Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Voxility, create GRE tunnel?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Voxility, create GRE tunnel?

jmginerjmginer Member, Patron Provider

Hi, I want create a GRE tunnel in a Voxility antiDDoS server and filter my traffic in other locations,

anybody has tried?

Seems his antiDDoS is only available in Romania?

Thanks!

Comments

  • The DDoS Protection is available on their other Locations too as i know.

  • @IxamHosting do you provide dedicated offers?

  • NyrNyr Community Contributor, Veteran
    edited November 2013

    Yeah, you can do that, I can't see why not.

    Not sure, but they probably offer the DDoS protection at their other locations too, since much of their capacity isn't local to Romania.

    Anyway, ask them.

  • WilliamWilliam Member
    edited November 2013

    and, if the attacker knows that, he can just ddos your real network or your upstream to sh*t entirely avoiding the protection.

    Thanked by 1tr1cky
  • SplitIceSplitIce Member, Host Rep
    edited November 2013

    It is not possible to GRE out BGP for announcements to third parties from servers at Voxility. They make good money off recurring announcement fee's so it will most likely never possible. They also have a more expensive / enterprise upstream protection program and allowing BGP over GRE is one of its selling points. http://www.voxility.com/shop/security/anti-ddos/isp

    EDIT: I see now it is possible to get some form of BGP access on new setups (from their wholesale page), I don't recall that being an option 6-12mo ago.

    There is no problem with GRE/IPIP, you may need to make tweaks to firewall rules in the DC level filter as well as any level 2 hardware you are leasing / colocating (such as the Rioreys in our setup).

    If you plan on going Voxility direct you will most likely need something to act as a level 2 filter. Their filter either has to run on a "high" (and be over sensitive) rulset or "low" and let floods through. The best approach we have found is low + rioreys. Now we see patterns like (http://puu.sh/5gxA5.png) for many floods. Rioreys handle detection and mitigation of complex patterns but most of the time as can be seen with those spikes they can be used to create blocklists for the upstream firewall. You will need to develop these rules and interface yourself if you choose to go down that path.

    Thanked by 1XIAOSpider97
  • MaouniqueMaounique Host Rep, Veteran

    Voxility upgraded their DDoS protection in the last months (dont remember exactly, could have been 6 months since). They have own solution, built inhouse by directly programming some ASICs. It is expected to go better in time as they can see patterns and adapt on the go while with most hardware tools you are limited in some ways at least.

  • SplitIceSplitIce Member, Host Rep
    edited November 2013

    ASICs are not that flexible ASICS are set at the time they are cast, unless you are referring to FFPGA's (or kin) which are not ASICs. Software is far more flexible. ASICs are performant.

  • WilliamWilliam Member
    edited November 2013

    Hm, own ASICs, that will be nicely easy to circumvent - They don't have the knowledge for that.

    I doubt it's FPGA, not very fast with currently available hardware unless you design a lot yourself.

Sign In or Register to comment.