Page 1 of 3 123 LastLast
Results 1 to 15 of 42
  1. #1

    high traffic = null route ?

    So today my datacentre null routed one of my ips, saying it was having a DDOS. I never had a issue in the past with my site, so chances of ddos were bleak.

    I start using my 2nd ip on different sub-domain to serve content & after a few hours, they again null route it.

    Now i am sure, this isn't some DDos & i ask them, is this due to high traffic usage & they say, yes its because of it.

    Then, i asked them if upgrade to a dedicated gbit; will resolve it. The answer was 'No'.

    This provider, is offering lucrative bw deals; but seems they have run out of bw and started null routing high usage clients.

    Can a provider nullroute just because they cant cope with high traffic ? or is it because its economically unviable for them and they start null routing.

  2. #2
    Join Date
    Aug 2007
    Location
    Belgium
    Posts
    3,887
    Off course they say yes if it was nulled on high traffic.
    Most DDOS attacks consume high amounts of traffic so they don't lie.

    Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.
    InstantDedicated.com - Unmanaged Dedicated Servers with Instant Activation [EU and USA]
    ServerBoost.com - Managed Dedicated Servers with 24x7 On-Site Support [100% Uptime Guarantee]
    ≈ Locations: (The Netherlands) - Tier 3 [Dataplace] | (Miami) - Tier 3 - Pay via: Bitcoin, Paypal, Credit Card, Sofort Banking, Bancontact, Webmoney, iDEAL

  3. #3
    Join Date
    Oct 2009
    Location
    United States
    Posts
    2,591
    Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

    If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.
    Snoork Hosting - Enterprise Servers | DDoS Protected Network
    99.9% Network Uptime | 15 Minute Ticket Response Time | 24/7 Live Chat
    Check Out Our Dedicated Server Specials For Amazing Discounts & Promotions

  4. #4
    Join Date
    Nov 2007
    Location
    Chennai, India
    Posts
    2,371
    I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

    Btw, can you mention the DC?

  5. #5
    Join Date
    Aug 2010
    Location
    Dronten -Meppel
    Posts
    21
    This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...

  6. #6
    I dont want to name the DC.

    Below are some of their response to my ticket.

    Null routes are placed if an IP uses high amounts of bandwidth (measured both in
    mbps and amount of packets: TCP, UDP etc.) and that traffic is consistant for a
    length of time, and it affects overall connectivity on the VLAN that it is on.
    No that will not resolve the issue. Null routes are based over a consistent
    larger than normal amount of traffic with larger than average amounts of traffic
    that usually indicate a DDOS attack.
    We do not have a set "number" that we null route at. We enact a null
    route when a vlan or the network shows issue, and then we null route the largest
    traffic producers in order to stabilize the network.
    All the traffic is legitimate & i dont suspect any ddos. Also from their replies it seems like its because of my traffic peak, i am getting null routed.

  7. #7
    Quote Originally Posted by ServerBoost View Post
    Off course they say yes if it was nulled on high traffic.
    Most DDOS attacks consume high amounts of traffic so they don't lie.

    Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.
    i hardly have 6-8mbps of incoming traffic , most of it is client requests

    its not some kind of ddos or dos for sure
    Quote Originally Posted by SnoorkAdvertiser View Post
    Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

    If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.
    i am not receving much of traffic, most is outbound
    Quote Originally Posted by chennaihomie View Post
    I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

    Btw, can you mention the DC?
    they said they "suspect" it as ddos and null route for hours ; isnt that crazy ?

    and they never gave any proof that it is a ddos, but from their replies its more of my traffic needs that they think is ddos
    Quote Originally Posted by serverius View Post
    This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...
    this dc, doesnt offer ddos protection as such; but this isnt even a case of ddos (atleast, i feel so)

  8. #8
    Join Date
    Jun 2005
    Posts
    3,084
    Your provider is full of ********. Can you imagine if they nullroute Youtube because it has "high traffic"...

