Results 1 to 25 of 45
Thread: OVH review
-
12-29-2013, 07:51 AM #1Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
OVH review
Ok so I'm hosting with OVH for a couple of months right now and wanted to post a review. There are a lot of negative and positive reviews about OVH so I'll try to be as objective as I can here. I'm not working for OVH or anything, I'm just a customer.
First some history,
I have 2 dedis in France and a few weeks ago I opened one in their Canada location. I run game servers, very high risk machines when it comes to DDoS attacks and I've been under attack for almost 2 years, where the attacks ranged from 1 - 30 gbps in size. In these 2 years I've been hopping from one provider to another, either getting kicked by the host because of DDoS attacks, or leaving myself because the protection wasn't sufficient and prices were too steep.
OVH's prices are very competitive. A dedicated server in France rented through OVH.NL will cost you € 133,- (excl. 21% sales tax) monthly and € 99,- setup costs. Now although the setup costs seems quite outdated, as most companies don't charge you that unless you require any custom stuff, you do get a high performance machine for this price. A 6-core / 12 thread E5-1650 with 128 GB Ram and 2x 2 TB Sata disks. Canada is even more competitive, the server there is costing me USD 59 all-in each month for a i5-3570S with 16 GB RAM and 1 TB sata.
Delivery times seem to be different based on the location and server you choose. Whatever server u pick at least at OVH.NL you can see how long it will take for your server to be delivered, this can range from 120 seconds to 10 days. For my france servers I think it took about 4 - 5 days, the Canadian server was delivered almost instant, I think it took a few hours.
That being said, what I don't like about their Canada location is that most servers are sold out. Also you can't have any custom configuration. E.g. I wanted to upgrade my connection from 100 mbps to 1 gbps but this was not possible. The more expensive servers come with 1 gbps but they were sold out so for Canada your options are very, very limited.
The other thing that I think is not positive is the fact that every OVH location is like a different company. You need separate accounts, support is different per location, management interfaces differ. It would be much more easy to have just one OVH.COM website, have one account, select your server and then select your DC, instead of having to go to OVH.COM/US if you want a server in Canada and have separate billing. I'm sure though this is a work in progress.
Here comes the best part though, which not one other provider can compete with right now which is OVH's DDoS protection. Every server comes with free Anti-DDoS pro which means you can adjust settings, filter ports, you can pretty much do anything you want and if you have a serious DDoS problem, moving your servers to OVH will be your final solution. Every location can filter up to 160 gbps which is way more than any kid can sent to your server.
In fact, kids on hackforums.net are already crying that they can't take down OVH, even when sending out 100 gbps of ddos traffic.
http://s13.postimg.org/5o5hh9iwn/hackforums.png
If you want to read the full topic it requires registration which is really worth it because it's a great read
http://www.hackforums.net/showthread.php?tid=3641627
Now, again the problem is managing the protection, which is different per location. For Canada you have to use the OVH API, but you have to use the Candian API, your login won't work on the ovh.com API.
https://ca.api.ovh.com/console/#/ip
Now while the API allows you to basically do anything it's more of a tool for developers and if you're just a basic server administrator it can be quite scary to use the API to change your anti-ddos settings. There's almost no help available except for the one-liners next to each setting and if you ask support to help you out with a setting you mostly get standard replies which are usually not related to your question at all. So basically what they say is here's the API and go figure it out for yourself. Once you get the hang of it though, it's a very powerful tool which can be used to stop any attack.
E.g. my attackers usually use DNS amplification attacks, when they noticed that didn't work any longer they started doing NTPd bounce attacks, which is basically the same attack but uses port 123. This attack was not picked up by OVH's anti ddos system because according to OVH support, it was too small. It was enough though to saturate my 100 mbit line in Canada and my server went down. All I had to do was go into their API, filter anything with source port 123 and the attack was blocked within seconds and like magic my server was back online, THIS WAS A TRULY AMAZING EXPERIENCE AND I CAN'T BELIEVE THIS IS ONLY COSTING ME 59 BUCKS!
Remember though that this might all change, as I was told by support their API is in Beta now so it's free for now but they will charge you for it in the future. They didn't tell me how much though so I hope it's still affordable even for people like me that host servers just for fun/non-profit and depend on player donations.
Now for EU, everything is different again, no API just a control panel which is much more easy to use. You can just force mitigation to always on, leave it on automatic, add/remove firewall rules just like that, here's a screenshot (Any sensitive info removed):
http://s14.postimg.org/pqiff66gv/cpanel.png
It took me a while though to find this control panel and to re-find it again because all their control panels are on different places and it feels quite messy from time to time. Especially if you have, like I said before different locations with different versions and different panels it can become very confusing.
As you can see in the web panel, monitoring is disabled. OVH monitors your server and will auto create a ticket if it doesn't respond to pings. Since I disable ICMP with iptables I had to disable this feature.
So to conclude, all in all hosting with OVH has been a great experience for me so far. I never payed that less and recieved so much for it. I'm sure similar services with professional companies will cost you thousands of dollars a month but thanks to OVH, the small hoster can have the same protection now as the enterprise companies like Mastercard and Paypal have which is awesome. So would I recommend OVH, hell yeah.
Let's sum it all up:
Pros:
- Stable connections, low latency.
- Amazing Anti-DDoS system.
- Anti-DDoS pro, customize your settings, filter out ports etc.
- Latest hardware on their dedis.
- Very competitive pricing.
Cons:
- Support is not that great.
- Lot of different management interfaces can get really confusing.
- Separate accounts for different locations.
Let me know if you have any questions, comments etc. I'll try to answer them!
-
12-29-2013, 09:31 AM #2Web Hosting Master
- Join Date
- May 2012
- Posts
- 839
Thanks for sharing your nice & honest views about OVH & their DDOS protection.Because here usually we see OVH competitors, third party anti-DDOS service providers & those people who never used any service from OVH crying about their DDOS protection.
Last edited by Shoaib_A; 12-29-2013 at 09:42 AM.
-
12-29-2013, 12:39 PM #3Web Hosting Master
- Join Date
- Jan 2011
- Location
- Canada
- Posts
- 938
Thanks martijnk for that very detailed review of their DDoS. I noticed the same thing as Sledger about all the other OVH reviews too so it's nice to see someone who's actually using it instead of heresay.
One question though, do you notice any transient connection drops when it goes into automatic VAC versus manual ip filtering upstream?
-
12-29-2013, 12:59 PM #4Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
Yes, the connection drops for about 30 seconds if it's on automatic. This is the delay needed to re-route the traffic through VAC. Once the traffic goes through VAC it will stay enabled for a pre-defined period, I think about 18 hours (not sure).
You can however, force enable mitigation so the traffic always goes through VAC then there will be no delays. The problem with this though is that latency is slightly higher which can be an issue for latency sensitive games like counter strike.
I also noticed VAC has false positives sometimes and blocks legit players so it's probably a bad idea to have it on permanently. This was not bad at all though, out of the thousands different players we've had only a few got blocked.
-
12-29-2013, 01:45 PM #5Disabled
- Join Date
- Oct 2013
- Posts
- 33
I am only noticing 2-4ms difference with OVH VAC permanently on. It re-routes the traffic over complete different routes as displayed below.
With DDoS Protection Activated
Tracing route to [198.27.82.97]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms BTHUB4 [192.168.1.254]
2 78 ms 126 ms 152 ms 217.32.93.122
3 13 ms 13 ms 13 ms 217.47.210.161
4 13 ms 14 ms 14 ms 213.1.69.14
5 14 ms 27 ms 14 ms 31.55.164.102
6 14 ms 19 ms 13 ms 31.55.164.37
7 14 ms 14 ms 14 ms 31.55.164.107
8 13 ms 13 ms 26 ms acc1-10GigE-0-5-0-5.bm.21cn-ipp.bt.net [109.159.
