Page 1 of 2 12 LastLast
Results 1 to 25 of 42
  1. #1

    high traffic = null route ?

    So today my datacentre null routed one of my ips, saying it was having a DDOS. I never had a issue in the past with my site, so chances of ddos were bleak.

    I start using my 2nd ip on different sub-domain to serve content & after a few hours, they again null route it.

    Now i am sure, this isn't some DDos & i ask them, is this due to high traffic usage & they say, yes its because of it.

    Then, i asked them if upgrade to a dedicated gbit; will resolve it. The answer was 'No'.

    This provider, is offering lucrative bw deals; but seems they have run out of bw and started null routing high usage clients.

    Can a provider nullroute just because they cant cope with high traffic ? or is it because its economically unviable for them and they start null routing.

  2. #2
    Join Date
    Aug 2007
    Location
    Datacenter
    Posts
    4,414
    Off course they say yes if it was nulled on high traffic.
    Most DDOS attacks consume high amounts of traffic so they don't lie.

    Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.
    » www.InstantDedicated.com - Online in no time
    » Dedicated Servers in [EU] Netherlands + Belgium with DAILY support, also on weekends
    » 3.2 Tbit/s Network AS49453 with only 100 Gbit/s uplink backbone
    » 1G/10G/40G/100 Gbit ports available | 99,99% Network Uptime goal

  3. #3
    Join Date
    Oct 2009
    Location
    United States
    Posts
    2,602
    Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

    If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.
    Snoork Hosting - Enterprise Servers | DDoS Protected Network
    99.9% Network Uptime | 15 Minute Ticket Response Time | 24/7 Live Chat
    Check Out Our Dedicated Server Specials For Amazing Discounts & Promotions

  4. #4
    Join Date
    Nov 2007
    Location
    India, USA and Amsterdam
    Posts
    2,581
    I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

    Btw, can you mention the DC?

  5. #5
    Join Date
    Aug 2010
    Location
    Netherlands
    Posts
    35
    This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...

  6. #6
    I dont want to name the DC.

    Below are some of their response to my ticket.

    Null routes are placed if an IP uses high amounts of bandwidth (measured both in
    mbps and amount of packets: TCP, UDP etc.) and that traffic is consistant for a
    length of time, and it affects overall connectivity on the VLAN that it is on.
    No that will not resolve the issue. Null routes are based over a consistent
    larger than normal amount of traffic with larger than average amounts of traffic
    that usually indicate a DDOS attack.
    We do not have a set "number" that we null route at. We enact a null
    route when a vlan or the network shows issue, and then we null route the largest
    traffic producers in order to stabilize the network.
    All the traffic is legitimate & i dont suspect any ddos. Also from their replies it seems like its because of my traffic peak, i am getting null routed.

  7. #7
    Quote Originally Posted by ServerBoost View Post
    Off course they say yes if it was nulled on high traffic.
    Most DDOS attacks consume high amounts of traffic so they don't lie.

    Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.
    i hardly have 6-8mbps of incoming traffic , most of it is client requests

    its not some kind of ddos or dos for sure
    Quote Originally Posted by SnoorkAdvertiser View Post
    Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

    If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.
    i am not receving much of traffic, most is outbound
    Quote Originally Posted by chennaihomie View Post
    I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

    Btw, can you mention the DC?
    they said they "suspect" it as ddos and null route for hours ; isnt that crazy ?

    and they never gave any proof that it is a ddos, but from their replies its more of my traffic needs that they think is ddos
    Quote Originally Posted by serverius View Post
    This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...
    this dc, doesnt offer ddos protection as such; but this isnt even a case of ddos (atleast, i feel so)

  8. #8
    Join Date
    Jun 2005
    Posts
    3,455
    Your provider is full of ********. Can you imagine if they nullroute Youtube because it has "high traffic"...

    This is the issue if they are selling their bandwidth under their prices, then it would make sense they are null routing you because it costs them to much money. I know some providers that will not even nullroute you with a DOS attack but ratter charge you for it because its money for them, unless you request it of course.