    This is the issue if they are selling their bandwidth under their prices, then it would make sense they are null routing you because it costs them to much money. I know some providers that will not even nullroute you with a DOS attack but ratter charge you for it because its money for them, unless you request it of course.

    Mostly its up to you to nullroute an IP or not and to ask for it as a final solution, unless the attack is so big its affecting all the network which again should not be the case if you are a have dedicated port or are on your own network segment. A provider can nullroute you if they suspect a DDOS attack but its no up to them to decide if its an attack or not and the answers you received doesn't say that either but they just say you have to much traffic.

    What in the world does this answer suppose to mean " Null routes are based over a consistent
    larger than normal amount of traffic with larger than average amounts of traffic"

    So they dont allow high traffic websites even when the traffic is 100% legitimate?

    This sounds extremely fishy and I would start looking another provider as soon as possible. Also even if it is a a DOS attack its just ridiculous to nullroute you for 6 Mbits traffic. Even a home ADSL can handle that.

  9. #9
    Join Date
    Dec 2006
    Posts
    4,149
    I know some providers may impose measures if you consistently use beyond your bandwidth cap.
    For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.

  10. #10
    Join Date
    Jun 2005
    Posts
    3,084
    Quote Originally Posted by tsj5j View Post
    I know some providers may impose measures if you consistently use beyond your bandwidth cap.
    For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
    That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.

  11. #11
    Quote Originally Posted by tsj5j View Post
    OP, you should contact your provider for the bandwidth graphs and post them here.
    Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw

  12. #12
    Join Date
    Jun 2005
    Posts
    3,084
    Quote Originally Posted by coolnikin View Post
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw
    Im not sure whats your case, but if you are not comfortable with your provider, and you have this suspicious then I really would suggest you to move on. I still dont understand why they would not allow you to use traffic in the first place if you are paying for it. Are you on some type of unlimited deal or something similar?

  13. #13
    Join Date
    Dec 2006
    Posts
    4,149
    Quote Originally Posted by nibb View Post
    That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.
    You're not reading it right.

    For example, if you have a 2TB transfer limit on a 100mbps port, and you constantly use 50mbps or more for a few days, then you may be limited by the host.

    Hosts that don't do this will result in sky-high overage fees, so it depends on how you see it.
    The host may have done it to prevent a bill shock.

  14. #14
    Join Date
    Dec 2006
    Posts
    4,149
    Quote Originally Posted by coolnikin View Post
    i asked them if i get a dedicated gbit, will that help ; they said "it wont"

    my current taffic isnt anywhere close to gbit

    seems like, they just dont want me to use a lot of bw
    DDoSes can exceed a few gbit easily, assuming it IS a DDoS.
    Ask them for a bandwidth graph.

    And please reveal your provider.

  15. #15
    i am paying for what i am using, i would be happy to pay more if needed

    they are not asking me to upgrade, nor will they say "i will be ok" after the upgrade

    yes its sort of xxx mbps over gbit deal , i do get over my alloted mbps; but they did state its burstable and not capped

Page 1 of 3 123 LastLast

Similar Threads

  1. Route Traffic with two Nics Win. Server 08
    By peep96 in forum Computers and Peripherals
    Replies: 6
    Last Post: 02-10-2010, 01:50 PM
  2. How to null route China?
    By Gigaron in forum Hosting Security and Technology
    Replies: 6
    Last Post: 03-16-2008, 05:43 AM
  3. DDoS Protection Without Null-Route IPs
    By D3m0n in forum Dedicated Server
    Replies: 31
    Last Post: 10-26-2006, 08:51 AM
  4. Multiple Connections, route traffic through 1 connection
    By surfbali in forum Web Hosting Lounge
    Replies: 3
    Last Post: 01-19-2006, 07:01 AM
  5. Postfix: null route messages to specific recipient
    By xiberk in forum Hosting Security and Technology
    Replies: 0
    Last Post: 12-22-2005, 02:18 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •