amuck-landowner

DDOS protected transit?

coreyman

Active Member
Verified Provider
I'm wanting to start offering DDOS protected servers, does anyone know if there is an onnet provider in corexchange that can provide ddos protected transit? I obviously don't have 6 million dollars to spend on mitigating large attacks like Black Lotus does. All in all I'm wondering what would be the best route for a small company?
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Well Zayo / zColo owns that facility.   I'd contact them and see who they have there lit already and if anything stands out.

That facility has fiber to other major facilities in Dallas.  Notably to Equinix.   Nothing comes to mind currently, but I am certain there are companies to offer such in DAL.  Feasibility and stacked fees are whole other puzzle though.  Basically, if you can't find such in Dallas (anything) I question if it exists... Huge market and pretty up on things.

Just beware of the county's tax on your equipment.
 

coreyman

Active Member
Verified Provider
Well Zayo / zColo owns that facility.   I'd contact them and see who they have there lit already and if anything stands out.

That facility has fiber to other major facilities in Dallas.  Notably to Equinix.   Nothing comes to mind currently, but I am certain there are companies to offer such in DAL.  Feasibility and stacked fees are whole other puzzle though.  Basically, if you can't find such in Dallas (anything) I question if it exists... Huge market and pretty up on things.

Just beware of the county's tax on your equipment.
Oh I'm already aware, they are still trying to tax me on equipment I no longer have there anymore.
 

Patrick

INIZ.COM
Verified Provider
Doubt there is anyone doing this in Texas, LSN for example in TX use BlackLotus in LA? Or maybe BL Ashburn

Maybe Gigenet but 4Gbps is probably their highest offering at a high price.

Centarra is probably the biggest but doesn't provide IP Transit.
 

Awmusic12635

Active Member
Verified Provider
I don't know of anything in corexchange though you might be able to work something out with Centarra if you contact them.
 

Kruno

New Member
Verified Provider
Do you just want to resell protection or make your own systems? Just GRE via Staminus or CNServers like everyone else does? It will be decent protection and won't break your wallet.

If you are looking for your own systems let me know. I can give you some suggestions as we recently implemented a few 10G Linux servers in a local anycast in the Netherlands. Not ready for production yet but we have successfully mitigated some dirty floods for a few clients, some going up to 100gbps of UDP(NTP). 

Linux is as good as FreeBSD with new synproxy feature for syn floods. It's a bit tricky to configure synproxy in the FORWARD chain though. 

http://rhelblog.redhat.com/2014/04/11/mitigate-tcp-syn-flood-attacks-with-red-hat-enterprise-linux-7-beta/#more-273
 

coreyman

Active Member
Verified Provider
Do you just want to resell protection or make your own systems? Just GRE via Staminus or CNServers like everyone else does? It will be decent protection and won't break your wallet.

If you are looking for your own systems let me know. I can give you some suggestions as we recently implemented a few 10G Linux servers in a local anycast in the Netherlands. Not ready for production yet but we have successfully mitigated some dirty floods for a few clients, some going up to 100gbps of UDP(NTP). 

Linux is as good as FreeBSD with new synproxy feature for syn floods. It's a bit tricky to configure synproxy in the FORWARD chain though. 

http://rhelblog.redhat.com/2014/04/11/mitigate-tcp-syn-flood-attacks-with-red-hat-enterprise-linux-7-beta/#more-273

I want the lowest cost of entry solution which would probably be reselling protection. Are there any docs around about using GRE for this? I assume I would have to setup the GRE tunnel on a server and then set a port on that server as an uplink to the switch as the switch wouldn't be able handle it on its own.
 
Last edited by a moderator:

Kephael

New Member
I want the lowest cost of entry solution which would probably be reselling protection. Are there any docs around about using GRE for this? I assume I would have to setup the GRE tunnel on a server and then set a port on that server as an uplink to the switch as the switch wouldn't be able handle it on its own.
You can control GRE tunnels using pfsense if your router does not support GRE tunnels or supports them only in software mode. 
 
Last edited by a moderator:

layerbyte_ben

New Member
Verified Provider
Have you tried asking the staff at corexchange if they can recommend any customers currently at the DC that might offer a solution? At one point when BurstNET was at the DC they offered IP transit and was actually recommended to me by a corexchange sales rep when I was looking for extra IP transit providers. Another provider that might be worth contacting and seeing if they offer DDoS protected IP transit is Incero, at one point they use to offer IP transit within 8600 Harry Hines.

If your located at the 8600 Harry Hines location, corexchange / zcolo does have transport options back to their suite in the Infomart. This can give you access to providers within Cologix and Equinix. You'll just need to pay for the riser costs and cross-connects on top of the transport fee. Or you can always just setup a GRE tunnel like the others suggested with companies such as Blacklotus and Staminus.
 

coreyman

Active Member
Verified Provider
Have you tried asking the staff at corexchange if they can recommend any customers currently at the DC that might offer a solution? At one point when BurstNET was at the DC they offered IP transit and was actually recommended to me by a corexchange sales rep when I was looking for extra IP transit providers. Another provider that might be worth contacting and seeing if they offer DDoS protected IP transit is Incero, at one point they use to offer IP transit within 8600 Harry Hines.

If your located at the 8600 Harry Hines location, corexchange / zcolo does have transport options back to their suite in the Infomart. This can give you access to providers within Cologix and Equinix. You'll just need to pay for the riser costs and cross-connects on top of the transport fee. Or you can always just setup a GRE tunnel like the others suggested with companies such as Blacklotus and Staminus.
I haven't looked into this in a while, but I know I could get something with incero inside that building because I've contacted them before about regular transit. The only thing stopping me from doing something like that is the outrageous $250/mo cross connect fee, right now I have 100mbit 95th on a gigabit with corex.
 

layerbyte_ben

New Member
Verified Provider
I haven't looked into this in a while, but I know I could get something with incero inside that building because I've contacted them before about regular transit. The only thing stopping me from doing something like that is the outrageous $250/mo cross connect fee, right now I have 100mbit 95th on a gigabit with corex.
That's one thing I did have issues with when I was a customer with corexchange in the 8600 harry hines DC (was one of the first when that facility opened). At the time the lack of on-net providers at 8600 harry hines resulted in multiple cross connect costs ontop of transport.
 

coreyman

Active Member
Verified Provider
That's one thing I did have issues with when I was a customer with corexchange in the 8600 harry hines DC (was one of the first when that facility opened). At the time the lack of on-net providers at 8600 harry hines resulted in multiple cross connect costs ontop of transport.
Once I move up to a 10gbit commit it might be worth if for me to get a cross connect and be multihomed, but right now as a little guy - that's a big hit to our margins.
 
If you want to save money on this, then you should locate your equipment where affordable DDoS-protected transit can be found. CNSERVERS would be an excellent option -- their transit rates are very competitive, but you would have to host in Portland or Seattle unless you're willing to use a GRE tunnel.
 

concerto49

New Member
Verified Provider
If you want to save money on this, then you should locate your equipment where affordable DDoS-protected transit can be found. CNSERVERS would be an excellent option -- their transit rates are very competitive, but you would have to host in Portland or Seattle unless you're willing to use a GRE tunnel.
Which would be GRE or cross connect fees :)


But that's all part of expenses. Nothing special.
 
Top
amuck-landowner