New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best Anti-DDoS Solution for Hosting Provider?
Hi.
We are looking for a good anti-ddos Solution, we want a good solution. Doesn't need to BE perfect.
Being able to filter most commons attacks, and that ensures some stability in filtering, blocking, preventing.
The budget is not high, we are a small / médium hosting provider. We need something that guaraantes being reliable.
What you recommend? Hardware based but which One? Or other solution?
I know anti-ddos isn't cheap, we are looking for the best affordable one. Doesn't mean that needs to BE cheap cheap. But Acceptable for our conditions in terms of number clients.
So, anyone to recommend one?
Thank you
Comments
Remote protection for ASN or via tunnel is probly best for you.
Path.net
OVH Anti-DDoS for networks
Cloudflare Magic Transit
Voxility anti-ddos
Colt IP Guardian
Just to name a few. Ideally you should consult to your colocation datacenter and ask which options are available at discount and which options they suggest to you. They can usually offer a better deal rather than having to contact the protection provider directly.
We have own datacenter..
We need something that can be affordable, Stable.
Can recommend Voxility. Sometimes their routing is not the best (like my internal hops) but very stable for years.
We have Voxility provided by our partners, not directly from Peering from our datacenter.
Do you think it is the reason why Voxility is not scrubbing the traffic?
Corero seems a good solution, unfortunately I don't know their prices.
Ask them. That's why they have sales representatives.
Do you have large enough pipes towards your transit providers or/and possibilities to send filters via BGP, OpenFlow or similiar?
Otherwise an inhouse AntiDDoS will most likely make no sense as someone will simply saturate your internet uplink and scrubbing traffic behind that bottlenock won't help much to reduce the flood.
Where is your datacenter located? I'd recommend looking for something that has a close POP to you.
Path.net & Voxility might be your best bet as CF MT is pricey as hell and timeouts like no other.
Try Path.net
I don't know, they're sitting right in front of me at eshalter in FRA, everything is smooth. IP addresses come from DC provider directly with Voxility integrated.
Depending on your definition of affordable (you mentioned you run your own datacenter), I recommend Corero, you won’t look at anything by else when you’re with them :-)
Yes, I understand Im looking for corero.
When I say affordable, I'm saying something we can afford monthly.
For example lets say we can pay 5000€ One time, but we can afford that every single month, not because of us, but because we can't afford such payments monthly. (Just an example)
We have been target by large attacks, and that are making us losing customers, and is a headache.
Thanks I will take a look in Corero seems interesting
5000€ wont get you full corero equipment. If you want to setup inhouse anti-ddos your gonna need to increase your budget.
Unless you buy second hand equipment.
I've heard some good things about Path.Net protection, but I'm not really a big fan of a system. I always prefer an on-premises system.
Take a look on Wanguard 8.0 - is in your budget and depends on the pipe that you have and the settings, you can compare it with Corero.( is at Corero's level)
Voxility work fine at L4 , at L7 allmost not at all. ( same as Arbor,Radware,Corero...)
@sandoz look into Path.net
Corero is nice and all but on the small side your looking at $60K+ plus $10K annual.
Corero has some nice hardware/software though so you are paying for something that is nice.
Highly recommend Path.net Let them know that DataIdeas-Josh sent you.
That is to high for us, unfortunately..
+1 for Path
Even better if you can also use their bidirectional filtering which will pretty much make any attack with out of state packets useless.
And for new connections, they have some layer 7 filters for FiveM, MCPE, Source, and an excellent syn proxy.
Feel free to get in touch with me, we offer our self developed flowShield appliance for inhouse usage, which mitigates over 12k attacks per month.
Keep in mind that the various variants of Flowspec or Wanguard are not on the same playing field as hardware solutions and thus, in my optinion, should not be compared to each other.
If you are going to implement any anti DDoS solution you need plenty excess capacity to not get your uplink saturated by the DDoS attack. Renting space or servers from a provider that has a good system in place is always the better move if you are not operating at sufficient scale vs trying to set it up yourself.
If you are looking for Corero protected transit or dedicated servers in Amsterdam, Frankfurt or London, feel free to DM me. We have just launched our new site in Amsterdam and will be working on the others in the next few weeks. Each site has over 100 Gbit/s of always-on DDoS protection, and because its an anycast network we can deliver over a total of 1.4 Tbit/s of Corero DDoS protection.
What is the name of your network and/or company and ASN number? Do you offer colocation and/or server renting and if so, for how much?
We utilize GSL Networks ( https://www.peeringdb.com/net/16620 ) for our connectivity and DDoS protection. GSL and us are located in Equinix AM5, FR5 and LD8. GSL's network is completely unrivalled when it comes to DDoS protection and latency, primarily because they operate tons of locations around the world.
We'd be happy to discuss options for racks in AM5, FR5 or LD8 and can offer you shared colocation in AM5.
Because we are a game server hosting provider at heart, we have plenty of powerful hardware available (we even run watercooled, overclocked hardware) for renting. Send us your request and we can definitely find the right solution for you. We have plenty cqpacity as we have just finished setting our all-Juniper network core with 400 Gbit/s of total capacity in AM5.
I would suggest you to inquire with following DDOS services:
1. Cloudflare
2. Link11
3. Nexusguard
Could you please explain that a bit further? Of course one need enough capacity to handle high volumetric attacks but that is what bgp flowspec is designed for when you don't have access to some 100g backbones.
Is there that much difference between hardware appliances from like arbor networks or commodity hardware equipped with NICs which can do in-nic filtering? I'm not sure but I guess that arbor and co. don't build the components for their appliances inhouse.
我建议您咨询以下 DDOS 服务:
1. Cloudflare
2. Link11
3. Nexusguard