, Host Rep

    @Zen - we have connection to Staminus in US and EU - all current Hydra locations offer DDoS protection.

  • gbshousegbshouse Member, Host Rep

    @MitchellRobert - we can help you with getting protection directly from Staminus, if you do not need anycast then using our infrastructure makes no sense ...

  • Who provides the protection in Chicago? Last I heard Staminus is only in LA, NYC, and the Netherlands.

Sign In or Register to comment.