New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
PHP-Friends (First-colo) vs Fastpipe (Combahton) DDOS Protection
Hello everyone,
I am running a Hetzner server but I want to utilize the GRE tunneling concept to make use of the ddos protection offered by a different host.
Now the Hetzner server is just for hosting a game server with a simple website running next to it. I've looked at PHP-Friends and Fastpipe for their VPS line-up that I could use for the GRE tunnel but I am not quite sure which host to choose.
I am also not quite sure about fastpipe because in their ddos schutz page it says that it will block GRE protocol during a ddos?
Is there a clear winner or will it not really matter?
Greetings,
Merlijn
Comments
first-colo has been great. good value.
They're both good hosts with very good firewalls, fastpipe is cheaper but you get less CPU share. About the GRE you may want to ask @combahton_it and @PHP_Friends
There are other means to run a tunnel other than GRE, may GRE be blocked through an Anti-DDoS appliance. Think of say Wireguard (UDP based - so maybe also filtered out), or even an OpenVPN tunnel over TCP. (Anyone: feel free to DM me may you ever require assistance with such solution)
Right, I understand. GRE just seemed the most appropriate one as I am not trying to achieve anything more than a simple tunnel.
You could also get a VPS with two IPs, one unprotected and one protected. BuyVM offers this with Voxility in Luxembourg.
I have had voxility in the past but we had the issue that sometimes voxility would kick random people connected to the server or drop certain countries completely. I don't know if this is still a thing.
I mean I can also tunnel through OVH frankfurt. But I was just interested in Combahton and First colo.
We don't drop GRE traffic, however it's a good idea to whitelist the GRE "partner" as such traffic might be rate-limited. Whitelisting can be done via our support.
Hi,
just get a second ip with your server and run the GRE tunnel over that one. Our DDoS Filters block all GRE traffic by default.
Thanks for your response!
Hi @combahton_it . Thanks for your reponse as well, but I dont quite get what you wrote. You mean get an extra IP when I rent a VPS from you and whitelist GRE?
Yes, just get a second ip-address from us and run the GRE Tunnel over that. The attacker does not know that ip-address and there will be no DDoS-Filter active, which would block GRE.
Right, right. I understand, this is how I am doing it currently with OVH and have done with BuyVM in the past. Thanks again for your response!
@combahton_it Sorry last question but what is your mitigation capacity? Im mostly getting between 10-25 Gbit/s or 1-2Mpkts/s attacks.
Depends on the attack, most traffic is filtered before it even hits our network - we could avertise basically the overall capacity of our upstreams or just the capacity of our inhouse filters, which is currently 250Gbit/s.