Results 1 to 25 of 42
Thread: high traffic = null route ?
-
11-07-2010, 06:21 AM #1Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
high traffic = null route ?
So today my datacentre null routed one of my ips, saying it was having a DDOS. I never had a issue in the past with my site, so chances of ddos were bleak.
I start using my 2nd ip on different sub-domain to serve content & after a few hours, they again null route it.
Now i am sure, this isn't some DDos & i ask them, is this due to high traffic usage & they say, yes its because of it.
Then, i asked them if upgrade to a dedicated gbit; will resolve it. The answer was 'No'.
This provider, is offering lucrative bw deals; but seems they have run out of bw and started null routing high usage clients.
Can a provider nullroute just because they cant cope with high traffic ? or is it because its economically unviable for them and they start null routing.
-
11-07-2010, 06:29 AM #2Cable Director
- Join Date
- Aug 2007
- Location
- Datacenter
- Posts
- 4,414
Off course they say yes if it was nulled on high traffic.
Most DDOS attacks consume high amounts of traffic so they don't lie.
Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.» www.InstantDedicated.com - Online in no time
» Dedicated Servers in [EU] Netherlands + Belgium with DAILY support, also on weekends
» 3.2 Tbit/s Network AS49453 with only 100 Gbit/s uplink backbone
» 1G/10G/40G/100 Gbit ports available | 99,99% Network Uptime goal
-
11-07-2010, 06:30 AM #3Snoork Hosting
- Join Date
- Oct 2009
- Location
- United States
- Posts
- 2,602
Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.
If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.█ Snoork Hosting - Enterprise Servers | DDoS Protected Network
█ 99.9% Network Uptime | 15 Minute Ticket Response Time | 24/7 Live Chat
█ Check Out Our Dedicated Server Specials For Amazing Discounts & Promotions
-
11-07-2010, 06:31 AM #4The Guru!
- Join Date
- Nov 2007
- Location
- India, USA and Amsterdam
- Posts
- 2,581
I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.
Btw, can you mention the DC?
-
11-07-2010, 06:45 AM #5Junior Guru Wannabe
- Join Date
- Aug 2010
- Location
- Netherlands
- Posts
- 35
This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...
-
11-07-2010, 06:49 AM #6Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
I dont want to name the DC.
Below are some of their response to my ticket.
Null routes are placed if an IP uses high amounts of bandwidth (measured both in
mbps and amount of packets: TCP, UDP etc.) and that traffic is consistant for a
length of time, and it affects overall connectivity on the VLAN that it is on.No that will not resolve the issue. Null routes are based over a consistent
larger than normal amount of traffic with larger than average amounts of traffic
that usually indicate a DDOS attack.We do not have a set "number" that we null route at. We enact a null
route when a vlan or the network shows issue, and then we null route the largest
traffic producers in order to stabilize the network.
-
11-07-2010, 07:01 AM #7Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
i hardly have 6-8mbps of incoming traffic , most of it is client requests
its not some kind of ddos or dos for sure
i am not receving much of traffic, most is outbound
they said they "suspect" it as ddos and null route for hours ; isnt that crazy ?
and they never gave any proof that it is a ddos, but from their replies its more of my traffic needs that they think is ddos
this dc, doesnt offer ddos protection as such; but this isnt even a case of ddos (atleast, i feel so)
-
11-07-2010, 08:37 AM #8Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
Your provider is full of ********. Can you imagine if they nullroute Youtube because it has "high traffic"...
This is the issue if they are selling their bandwidth under their prices, then it would make sense they are null routing you because it costs them to much money. I know some providers that will not even nullroute you with a DOS attack but ratter charge you for it because its money for them, unless you request it of course.
Mostly its up to you to nullroute an IP or not and to ask for it as a final solution, unless the attack is so big its affecting all the network which again should not be the case if you are a have dedicated port or are on your own network segment. A provider can nullroute you if they suspect a DDOS attack but its no up to them to decide if its an attack or not and the answers you received doesn't say that either but they just say you have to much traffic.
What in the world does this answer suppose to mean " Null routes are based over a consistent
larger than normal amount of traffic with larger than average amounts of traffic"
So they dont allow high traffic websites even when the traffic is 100% legitimate?
This sounds extremely fishy and I would start looking another provider as soon as possible. Also even if it is a a DOS attack its just ridiculous to nullroute you for 6 Mbits traffic. Even a home ADSL can handle that.
-
11-07-2010, 08:40 AM #9WebHosting Master
- Join Date
- Dec 2006
- Posts
- 4,151
I know some providers may impose measures if you consistently use beyond your bandwidth cap.
For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.
OP, you should contact your provider for the bandwidth graphs and post them here.
Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
-
11-07-2010, 08:43 AM #10Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.
-
11-07-2010, 08:49 AM #11Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
-
11-07-2010, 08:52 AM #12Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
Im not sure whats your case, but if you are not comfortable with your provider, and you have this suspicious then I really would suggest you to move on. I still dont understand why they would not allow you to use traffic in the first place if you are paying for it. Are you on some type of unlimited deal or something similar?