    Mostly its up to you to nullroute an IP or not and to ask for it as a final solution, unless the attack is so big its affecting all the network which again should not be the case if you are a have dedicated port or are on your own network segment. A provider can nullroute you if they suspect a DDOS attack but its no up to them to decide if its an attack or not and the answers you received doesn't say that either but they just say you have to much traffic.

    What in the world does this answer suppose to mean " Null routes are based over a consistent
    larger than normal amount of traffic with larger than average amounts of traffic"

    So they dont allow high traffic websites even when the traffic is 100% legitimate?

    This sounds extremely fishy and I would start looking another provider as soon as possible. Also even if it is a a DOS attack its just ridiculous to nullroute you for 6 Mbits traffic. Even a home ADSL can handle that.

  9. #9
    Join Date
    Dec 2006
    Posts
    4,151
    I know some providers may impose measures if you consistently use beyond your bandwidth cap.
    For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.

  10. #10
    Join Date
    Jun 2005
    Posts
    3,455
    Quote Originally Posted by tsj5j View Post
    I know some providers may impose measures if you consistently use beyond your bandwidth cap.
    For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
    That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.

  11. #11
    Quote Originally Posted by tsj5j View Post
    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw

  12. #12
    Join Date
    Jun 2005
    Posts
    3,455
    Quote Originally Posted by coolnikin View Post
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw
    Im not sure whats your case, but if you are not comfortable with your provider, and you have this suspicious then I really would suggest you to move on. I still dont understand why they would not allow you to use traffic in the first place if you are paying for it. Are you on some type of unlimited deal or something similar?

  13. #13
    Join Date
    Dec 2006
    Posts
    4,151
    Quote Originally Posted by nibb View Post
    That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.
    You're not reading it right.

    For example, if you have a 2TB transfer limit on a 100mbps port, and you constantly use 50mbps or more for a few days, then you may be limited by the host.

    Hosts that don't do this will result in sky-high overage fees, so it depends on how you see it.
    The host may have done it to prevent a bill shock.

  14. #14
    Join Date
    Dec 2006
    Posts
    4,151
    Quote Originally Posted by coolnikin View Post
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw
    DDoSes can exceed a few gbit easily, assuming it IS a DDoS.
    Ask them for a bandwidth graph.

    And please reveal your provider.

  15. #15
    i am paying for what i am using, i would be happy to pay more if needed

    they are not asking me to upgrade, nor will they say "i will be ok" after the upgrade

    yes its sort of xxx mbps over gbit deal , i do get over my alloted mbps; but they did state its burstable and not capped

  16. #16
    Quote Originally Posted by tsj5j View Post
    DDoSes can exceed a few gbit easily, assuming it IS a DDoS.
    Ask them for a bandwidth graph.

    And please reveal your provider.
    http://img259.imageshack.us/img259/5881/51411234.png

    isnt ddos inbound ? i am averaging 9Mb/s , so its not ddos by any means

    the two big drops you see, are the null routes

  17. #17
    Join Date
    Jun 2005
    Posts
    3,455
    Quote Originally Posted by tsj5j View Post
    You're not reading it right.

    For example, if you have a 2TB transfer limit on a 100mbps port, and you constantly use 50mbps or more for a few days, then you may be limited by the host.

    Hosts that don't do this will result in sky-high overage fees, so it depends on how you see it.
    The host may have done it to prevent a bill shock.
    To be honest I had servers in almost every provider outhere in the last 12 years and never ever heard that before.

    If you where on a 100 port but with only 2TB transfer, it doesnt matter if you push 50mbps or 100mbps all the time because the faster you push the faster you will hit your 2TB limit. The provider would care less if you use all the 2TB in a day or a month or never use it. What you describe would only seem to happen on very small providers that are not paying their Colocation providers enough for a bigger line. If that is the case, they would be overcharged for the 50 Mbits, but that would absolutely not be a problem if they have for example 1 gigabit lines. What you describe only happens if they are overselling their network and if someone pushes 50 mbits over a few days they would start to be in problems, specially if allot of customers do at the same time. If you sell 100 servers with 100mbit lines, be sure they can push at the same time, or at least a few of them can.

