hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : high traffic = null route ?
Reply

Forum Jump

high traffic = null route ?

Reply Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-07-2010, 06:21 AM
coolnikin coolnikin is offline
Junior Guru
 
Join Date: Oct 2006
Posts: 183

high traffic = null route ?


So today my datacentre null routed one of my ips, saying it was having a DDOS. I never had a issue in the past with my site, so chances of ddos were bleak.

I start using my 2nd ip on different sub-domain to serve content & after a few hours, they again null route it.

Now i am sure, this isn't some DDos & i ask them, is this due to high traffic usage & they say, yes its because of it.

Then, i asked them if upgrade to a dedicated gbit; will resolve it. The answer was 'No'.

This provider, is offering lucrative bw deals; but seems they have run out of bw and started null routing high usage clients.

Can a provider nullroute just because they cant cope with high traffic ? or is it because its economically unviable for them and they start null routing.



Sponsored Links
  #2  
Old 11-07-2010, 06:29 AM
24x7group 24x7group is offline
Web Hosting Master
 
Join Date: Aug 2007
Location: Belgium
Posts: 3,638
Off course they say yes if it was nulled on high traffic.
Most DDOS attacks consume high amounts of traffic so they don't lie.

Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.

__________________
InstantDedicated.com - Unmanaged Dedicated Servers with Instant Activation [EU and USA]
ServerBoost.com - Managed Dedicated Servers with 24x7 On-Site Support [100% Uptime Guarantee]
≈ Locations: (The Netherlands) - Tier 3 [Dataplace] | (Miami) - Tier 3 - Pay via: Bitcoin, Paypal, Credit Card

  #3  
Old 11-07-2010, 06:30 AM
Snoork Hosting Snoork Hosting is offline
Snoork Hosting
 
Join Date: Oct 2009
Location: United States
Posts: 2,478
Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.

__________________
Snoork Hosting - Enterprise DDoS Protection | Web Hosting | VPS
99.9% Network Uptime | 15 Minute Ticket Response Time | 24/7 Live Chat
Check Out Our DDoS Protected Web Hosting For Amazing Discounts & Promotions


Sponsored Links
  #4  
Old 11-07-2010, 06:31 AM
nix101 nix101 is offline
The Guru!
 
Join Date: Nov 2007
Location: Chennai, India
Posts: 2,371
I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

Btw, can you mention the DC?

  #5  
Old 11-07-2010, 06:45 AM
serverius serverius is offline
Newbie
 
Join Date: Aug 2010
Location: Dronten -Meppel
Posts: 21
This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...

  #6  
Old 11-07-2010, 06:49 AM
coolnikin coolnikin is offline
Junior Guru
 
Join Date: Oct 2006
Posts: 183
I dont want to name the DC.

Below are some of their response to my ticket.

Quote:
Null routes are placed if an IP uses high amounts of bandwidth (measured both in
mbps and amount of packets: TCP, UDP etc.) and that traffic is consistant for a
length of time, and it affects overall connectivity on the VLAN that it is on.
Quote:
No that will not resolve the issue. Null routes are based over a consistent
larger than normal amount of traffic with larger than average amounts of traffic
that usually indicate a DDOS attack.
Quote:
We do not have a set "number" that we null route at. We enact a null
route when a vlan or the network shows issue, and then we null route the largest
traffic producers in order to stabilize the network.
All the traffic is legitimate & i dont suspect any ddos. Also from their replies it seems like its because of my traffic peak, i am getting null routed.

  #7  
Old 11-07-2010, 07:01 AM
coolnikin coolnikin is offline
Junior Guru
 
Join Date: Oct 2006
Posts: 183
Quote:
Originally Posted by ServerBoost View Post
Off course they say yes if it was nulled on high traffic.
Most DDOS attacks consume high amounts of traffic so they don't lie.

Did they ever say it wasn't a DDOS or not? Mostly the DDOS attacks you can filter out fairly easily and we would do exactly the same as them.
i hardly have 6-8mbps of incoming traffic , most of it is client requests

its not some kind of ddos or dos for sure
Quote:
Originally Posted by SnoorkAdvertiser View Post
Well, a provider can null route an IP address if it receives a strong DDoS attacks that affects their network, but they should not null route the IP address if your website is receiving valid traffic.

If a provider is null routing your IP addresses due to the the amount of valid traffic you are receiving, it may be time to look for a new provider with quality network that can accumulate your needs.
i am not receving much of traffic, most is outbound
Quote:
Originally Posted by chennaihomie View Post
I am sure no DC will null route the IP for high traffic usage. Ask them explanation how they diagonalized the issue as DDOS.

