New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
We have our share of attacks too, network is not separated here and has the potential to affect big customers, therefore we have to watch it all the time and have spare, non-commit capacities for these cases. When amplification attacks with more than 20 gb hit, those take over some of that until we sort it out (usually a few minutes).
However, individual nodes are dead in the water in all this time, since 1 gbps NIC will not take 20+ gbps in no way shape or form.
Uncle was very concerned about this and put some tools in place for me to watch from the very beginning, we now hove 24/7 coverage, more or less, when a human is available to look over it.
Keep in mind it could also be a local DDoS.
Oh yes, DNS amplification is a very annoying problem for todays hosting providers - TCP attacks nearly ceased to exist or are easily done by local null (largest i've seen was around 6G TCP) but DNS reflection (and now more common, Teamspeak and GoldSrc servers) are very heavy (largest to date i've seen was large enough to cause massive packetloss on HEs FRA-PRA-VIE 100G/40G transport circuit and for most HE customers in Austria and CZ, possibly also for further HE locations in Europe)
Haha, depends on subject, i have my issues ironically more with basic things (', an/a, sentence building, it just makes not much sense when you use mainly German all day) but on technical stuff it's pretty good i guess (German also uses many English words unlike for example French). Whenever possible i prefer to use English, but i am simply working in the wrong country to use it as main language ;o
Let me provide some more infos...
We had 10G tech in use before this as well.
The core is in Vienna and we utilize a longhaul DWDM (L2, rented) link to a main site in Graz where 2 locations in Graz (soon 3) are connected and maintain 2 locations in Vienna over CWDM (Vienna, own equipment). This was merely an in-place upgrade of an existing upstream (Retn.net, our main one) that also consisted of some background work (routing wise) to improve the network stability and resilience against DDoS attacks and traffic spikes as well as some small peering changes/additions on VIX. While doing this most of the HE routing has been removed as well, first for IPv4 and soon for IPv6.
So far it has been proven successful a few times already with local nullroutes for DDoS targets, at no serious disturbance of the network (1-3% packetloss while the attack was spiking heavily, no downtime).
We do not run darkfiber currently as it makes no economical sense, a C/DWDM wave can be easily used for 10G (40G common as well, Infinera equipment mainly) and even a lot of these are by far cheaper than a darkfiber link (GRZ-VIE is repeated x4, which means power/ac/space costs and there is not much demand here for transport, so we'd have to mainly use it alone or resell it to a Slovenian ISP for backhaul usage).
Our datacenter in Vienna runs a redundant darkfiber ring between the DC and InterXion (which is the main carrier hotel in Austria) where we use dark CWDM waves to connect to our private patchpanel in InterXion and from there to our transport and upstream carriers (partly) over some equipment colo'd there.
There's a posting here on LET somewhere from the move to Vienna where i explained some parts a bit more detailed if you want to search, or just ask. (Theres also wiki.edis.at that needs some Content, but i am not very good (ha, the irony again) at translating that to German so probably not writing it down for it.)