248.98]
9 22 ms 23 ms 23 ms core2-te-0-4-0-4.ilford.ukcore.bt.net [109.159.2
48.6]
10 20 ms 20 ms 20 ms peer1-xe1-1-0.telehouse.ukcore.bt.net [109.159.2
54.134]
11 27 ms * * ldn-1-6k.uk.eu [178.33.103.232]
12 23 ms 28 ms 42 ms 178.33.100.63
13 24 ms 26 ms 23 ms vac1-0-a9.fr.eu.vaccum [178.33.100.149]
14 31 ms 28 ms 28 ms vac1-1-n7.fr.eu.firewall [178.33.100.152]
15 25 ms 25 ms 25 ms vac1-2-n7.fr.eu.tilera [37.187.36.245]
16 25 ms 25 ms 26 ms vac1-3-n7.fr.eu [91.121.215.13]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 99 ms 100 ms 100 ms [198.27.82.97]
Tracing route to [198.27.82.97]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms BTHUB4 [192.168.1.254]
2 13 ms 13 ms 13 ms 217.32.93.122
3 13 ms 14 ms 13 ms 217.47.210.161
4 14 ms 14 ms 14 ms 213.1.69.14
5 13 ms 13 ms 13 ms 31.55.164.102
6 13 ms 13 ms 14 ms 31.55.164.37
7 13 ms 14 ms 13 ms 31.55.164.107
8 19 ms 14 ms 34 ms acc1-10GigE-0-5-0-5.bm.21cn-ipp.bt.net [109.159
248.98]
9 25 ms 23 ms 24 ms core2-te-0-4-0-4.ilford.ukcore.bt.net [109.159.
48.6]
10 20 ms 21 ms 21 ms peer1-xe1-1-0.telehouse.ukcore.bt.net [109.159.
54.134]
11 * * * Request timed out.
12 * * * Request timed out.
13 96 ms 95 ms 96 ms bhs-g1-6k.qc.ca [198.27.73.205]
14 148 ms 96 ms 96 ms bhs-3a-6k.qc.ca [198.27.73.12]
15 94 ms 94 ms 94 ms [198.27.82.97]
Trace complete.Last edited by davywavy; 12-29-2013 at 01:50 PM.
-
12-29-2013, 02:24 PM #6Web Hosting Master
- Join Date
- Jan 2011
- Location
- Canada
- Posts
- 938
That's kinda interesting it's going through the FR vac when your server is in QC. That said, it might just be the shortest route into the OVH network given you're starting in the UK. I'm curious if it back hauls all that way if you're near QC to begin with.
-
12-29-2013, 02:31 PM #7Disabled
- Join Date
- Oct 2013
- Posts
- 33
It back hauls all the traffic to the nearest OVH PoP. As they have 3 Mitigation Points. so Anyone close to the UK the traffic goes through the France VAC System and QC when you are in the UK. Might be the easiest way for them to Mitigate DDoS By hauling it through the closest VAC system. People on HF seem to be mad about the OVH DDoS Protection and all seem to claim they can take it down. When in Reality they know nothing and are just a Bunch of Kids.
Hopefully OVH up the game and improve the DDoS Protection as time goes on. I see one day in the future DoS / DDoS Attacks will be a thing of the Past. How ever with Larger Transit uplinks and the Internet ever expanding everyday we will see the 480Gbps of DDoS Protection that OVH have need Upgrading to double that figure.
Most people seem to Believe that OVHs Protection will become saturated with all of the Attacks they will Receive but I highly Doubt it. They will just end up Charging a Fee to have the VAC system enabled Eventually. Even if it's a small fee Just so they Increase Capacity.
-
12-29-2013, 03:05 PM #8Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
Yeah latency only increases by a few ms, which is not a whole lot indeed, it's the false positives though that matter, so I have it on auto for now. I do still block UDP 53 and 123 though, I don't know if these blocks still work with VAC on auto, probably not.
I don't think their protection will become saturated either. Most of these kids pay good money for ddos attacks as they don't have their own botnets. They're not gonna pay money and keep the attack running while it's failing, there's no fun in that and it's a waste of resources.
At this point OVH has the best ddos protection available and it's (almost) free of charge, while other companies like Black Lotus charge you insane amounts of money for usually just 10 gbps protection which is about the same as having no protection at all these days. There is no way professional anti-ddos companies can currently compete with what OVH has to offer.
-
12-29-2013, 03:07 PM #9CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
A couple of points
1 - According to Arbor, the average attack size is 2.7 Gbps
2 - High quality networks and carrier grade filtering gear is expensive
-
12-29-2013, 03:07 PM #10Disabled
- Join Date
- Oct 2013
- Posts
- 33
Voxility offer the same levels of DDoS Protection as OVH but charge 800 Euro a Month to use the Feature. and Yes OVH do not charge anything and the false Positives might be annoying. But as the service is free complaining is not a Option
But hopefully they improve the Protection over time and offer better features.