-
11-07-2010, 08:57 AM #13WebHosting Master
- Join Date
- Dec 2006
- Posts
- 4,151
You're not reading it right.
For example, if you have a 2TB transfer limit on a 100mbps port, and you constantly use 50mbps or more for a few days, then you may be limited by the host.
Hosts that don't do this will result in sky-high overage fees, so it depends on how you see it.
The host may have done it to prevent a bill shock.
-
11-07-2010, 08:58 AM #14WebHosting Master
- Join Date
- Dec 2006
- Posts
- 4,151
-
11-07-2010, 09:00 AM #15Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
i am paying for what i am using, i would be happy to pay more if needed
they are not asking me to upgrade, nor will they say "i will be ok" after the upgrade
yes its sort of xxx mbps over gbit deal , i do get over my alloted mbps; but they did state its burstable and not capped
-
11-07-2010, 09:09 AM #16Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
http://img259.imageshack.us/img259/5881/51411234.png
isnt ddos inbound ? i am averaging 9Mb/s , so its not ddos by any means
the two big drops you see, are the null routes
-
11-07-2010, 09:15 AM #17Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
To be honest I had servers in almost every provider outhere in the last 12 years and never ever heard that before.
If you where on a 100 port but with only 2TB transfer, it doesnt matter if you push 50mbps or 100mbps all the time because the faster you push the faster you will hit your 2TB limit. The provider would care less if you use all the 2TB in a day or a month or never use it. What you describe would only seem to happen on very small providers that are not paying their Colocation providers enough for a bigger line. If that is the case, they would be overcharged for the 50 Mbits, but that would absolutely not be a problem if they have for example 1 gigabit lines. What you describe only happens if they are overselling their network and if someone pushes 50 mbits over a few days they would start to be in problems, specially if allot of customers do at the same time. If you sell 100 servers with 100mbit lines, be sure they can push at the same time, or at least a few of them can.
I had servers limited in 2000GB a month or more in tons of provider and I could push as much as I could for as long as I wanted. Whats the point of having a 100 mbit line if your provider doesn't let you push lets say 50 mbits for 2 days? For example in Softlayer you get a 10 mbit line, 100 mbit is 10$ extra, 1000 mbit is 20$ extra, but you are still limited on all of them to 2000GB a month.
I would never ever hire such a provider that does what you mention. Or he provides me with a real 10/100/1000 mbit line, unmetered or with a fixed bandwidth package or he doesn't.
-
11-07-2010, 09:19 AM #18Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
You are at 400 mbits average my friend not 9 or 6 like you said. Also you said to upgrade to a 1gig line, that looks like a 1gig line to me already. Now im extremely curious to know how much you are paying for your supposed bandwidth. You dont need to mention the company if you dont want to but you said you are paying for all your bandwidth in another reply.
-
11-07-2010, 09:32 AM #19Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
400mbit is outgoing , i have been doing 300-400mbit for months now
9mbit is incoming , isnt ddos incoming ?
I was talking about , upgrade to "dedicated" gbit ; so i am not on same vlan with other gbit users.
I woudnt want to disclose how much i was paying, but i am paying what the datacentre has asked for. Even if i was paying less its the datacentre who needs to ask me to upgrade, not just null route me.
-
11-13-2010, 03:04 PM #20Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
can someone tell if 20k pps is considered ddos ?
-
11-13-2010, 03:08 PM #21Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
-
11-13-2010, 03:11 PM #22Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
-
11-13-2010, 03:14 PM #23Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
Depends what kind of gear they use, but usually: no.
But it all depends how their network infrastructure looks. Its hard to say for an outsider. Most gear can handle much more then 20k pps.
Note.
Advice: get a DDOS shield service. Many providers nowadays can offer these.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
-
11-13-2010, 03:41 PM #24Junior Guru
- Join Date
- Oct 2006
- Posts
- 188
Seems the datacentre is using a crap gear, will start looking for a alternative host.
-
11-13-2010, 05:15 PM #25Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 1,184
I think I know who your hosting with, but you should state to warn other people on what the host in question allow's as a max.
You should have splitted the load/net with another server after they null-routed you.
Similar Threads
-
Route Traffic with two Nics Win. Server 08
By peep96 in forum Computers and PeripheralsReplies: 6Last Post: 02-10-2010, 01:50 PM -
How to null route China?
By Gigaron in forum Hosting Security and TechnologyReplies: 6Last Post: 03-16-2008, 05:43 AM -
DDoS Protection Without Null-Route IPs
By D3m0n in forum Dedicated ServerReplies: 31Last Post: 10-26-2006, 08:51 AM -
Multiple Connections, route traffic through 1 connection
By surfbali in forum Web Hosting LoungeReplies: 3Last Post: 01-19-2006, 07:01 AM -
Postfix: null route messages to specific recipient
By xiberk in forum Hosting Security and TechnologyReplies: 0Last Post: 12-22-2005, 02:18 PM