East Coast DDOS Filtering

Francisco

Company Lube
Verified Provider
Hello everyone,

We're looking to get some filtering going out of the east coast. No, this isn't back hauled from the west coast, the actual peering spot would be right out of Manhattan.

I wanted some feedback on pricing since we're not sure we can do the same $3 IP/M like we do in LV.

Filtering would be to the same level (10Gbit/sec+, 2M pps SYN, etc) and latency would be ~10ms ontop of whatever you get to Buffalo.

To date I know of no one on the east coast offering actual filtering. I know Ubiquity offers an auto nullroute and there's a few providers that are back hauling filtering from the west coast. Back hauling is dumb since people in Europe are going to get shafted pretty hard by this.

Francisco
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
So this is going to be filtering from Ubiquity?

100 William Street location right?  How did that fare in the most recent mega flood of NYC?

There is a total lack of DDoS filtering anywhere except the US West Coast for the low end market pricing.

I'd pay double that and even more for  a VPS if it wasn't in Buffalo :)
 

Francisco

Company Lube
Verified Provider
So this is going to be filtering from Ubiquity?

100 William Street location right?  How did that fare in the most recent mega flood of NYC?

There is a total lack of DDoS filtering anywhere except the US West Coast for the low end market pricing.

I'd pay double that and even more for  a VPS if it wasn't in Buffalo :)
No. Filtering would be out of TELX and then we'd backhaul it to Buffalo :p

We're sniffing around other markets on the eastern border.

Francisco
 

drmike

100% Tier-1 Gogent
No. Filtering would be out of TELX and then we'd backhaul it to Buffalo :p


We're sniffing around other markets on the eastern border.


Francisco
Telx, no kidding?  That's going to cost you royally.

I'd love to see another location where the filtering was local to the VPS servers.    Doubt that would ever be Telx, but keep shopping.  One can hope right?
 

Tux

DigitialOcean? lel
This would be nice. I need a little extra DDoS protection for my RamNode-hosted game servers.

Can't wait for NYC from you and RN!
 

Francisco

Company Lube
Verified Provider
10ms, man I wish it was less for game servers, then it'd be worth quite a bit.
I could host the node right in NYC but it wouldn't be as high spec'd as what we put in Buffalo. I'd probably do RAID1 or something which I don't really want to do.

NYC is silly expensive, like $2000/m just for a rack with power, no network. If you have a node or two it's fine but once you need decent power it starts to suck.

Francisco
 

Francisco

Company Lube
Verified Provider
Fran has his ways.  And wouldn't have brought them up if he didn't already know the price point was sustainable :3
All price points, even $3.00/m, is sustainable for it. It just means we'd have to sell more IP's and likely hear Anthony complain about it :p

Personally I think $4.00/month isn't unreasonable.

Francisco
 

drmike

100% Tier-1 Gogent
$3 was always a bargain.

$4 shouldn't bankrupt anyone.

Like I said, I'd pay $6/mo where/when the VPS was pretty close to the filtering.
 

Francisco

Company Lube
Verified Provider
$3 was always a bargain.

$4 shouldn't bankrupt anyone.

Like I said, I'd pay $6/mo where/when the VPS was pretty close to the filtering.
No one notices the higher latency at LV to be honest. Only the inbound path is going over the filtering, where as outbound traffic would still be sent from Buffalo. We've sniffed around Choopa but haven't put much thought into it.

10ms, man I wish it was less for game servers, then it'd be worth quite a bit.
Honestly if you're eating DDOS and getting nullroutes then you're either hosting out of the west coast or closing your community. I don't think 10ms is honestly a big enough concern.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
$6+/mo for DDoS filtering is laughably cheap, and I'd pay it.

Won't move my stuff to your Buffalo location due to CC boycott, which isn't your fault, but I'd pay $6+/mo for DDoS filtering in Vegas even. :p
 

Slownode

New Member
Honestly if you're eating DDOS and getting nullroutes then you're either hosting out of the west coast or closing your community. I don't think 10ms is honestly a big enough concern.
10ms can be important when you have thousands of international clients on a single cluster in a game which has realtime combat.

Is there an API my server can interface with to indicate who I want to block?


Cookie-cutter DDOS protection is useless for me since the traffic is UDP and uses it's own protocol, you couldn't tell what traffic is junk, encrypted parts and meaningless numbers.
 

splitice

Just a little bit crazy...
Verified Provider
10ms can be important when you have thousands of international clients on a single cluster in a game which has realtime combat.


Is there an API my server can interface with to indicate who I want to block?


Cookie-cutter DDOS protection is useless for me since the traffic is UDP and uses it's own protocol, you couldn't tell what traffic is junk, encrypted parts and meaningless numbers.
You would be surprised, statistical methods are pretty effective at UDP.

Good to see this posted publicly, we will of course be building some nodes with our standard infrastructure utilizing this. But you already know that since I am the one who bugged you to investigate it :)

To those who complain about the latency, its actually quite a lot better than the Oregon -> Vegas latency.
 
Last edited by a moderator:

Francisco

Company Lube
Verified Provider
10ms can be important when you have thousands of international clients on a single cluster in a game which has realtime combat.

Is there an API my server can interface with to indicate who I want to block?

Cookie-cutter DDOS protection is useless for me since the traffic is UDP and uses it's own protocol, you couldn't tell what traffic is junk, encrypted parts and meaningless numbers.
There isn't an API but we'd be able to help with that easily enough.

If you need the kitchen sink as an additional option, then you have to pay a lot more than $3/m.
 

drmike

100% Tier-1 Gogent
There isn't an API but we'd be able to help with that easily enough.


If you need the kitchen sink as an additional option, then you have to pay a lot more than $3/m.
API would be very awesome.

Kitchen sink, nope, more like access to the crapper.  Null crapper.
 

RiotSecurity

New Member
Choopa? Last time I checked they don't have very good ddos protection. Sure it withstands like 5Gbps, but after a minute of a constant attack it just can't handle it.
 
Top