-
12-29-2013, 03:10 PM #11Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
-
12-29-2013, 03:12 PM #12CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
This is directly from an Arbor report. They are regarded as an authoritative source in our industry. The information comes directly from a constellation of their customer's flow collectors. Our own network reports support the same findings.
If you're able to launch a larger attack, that means you're more awesome than all of the other packet kids
-
12-29-2013, 03:23 PM #13Web Hosting Master
- Join Date
- Jun 2004
- Location
- Oregon
- Posts
- 1,315
One thing I want to point out is that certain type of attacks will still able to hit your server until OVH's Arbor filter kicks in, and there is no option to have their Arbor filter on permanently. With ~30Gbps of these type of attacks, it can saturate their Arbor filter capacity, and OVH will null the IP.
CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
Colocation / DDOS Protection / High Bandwidth Server
-
12-29-2013, 03:55 PM #14Disabled
- Join Date
- Oct 2013
- Posts
- 33
-
12-29-2013, 04:10 PM #15Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
Yeah I heard about these Layer 7 attacks but they are mostly based on http protocol.
-
12-29-2013, 05:36 PM #16Web Hosting Master
- Join Date
- Jun 2004
- Location
- Oregon
- Posts
- 1,315
CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
Colocation / DDOS Protection / High Bandwidth Server
-
12-30-2013, 04:13 AM #17CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
12-30-2013, 05:25 AM #18Web Hosting Master
- Join Date
- Jun 2004
- Location
- Oregon
- Posts
- 1,315
CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
Colocation / DDOS Protection / High Bandwidth Server
-
12-30-2013, 06:00 AM #19CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
12-30-2013, 01:10 PM #20Web Hosting Master
- Join Date
- Jun 2004
- Location
- Oregon
- Posts
- 1,315
CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
Colocation / DDOS Protection / High Bandwidth Server
-
01-01-2014, 07:41 AM #21Web Hosting Master
- Join Date
- Feb 2005
- Location
- UK
- Posts
- 554
What is it that attracts these DDoSers to the point where they're willing to waste their own money on it? What is there to gain from taking some game servers down?
-
01-01-2014, 10:12 AM #22Newbie
- Join Date
- Oct 2013
- Posts
- 24
-
01-01-2014, 11:32 AM #23Junior Guru Wannabe
- Join Date
- Sep 2012
- Posts
- 41
That's usually the reason yes. But there's also the players that get banned and think they got unfairly treated or players doing it out of spite.
I even saw cases where they did it to annoy another player, so they ddos your server to get back to one player.
Good example was derptrolling who downed a lot of sites just to get one player. They even called SWAT on his home address saying there was a hostage situation.
http://siliconangle.com/blog/2014/01...new-years-day/
-
04-07-2014, 02:30 PM #24Newbie
- Join Date
- Oct 2013
- Posts
- 10
THE TRUTH ABOUT OVH
This has been the worst experience in hosting in a while for me. This is also the first review page search result that pops up on Google, so don't come crying to me about this being an old post, Jack!
Their customer support is AWFUL!
They took my site down without reason in the past.
They never allowed us to recover our data, bills were all paid up too!
They left me hanging when I called support, so basically, they took my money and never guided me through the WHM and CPANEL setup.
I was stuck and no one would help, plus no one was even familiar with the English language as their first language!!! I got lucky if I ever talked to someone who didn't sound like they were talking with a bag full of marbles in their mouth due to their heavy accents. I had to call them several times for one issue that never got resolved.
Needless to say, same day purchase, same day refund.
THANKS BUT NO THANKS OVH, YOU SUCK!!!
-
04-07-2014, 02:35 PM #25Web Hosting Master
- Join Date
- Feb 2012
- Posts
- 2,103
█ Clouveo - SSD/NVMe Cloud VPS & Web Hosting
█ Cloud VPS Servers | DDoS Protected | Snapshots | Auto Backups | One Click Apps | Custom ISOs
█ clouveo.com | Locations: [UK] London, [NL] Amsterdam, [US] Los Angeles
Similar Threads
-
OVH.ie almost 3 year review (Bad review)
By weaklinks in forum Dedicated ServerReplies: 4Last Post: 07-22-2013, 03:36 PM -
OVH.co.uk .... Review
By lynxus in forum VPS HostingReplies: 1Last Post: 06-21-2013, 03:11 PM -
OVH Review
By difumetti in forum Dedicated ServerReplies: 9Last Post: 02-27-2013, 11:58 AM