All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is DDoS scrubbing/filtering legit or junk at the $3-49/month?
Curious, do you feel the DDoS filtering you are getting from your current provider/host is working up to your expectations of how it should protect your server? I am referring to any vps/ded/colo that costs $3-49/month?
We have been looking into adding DDoS protection to our network for colo/ded/vps. Every solution costs 10-20k/mo or 150k+ for equipment purchases. We own all our equipment/servers. So we try to build our own services as we need them to keep costs down, as most do.
I can see how some VPS only providers would rent a server from a company who already offers ddos protection and then you just offer that same solution to each of your clients. So this is one way.
It becomes a much harder problem when you own your own suite and equipment. Oplink.net has been growing year after year. We started with 1 > 8 racks in the open white space area inside the Level3 Houston DC and moved into a suite with 21 racks. A couple years later we knocked a wall down and added 10 more racks.
Here are some options we have looked into already:
1. Level3 Scrubbing direct with our uplink (way too expensive)
2. Cloudflare magic transit
3. Purchasing a Cisco 9000 with a VSM module, (seems to be hitting EOL and costly)
4. Talked with Corero this morning, waiting on prices.
From my understanding Cloudflare & Facebook both use XDP and eBPF Prototype Kernel, with custom kernels built in house. Creating a linux ddos filter that uses xdp/BPF solution. Has anyone experimented with this?
Does anyone have any recommendations for us to check into? Something affordable ?
Thanks,
Ryan
Comments
Do you have the Tbit of network capacity to handle this?
You can't filter 100Gbit of DDOS on a single 10gig port.
Francisco
We have a 100G uplink with Level3. Each rack has 10G.
We have our own in house mitigation platform that uses Intel DPDK with eBPF rules. Works much better than any Corero or Riorey devices we've used, and not to mention much cheaper.
That won’t be sufficient. 100G of bad traffic is fairly easy to generate from all the IP Cameras, fridges, toasters, routers and dumb TVs out there sadly.
With 100G pipe you will be able to stop small attacks but if someone really wants to knock the service offline. 100G isn't much in nowadays.
But it could work for small attacks. Just will need to let people know that "we won't be able to stop everything".
100G, hah!
is that they will say.
It depends on what you want to offer, just some basic scrubbing you can sell Ips with for a few $? Then use whoever you can get cheapest. It won't be good but it will achieve the technical definition, which is all you need for marketing.
Want to actually mitigate 90%+ of real attacks? Be prepared to invest heavily or work with someone who has.
Deploying your own on site hardware only really makes sense if you already have the bandwidth (i.e you already have 100G+ of egress, and have a light ingress load doing nothing). In any other circumstance remote network protection is your best bet.
Unfortunately not enough these days