All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
X4B Announces 100G Anycast based protection
Hi all,
Sorry this is a bit late. I have been waiting for response to a PM to the moderation staff for 3 weeks now without response. I dont see anything in the rules prohibiting industry announcements for non-VPS services but I know the staff can dislike this content. After 3 weeks of waiting, I will just post it and wait and see.
We at X4B are pleased to announce the public availability of Anycast based remote protection services with a 100 Gbps/140 Mpps protection limit. It took us a bit longer than expected, but its finally ready for public consumption. No pricing details for LET peeps since we aren't a VPS / Dedicated server provider (rules). So purely technical talk
Available with backend delivery in Chicago, Denver and L.A locations with these three networks forming the current Anycast PoPs and distributed filtering locations.
This is a multi-homed network with bandwidth from Zayo, Cogent, Comcast and Tinet. 100Gbps should be available for all attacks given the capacity available on individual links (reasonable assurity). There is more than enough capacity
We have successfully tested with the assistance of our upstream network some really jaw dropping attacks, some artificial ones as large as 50Gbps and one for a customer on the network hit 90Gbps.
Type: TCP Invalid Packet (bad hdr length 0 - too short, < 20)
L.A - [Sun Nov 23 22:27:06 PST 2014] Network usage: 3097 Kpps, 47686 Mbps
Chicago - [Sun Nov 23 22:27:10 PST 2014] Network usage: 3818 Kpps, 26346 Mbps
Denver - [Sun Nov 23 22:27:03 PST 2014] Network usage: 2165 Kpps, 19464 Mbps
There is still much more planned for the future, including:
Optional delivery to your own servers based on the Anycast PoP doing the filtering. As opposed to our network backhauling to a single location.
Automated Partial Null-routes: Currently null-routes affect all routes to an IP across all PoPs, we hope to automate partial nullrouting to help you stay mostly online with attacks with a sum greater than 100Gbps.
More filtering Points of Presence are planned. But sssh, more at a later date :P
Comments
On a related note, I was going to hand out a coupon with this announcement. I don't want to step on any toes so haven't. But if you comment asking for it, I'll shoot you a PM.
Yeh, me need coupon
Looks good, I want one too
Please move to offer category
I'd like a coupon too!
@0xdragon, I specifically am trying to make it an announcement and not an offer, to not step on any toes. Of course if a moderator thinks differently, they can move it (and feel free to contact me / reply to that PM).
@sonic @seraphkz @0xdragon coupons going out now.
So wait, how does this work? Are you offering 1 IP address to GRE tunnel or VPSes in these locations?
Can i have one coupon please.
@black
We provide a filtered IP address, this IP address is filtered by our hardware.
Using our interface you can select which ports / port ranges / entire protocols (TCP / UDP) to forward.
You can select to receive these ports / ranges / dmz's at your backend (i.e vps) via either a tunnel (GRE/IP-in-IP), Reverse Proxy or IPSec + L2TP vpn.
The process isnt terribly complex, even for example setting up the GRE/IP-in-IP tunnel on either FreeBSD or Linux is automated and a script is provided for automated installation of the tunnel on your backend server. We also have full support for Windows Backends via tunnels with this system
FYI From the interface you can also select HTTP/HTTPS style ports for Layer7 mitigation, and HTTP features like SSL Termination, Edge Caching, SPDY, OCSP Stapling, HTTP optimized TCP Fast Open etc. All that web goodness.
@SplitIce
Hi again, is IPv6 Supported yet?
@Stevie Sorry not currently. We have it supported in a lot of areas, including most aspects of the mitigation.
Unfortunately however, some of the software we use still needs to be upgraded for support (i.e p0f). While we intend to do this work (and we have already done so for some of the software) its currently a lower priority - the need for IPv6 protection is still relatively low (rarity of attacks & low % of use).
Is the DC for mitigation, Sharktech?
@nexmark Yes Sharktech is the Network Provider.
We have a unique relationship with Sharktech for our offers (don't confuse this with their offers).
May I please have a coupon?
@matthewvz Of course you may, what lovely manners.
Coupon for me, please?
And to the thoughtful person who DDoS'ed the home page (16G+ SSDP Amp). One of the IPs used for our site (for US visitors only) is not 100G rated. It has been removed for now.
This IP pre-existed our 100G services.... I am sorry if the site loads slow for US visitors while I set up a 100G ip.
NVM, Just saw your PM @SplitIce
If anyone is having trouble ordering, just select 100G from the drop down on the prices page. Thats all that is required
Sorry if its a little confusing, there is a new purchase system under development that isn't quite ready... additional protection levels are a new feature.
this seems very interesting, may I have a coupon as well? cheers
@akz Sure thing, PM'ed
Intresting. Any coupon left?
At least I can revel that Las Vegas and Los Angeles are both actually in the Atlantic Ocean.
@Gunter well that's interesting. I guess global warning has accelerated.
Could you please pm me your browser & screen res?
Can I have the coupon please? Thanks!
warming* :P
true that, ill blame that one on auto correct. :P
How does this compare to something like voxility?
Or OVH
http://www.ovh.com/us/about-us/network.xml
**All OVH dedicated hosting services include protection against all types of DDoS attacks. Three 160 Gbps anti-DDoS infrastructures have been set up in the Roubaix, Strasbourg and Beauharnois datacentres.
OVH is thus capable of mitigating up to 480 Gbps, 24/7**
I'd love to try.. may I have a coupon please?
@linuxthefish
Ok this got a bit long....
TL;DR
Voxility = network protection
X4B = everything protection
Its a bit like comparing apples with oranges. Voxility provide network level mitigation, we provide the full service (network / server / service / layer7-HTTP). We work on the level of providing consumer ready services, i.e we take care of it all. That means all Layer7, all small attacks, we mitigate everything for all protocols (we hope). If we didnt other customers on the same server would too be at risk.
i.e for one we can mitigate UDP floods (something that Voxility can not)
We also have enhanced HTTP mitigation (i.e automated detection and then browser verification or captcha) and all those goodies.
We will even soon hopefully support a few other Layer7 protocols (TS3, Minecraft, HL;DS) soon.
I am not too familiar with Voxilities, IPS (DDoS Mitigation) solutions. I only know the basics from when we tried them and decided not go that route. Last I checked it was $400 (4 core server) to $2.5k for 8x8 core (prices might have been Euro) although pricing may vary at times.
BTW this is all not to be confused with our Romanian services located in the Voxility datacenter. We don't use their IPS. Their hardware ACL's on the otherhand, although a bit inflexible / limited can be quite effective (when combined with mitigation its quite handy to drop say DNS AMP).
Furthermore Voxility have their IPS solutions in LA, Bucharest and Frankfurt. So all US traffic is likely to go via L.A. Our three locations are US based (with plans for further expansion) so lower latency for east and central for us.
Anyway we do the complete solution, all layers of mitigation, server monitoring to ensure everything runs smoothly. Notifications if null-routed etc (you would be surprised, to this day most providers don't even do it).
We also work hard to ensure that there is no/minimal activation time (something that most network mitigation doesn't provide) and <1ms latency increases when under mitigation. Of course these 100G IPs are actually permanently routed to reduce the detection time (which would otherwise be increased due to there being 3 DCs communicating). Most 20G services have this upgrade as well, it is being completed server by server currently.
There is probably much more I can say... but this is enough.