    I had servers limited in 2000GB a month or more in tons of provider and I could push as much as I could for as long as I wanted. Whats the point of having a 100 mbit line if your provider doesn't let you push lets say 50 mbits for 2 days? For example in Softlayer you get a 10 mbit line, 100 mbit is 10$ extra, 1000 mbit is 20$ extra, but you are still limited on all of them to 2000GB a month.

    I would never ever hire such a provider that does what you mention. Or he provides me with a real 10/100/1000 mbit line, unmetered or with a fixed bandwidth package or he doesn't.

  18. #18
    Join Date
    Jun 2005
    Posts
    3,455
    Quote Originally Posted by coolnikin View Post
    http://img259.imageshack.us/img259/5881/51411234.png

    isnt ddos inbound ? i am averaging 9Mb/s , so its not ddos by any means

    the two big drops you see, are the null routes
    You are at 400 mbits average my friend not 9 or 6 like you said. Also you said to upgrade to a 1gig line, that looks like a 1gig line to me already. Now im extremely curious to know how much you are paying for your supposed bandwidth. You dont need to mention the company if you dont want to but you said you are paying for all your bandwidth in another reply.

  19. #19
    Quote Originally Posted by nibb View Post
    You are at 400 mbits average my friend not 9 or 6 like you said. Also you said to upgrade to a 1gig line, that looks like a 1gig line to me already. Now im extremely curious to know how much you are paying for your supposed bandwidth. You dont need to mention the company if you dont want to but you said you are paying for all your bandwidth in another reply.
    400mbit is outgoing , i have been doing 300-400mbit for months now
    9mbit is incoming , isnt ddos incoming ?

    I was talking about , upgrade to "dedicated" gbit ; so i am not on same vlan with other gbit users.

    I woudnt want to disclose how much i was paying, but i am paying what the datacentre has asked for. Even if i was paying less its the datacentre who needs to ask me to upgrade, not just null route me.

  20. #20
    can someone tell if 20k pps is considered ddos ?

  21. #21
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by coolnikin View Post
    can someone tell if 20k pps is considered ddos ?
    Could be a DDOS but would only be a very small DDOS.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.

  22. #22
    Quote Originally Posted by swiftnoc View Post
    Could be a DDOS but would only be a very small DDOS.
    can this cause disruption to other clients on same vlan ? and justify the null route

  23. #23
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by coolnikin View Post
    can this cause disruption to other clients on same vlan ? and justify the null route
    Depends what kind of gear they use, but usually: no.
    But it all depends how their network infrastructure looks. Its hard to say for an outsider. Most gear can handle much more then 20k pps.

    Note.
    Advice: get a DDOS shield service. Many providers nowadays can offer these.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.

  24. #24
    Seems the datacentre is using a crap gear, will start looking for a alternative host.

  25. #25
    Join Date
    Jan 2004
    Posts
    1,184
    I think I know who your hosting with, but you should state to warn other people on what the host in question allow's as a max.


    You should have splitted the load/net with another server after they null-routed you.

Page 1 of 2 12 LastLast

Similar Threads

  1. Route Traffic with two Nics Win. Server 08
    By peep96 in forum Computers and Peripherals
    Replies: 6
    Last Post: 02-10-2010, 01:50 PM
  2. How to null route China?
    By Gigaron in forum Hosting Security and Technology
    Replies: 6
    Last Post: 03-16-2008, 05:43 AM
  3. DDoS Protection Without Null-Route IPs
    By D3m0n in forum Dedicated Server
    Replies: 31
    Last Post: 10-26-2006, 08:51 AM
  4. Multiple Connections, route traffic through 1 connection
    By surfbali in forum Web Hosting Lounge
    Replies: 3
    Last Post: 01-19-2006, 07:01 AM
  5. Postfix: null route messages to specific recipient
    By xiberk in forum Hosting Security and Technology
    Replies: 0
    Last Post: 12-22-2005, 02:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •