Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. #1
    Join Date
    Jul 2012
    Location
    Rye, NY
    Posts
    148

    NYC DDoS Protected Colocation

    Hey guys, I am looking for 10u - half rack DDoS protected collocation in NYC. Does anyone have any suggestions?

  2. #2
    Can you give a little more detail on your needs? What bandwidth you need, type of attack you're most likely to need protecting from (UDP, SYN Flood, HTTP/HTTPS...), "how much" DDoS protection in terms of PPS (packets per second)? What is your budget?

  3. #3
    Join Date
    Feb 2005
    Location
    localhost
    Posts
    5,473
    If its colocation you are looking for I don't think it will include DDoS protection.
    Respectfully,
    Mr. Terrence

  4. #4
    Join Date
    Oct 2010
    Posts
    3,662
    Quote Originally Posted by Seegee View Post
    Hey guys, I am looking for 10u - half rack DDoS protected collocation in NYC. Does anyone have any suggestions?
    Do you want New York City proper (New York, New York) or just in the area?

    Quote Originally Posted by NetDepot - Terrence View Post
    If its colocation you are looking for I don't think it will include DDoS protection.
    If the provider offers DDoS protection, why couldn't it be included?
    SiFuQi.net - Affordable Dedicated Servers in Los Angeles, California
    24x7 Support • Enterprise Grade Hardware • Automated OS Reinstalls
    Check out our reseller program, with a unique two-tiered discount.

  5. #5
    Join Date
    Feb 2005
    Location
    localhost
    Posts
    5,473
    Quote Originally Posted by Steven F View Post
    If the provider offers DDoS protection, why couldn't it be included?
    I have yet to see a data center provider that provides DDoS protection to colo customer, does your company offer this? and are you referring to a network level DDoS protection?
    Respectfully,
    Mr. Terrence

  6. #6
    Join Date
    Jul 2012
    Location
    Rye, NY
    Posts
    148
    Tons of providors provide DDoS protected colocation. Awknet, CNServer, Voxility, etc. I am looking to protect against data heavy UDP floods mainly, probably up to somewhere around 10Gbps.

  7. #7
    Join Date
    Aug 2012
    Location
    UK
    Posts
    291
    Quote Originally Posted by Seegee View Post
    Tons of providors provide DDoS protected colocation. Awknet, CNServer, Voxility, etc. I am looking to protect against data heavy UDP floods mainly, probably up to somewhere around 10Gbps.
    Is NYC a fixed requirement? Or would New Jersey work?

    You can take a look at Choopa/Constant (same company), they have recently started providing DDoS protection to dedicated server customers and most likely available to colo customers as well. You will most likely save a large amount as well by opting for NJ rather than NYC.

    If you're fixed on NYC then InfoRelay may be able to provide something as well.
    Patrick ~ INIZ

  8. #8
    Join Date
    Oct 2010
    Posts
    3,662
    Quote Originally Posted by Vivid View Post
    Is NYC a fixed requirement? Or would New Jersey work?

    You can take a look at Choopa/Constant (same company), they have recently started providing DDoS protection to dedicated server customers and most likely available to colo customers as well. You will most likely save a large amount as well by opting for NJ rather than NYC.

    If you're fixed on NYC then InfoRelay may be able to provide something as well.
    I believe Choopa's protection is for a single IP, which might not be ideal for the OP.

    Quote Originally Posted by NetDepot - Terrence View Post
    I have yet to see a data center provider that provides DDoS protection to colo customer, does your company offer this? and are you referring to a network level DDoS protection?
    Yes, we do offer network level DDoS protection to our colo clients.
    Last edited by Steven F; 01-14-2014 at 12:39 PM.
    SiFuQi.net - Affordable Dedicated Servers in Los Angeles, California
    24x7 Support • Enterprise Grade Hardware • Automated OS Reinstalls
    Check out our reseller program, with a unique two-tiered discount.

  9. #9
    Join Date
    Feb 2005
    Location
    localhost
    Posts
    5,473
    Quote Originally Posted by Steven F View Post
    I believe Choopa's protection is for a single IP, which might not be ideal for the OP.



    Yes, we do offer network level DDoS protection to our colo clients.
    Cool, thanks for the Info.
    Respectfully,
    Mr. Terrence

  10. #10
    Join Date
    Jan 2010
    Posts
    308
    Quote Originally Posted by Seegee View Post
    Tons of providors provide DDoS protected colocation. Awknet, CNServer, Voxility, etc. I am looking to protect against data heavy UDP floods mainly, probably up to somewhere around 10Gbps.
    10gbps is child's play these days. Anything less than 160-200gbps isn't worth messing around with.

  11. #11
    Join Date
    Jan 2010
    Posts
    308
    Quote Originally Posted by Seegee View Post
    Hey guys, I am looking for 10u - half rack DDoS protected collocation in NYC. Does anyone have any suggestions?
    Keep in mind that most transit providers will see you a DDoS protected circuit. TWTC is one that jumps to mind. I'd rather have that stuff done by the carrier than a colo provider.

  12. #12
    Join Date
    Jul 2012
    Location
    Rye, NY
    Posts
    148
    Quote Originally Posted by scurvy View Post
    10gbps is child's play these days. Anything less than 160-200gbps isn't worth messing around with.
    I meant 10Gbps advertised. For example, CNServers advertises 1Gbps, but can easily take up to 40 - 60Gbps. Anything advertised > 100Gbps (OVH, Voxility 500Gbps protection ) will null route with an attack that big almost instantly.

  13. #13
    Join Date
    Jan 2010
    Posts
    308
    Quote Originally Posted by Seegee View Post
    I meant 10Gbps advertised. For example, CNServers advertises 1Gbps, but can easily take up to 40 - 60Gbps. Anything advertised > 100Gbps (OVH, Voxility 500Gbps protection ) will null route with an attack that big almost instantly.
    Even 40-60 gbps is too small. Here's the proof:

    http://www.digitalattackmap.com/#ani...084&view=table

    Why are you laughing about 500gbps protection? Seriously asking, not trolling.

  14. #14
    Join Date
    Oct 2010
    Posts
    3,662
    Quote Originally Posted by Seegee View Post
    Anything advertised > 100Gbps (OVH, Voxility 500Gbps protection ) will null route with an attack that big almost instantly.
    That's not true for every provider!
    SiFuQi.net - Affordable Dedicated Servers in Los Angeles, California
    24x7 Support • Enterprise Grade Hardware • Automated OS Reinstalls
    Check out our reseller program, with a unique two-tiered discount.

  15. #15
    Join Date
    Jul 2012
    Location
    Rye, NY
    Posts
    148
    Quote Originally Posted by scurvy View Post
    Even 40-60 gbps is too small. Here's the proof:

    http://www.digitalattackmap.com/#ani...084&view=table

    Why are you laughing about 500gbps protection? Seriously asking, not trolling.
    I can guarantee that Voxility will NOT eat up 500Gbps for any customer. Not saying that their protection is bad, but no way will it take 500Gbps. A 500Gbps total network capacity would be believable.
    Last edited by DataWagon-CJ; 01-14-2014 at 02:37 PM.

  16. #16
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    9,530
    Quote Originally Posted by Seegee View Post
    Anything advertised > 100Gbps (OVH, Voxility 500Gbps protection ) will null route with an attack that big almost instantly.
    Have you got some link(s) to back that up please?

    I don't have experience of Voxility, but certainly OVH can take a hit much bigger than that and not null route. With 3Tb of excess capacity they're happy to absorb the traffic until they get a handle on it.

  17. #17
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by F-DNS View Post
    Have you got some link(s) to back that up please?

    I don't have experience of Voxility, but certainly OVH can take a hit much bigger than that and not null route. With 3Tb of excess capacity they're happy to absorb the traffic until they get a handle on it.
    So base on your logic, bandwidth capacity = ddos filtering capacity?
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  18. #18
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    9,530
    Quote Originally Posted by CNSERVERS View Post
    So base on your logic, bandwidth capacity = ddos filtering capacity?
    LOL no. It's no big secret that OVH put their 160Gb VAC/Tilera/Arbor systems into 3 DCs to scrub traffic. What is less obvious is the way they set up peering (for example, down the west coast of the USA with KDDI, HiNET, NTT etc) to be able to drop dirty traffic before it entered their network and they had to pay to haul it across North America and the Atlantic to get it to Roubaix to scrub it.

    And I apologise for posting misinformation. I said they could absorb 3Tb excess traffic. Apparently it's gone up to 5Tbps. Sorry about that.

  19. #19
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    5,073
    You can see if Staminus sells colocation but I doubt it. You may be able to setup at choopa and then just haul protection from Staminus' east coast location.

    It's only 0.5ms between the two locations so the overhead is minimal.

    Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  20. #20
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by F-DNS View Post
    LOL no. It's no big secret that OVH put their 160Gb VAC/Tilera/Arbor systems into 3 DCs to scrub traffic. What is less obvious is the way they set up peering (for example, down the west coast of the USA with KDDI, HiNET, NTT etc) to be able to drop dirty traffic before it entered their network and they had to pay to haul it across North America and the Atlantic to get it to Roubaix to scrub it.

    And I apologise for posting misinformation. I said they could absorb 3Tb excess traffic. Apparently it's gone up to 5Tbps. Sorry about that.
    The real secrets are what their Arbor system capacity is and what kind of attacks can hit their not-possible-always-on Arbor system and saturate it.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  21. #21
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    9,530
    Quote Originally Posted by CNSERVERS View Post
    The real secrets are what their Arbor system capacity is
    With my practical experience of it (allowing for other customers taking badness at the same time we got a "big" one) I'd say about 300Gbs is pushing the limit through their DC systems. But that doesn't allow for their ability to filter it out before it gets to DC level. Their network techs are seriously "cheeky" in this area.

    Quote Originally Posted by CNSERVERS View Post
    and what kind of attacks can hit their not-possible-always-on Arbor system and saturate it.
    Please don't fluff-and-nonse stuff. If you don't have experience I'll grant you 0% knowledge of it. Let readers of this cast their own votes. My own experience (4 weeks ago) was several hundred Gbs of trouble. They took it, handled it, and didn't even discuss it till we talked to them. They discussed it seriously and professionally then, and dismissed me as trying to make too much noise about something they take for granted. I'll totally accept if you have an issue with that. Life works that way.

  22. #22
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by F-DNS View Post
    With my practical experience of it (allowing for other customers taking badness at the same time we got a "big" one) I'd say about 300Gbs is pushing the limit through their DC systems. But that doesn't allow for their ability to filter it out before it gets to DC level. Their network techs are seriously "cheeky" in this area.



    Please don't fluff-and-nonse stuff. If you don't have experience I'll grant you 0% knowledge of it. Let readers of this cast their own votes. My own experience (4 weeks ago) was several hundred Gbs of trouble. They took it, handled it, and didn't even discuss it till we talked to them. They discussed it seriously and professionally then, and dismissed me as trying to make too much noise about something they take for granted. I'll totally accept if you have an issue with that. Life works that way.
    Obviously I have my own experience with their not-possible-always-on Arbor filtering system otherwise I wouldn't be saying it here in the public, but apparently you don't believe it and you don't filter ddos yourself so I'm gonna stop here.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  23. #23
    Join Date
    Jan 2010
    Posts
    308
    Quote Originally Posted by CNSERVERS View Post
    The real secrets are what their Arbor system capacity is and what kind of attacks can hit their not-possible-always-on Arbor system and saturate it.
    If you had any experience with Arbor Peakflow, you'd know that of course it's not always "on." SP will start to off-ramp the traffic quickly (depending on thresholds), but all mitigation systems work like that. There's always a small delay before they activate. I don't quite get what your point is.

    Also, large volumetric attacks are quite easy to block at the edge of the network. ACLs are part of DDoS filtering capacity.

  24. #24
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by scurvy View Post
    If you had any experience with Arbor Peakflow, you'd know that of course it's not always "on." SP will start to off-ramp the traffic quickly (depending on thresholds), but all mitigation systems work like that. There's always a small delay before they activate. I don't quite get what your point is.

    Also, large volumetric attacks are quite easy to block at the edge of the network. ACLs are part of DDoS filtering capacity.
    U r very wrong. apologize for the post. will stop right here. I swear.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  25. #25
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by scurvy View Post
    If you had any experience with Arbor Peakflow, you'd know that of course it's not always "on." SP will start to off-ramp the traffic quickly (depending on thresholds), but all mitigation systems work like that. There's always a small delay before they activate. I don't quite get what your point is.

    Also, large volumetric attacks are quite easy to block at the edge of the network. ACLs are part of DDoS filtering capacity.
    I believe that CNServers uses an inline system which is likely to engage more quickly, so he is quick to defend the fact that his service will begin filtering faster than Arbor, NSFOCUS, etc.

    The major concern with inline systems is that they represent a point of failure on the network and are difficult to scale beyond a few 10G interfaces, difficult to scale into multiple locations, are more likely to impact performance when attacks are not occurring, and more likely to engage filters that are not needed when significant attacks are not occurring.

    I have used various vendors, both BGP diversion and inline and can attest that inline becomes less attractive when the size of your scrubbing center exceeds probably 40 Gbps.

Page 1 of 2 12 LastLast

Similar Threads

  1. KoDDoS.com - DDoS Protected - Colocation [NL]
    By koddos in forum Colo Hosting Offers
    Replies: 0
    Last Post: 01-12-2014, 01:40 AM
  2. KoDDoS.com - DDoS Protected - Colocation [NL]
    By koddos in forum Colo Hosting Offers
    Replies: 0
    Last Post: 01-03-2014, 07:06 AM
  3. DDoS protected colocation in Boston, MA
    By styx in forum Colocation, Data Centers, IP Space and Networks
    Replies: 3
    Last Post: 01-20-2009, 09:01 AM
  4. DDoS protected colocation for 1u server in NYC area.
    By styx in forum Colocation, Data Centers, IP Space and Networks
    Replies: 3
    Last Post: 12-10-2008, 01:49 AM
  5. DDoS Protected Colocation! Know Any?
    By digitalpioneer in forum Colocation, Data Centers, IP Space and Networks
    Replies: 18
    Last Post: 02-24-2008, 07:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •