Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


PHP-Friends (First-colo) vs Fastpipe (Combahton) DDOS Protection
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

PHP-Friends (First-colo) vs Fastpipe (Combahton) DDOS Protection

Hello everyone,

I am running a Hetzner server but I want to utilize the GRE tunneling concept to make use of the ddos protection offered by a different host.

Now the Hetzner server is just for hosting a game server with a simple website running next to it. I've looked at PHP-Friends and Fastpipe for their VPS line-up that I could use for the GRE tunnel but I am not quite sure which host to choose.

I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

Is there a clear winner or will it not really matter?

Greetings,
Merlijn

Comments

  • first-colo has been great. good value.

  • pikepike Veteran
    edited January 2020

    They're both good hosts with very good firewalls, fastpipe is cheaper but you get less CPU share. About the GRE you may want to ask @combahton_it and @PHP_Friends

    Thanked by 1MerlijnD
  • RickBakkrRickBakkr Member, Patron Provider, LIR

    MerlijnD said: I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

    There are other means to run a tunnel other than GRE, may GRE be blocked through an Anti-DDoS appliance. Think of say Wireguard (UDP based - so maybe also filtered out), or even an OpenVPN tunnel over TCP. (Anyone: feel free to DM me may you ever require assistance with such solution)

  • @RickBakkr said:

    MerlijnD said: I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?

    There are other means to run a tunnel other than GRE, may GRE be blocked through an Anti-DDoS appliance. Think of say Wireguard (UDP based - so maybe also filtered out), or even an OpenVPN tunnel over TCP. (Anyone: feel free to DM me may you ever require assistance with such solution)

    Right, I understand. GRE just seemed the most appropriate one as I am not trying to achieve anything more than a simple tunnel.

  • pikepike Veteran

    You could also get a VPS with two IPs, one unprotected and one protected. BuyVM offers this with Voxility in Luxembourg.

  • I have had voxility in the past but we had the issue that sometimes voxility would kick random people connected to the server or drop certain countries completely. I don't know if this is still a thing.

    I mean I can also tunnel through OVH frankfurt. But I was just interested in Combahton and First colo.

  • dataforestdataforest Member, Patron Provider

    We don't drop GRE traffic, however it's a good idea to whitelist the GRE "partner" as such traffic might be rate-limited. Whitelisting can be done via our support.

    Thanked by 3pike MerlijnD vimalware
  • jh_aurologicjh_aurologic Member, Patron Provider

    Hi,

    just get a second ip with your server and run the GRE tunnel over that one. Our DDoS Filters block all GRE traffic by default.

    Thanked by 2pike vimalware
  • @PHP_Friends said:
    We don't drop GRE traffic, however it's a good idea to whitelist the GRE "partner" as such traffic might be rate-limited. Whitelisting can be done via our support.

    Thanks for your response!

    @combahton_it said:
    Hi,

    just get a second ip with your server and run the GRE tunnel over that one. Our DDoS Filters block all GRE traffic by default.

    Hi @combahton_it . Thanks for your reponse as well, but I dont quite get what you wrote. You mean get an extra IP when I rent a VPS from you and whitelist GRE?

  • jh_aurologicjh_aurologic Member, Patron Provider

    @MerlijnD said:
    Hi @combahton_it . Thanks for your reponse as well, but I dont quite get what you wrote. You mean get an extra IP when I rent a VPS from you and whitelist GRE?

    Yes, just get a second ip-address from us and run the GRE Tunnel over that. The attacker does not know that ip-address and there will be no DDoS-Filter active, which would block GRE.

    Thanked by 1MerlijnD
  • Right, right. I understand, this is how I am doing it currently with OVH and have done with BuyVM in the past. Thanks again for your response!

  • MerlijnDMerlijnD Member
    edited January 2020

    @combahton_it Sorry last question but what is your mitigation capacity? Im mostly getting between 10-25 Gbit/s or 1-2Mpkts/s attacks.

  • jh_aurologicjh_aurologic Member, Patron Provider

    @MerlijnD said:
    @combahton_it Sorry last question but what is your mitigation capacity? Im mostly getting between 10-25 Gbit/s or 1-2Mpkts/s attacks.

    Depends on the attack, most traffic is filtered before it even hits our network - we could avertise basically the overall capacity of our upstreams or just the capacity of our inhouse filters, which is currently 250Gbit/s.

    Thanked by 1MerlijnD
Sign In or Register to comment.