Btw, can you mention the DC?
they said they "suspect" it as ddos and null route for hours ; isnt that crazy ?

and they never gave any proof that it is a ddos, but from their replies its more of my traffic needs that they think is ddos
Quote:
Originally Posted by serverius View Post
This is kind of strange to be honest. For example when we see high traffic we call our customer first to see if he is aware. Once we know for sure it's a DDoS we start filtering....not the other way around...
this dc, doesnt offer ddos protection as such; but this isnt even a case of ddos (atleast, i feel so)

  #8  
Old 11-07-2010, 08:37 AM
nibb nibb is offline
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,864
Your provider is full of ********. Can you imagine if they nullroute Youtube because it has "high traffic"...

This is the issue if they are selling their bandwidth under their prices, then it would make sense they are null routing you because it costs them to much money. I know some providers that will not even nullroute you with a DOS attack but ratter charge you for it because its money for them, unless you request it of course.

Mostly its up to you to nullroute an IP or not and to ask for it as a final solution, unless the attack is so big its affecting all the network which again should not be the case if you are a have dedicated port or are on your own network segment. A provider can nullroute you if they suspect a DDOS attack but its no up to them to decide if its an attack or not and the answers you received doesn't say that either but they just say you have to much traffic.

What in the world does this answer suppose to mean " Null routes are based over a consistent
larger than normal amount of traffic with larger than average amounts of traffic"

So they dont allow high traffic websites even when the traffic is 100% legitimate?

This sounds extremely fishy and I would start looking another provider as soon as possible. Also even if it is a a DOS attack its just ridiculous to nullroute you for 6 Mbits traffic. Even a home ADSL can handle that.

  #9  
Old 11-07-2010, 08:40 AM
tsj5j tsj5j is offline
WebHosting Master
 
Join Date: Dec 2006
Posts: 4,149
I know some providers may impose measures if you consistently use beyond your bandwidth cap.
For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

OP, you should contact your provider for the bandwidth graphs and post them here.
Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.

  #10  
Old 11-07-2010, 08:43 AM
nibb nibb is offline
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,864
Quote:
Originally Posted by tsj5j View Post
I know some providers may impose measures if you consistently use beyond your bandwidth cap.
For example, if your bandwidth cap is 2TB but you're constantly pushing 50mbps (15TB/mo), then they may limit your port speed to 10mbps.

OP, you should contact your provider for the bandwidth graphs and post them here.
Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.

  #11  
Old 11-07-2010, 08:49 AM
coolnikin coolnikin is offline
Junior Guru
 
Join Date: Oct 2006
Posts: 183
Quote:
Originally Posted by tsj5j View Post
OP, you should contact your provider for the bandwidth graphs and post them here.
Any sensible host should be able to produce a graph to prove that you're really overconsuming bandwidth.
i asked them if i get a dedicated gbit, will that help ; they said "it wont"

my current taffic isnt anywhere close to gbit

seems like, they just dont want me to use a lot of bw

  #12  
Old 11-07-2010, 08:52 AM
nibb nibb is offline
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,864
Quote:
Originally Posted by coolnikin View Post
i asked them if i get a dedicated gbit, will that help ; they said "it wont"

my current taffic isnt anywhere close to gbit

seems like, they just dont want me to use a lot of bw
Im not sure whats your case, but if you are not comfortable with your provider, and you have this suspicious then I really would suggest you to move on. I still dont understand why they would not allow you to use traffic in the first place if you are paying for it. Are you on some type of unlimited deal or something similar?

  #13  
Old 11-07-2010, 08:57 AM
tsj5j tsj5j is offline
WebHosting Master
 
Join Date: Dec 2006
Posts: 4,149
Quote:
Originally Posted by nibb View Post
That is just ridiculous as well. If you have a 2TB package then you should not be able to use 15 TB. If you have an unmetered 100 Mbps port then you should be able to push 100 Mbits, all the time, like 24/7, if not then its not unmetered. Im not sure if I got your reply to well but that sounds like a marketing gimmick to me. Or you have a fixed GB per month of data volume or a fixed speed per month.
You're not reading it right.

For example, if you have a 2TB transfer limit on a 100mbps port, and you constantly use 50mbps or more for a few days, then you may be limited by the host.

Hosts that don't do this will result in sky-high overage fees, so it depends on how you see it.
The host may have done it to prevent a bill shock.

  #14  
Old 11-07-2010, 08:58 AM
tsj5j tsj5j is offline
WebHosting Master
 
Join Date: Dec 2006
Posts: 4,149
Quote:
Originally Posted by coolnikin View Post
i asked them if i get a dedicated gbit, will that help ; they said "it wont"

my current taffic isnt anywhere close to gbit

seems like, they just dont want me to use a lot of bw
DDoSes can exceed a few gbit easily, assuming it IS a DDoS.
Ask them for a bandwidth graph.

And please reveal your provider.

  #15  
Old 11-07-2010, 09:00 AM
coolnikin coolnikin is offline
Junior Guru
 
Join Date: Oct 2006
Posts: 183
i am paying for what i am using, i would be happy to pay more if needed

they are not asking me to upgrade, nor will they say "i will be ok" after the upgrade

yes its sort of xxx mbps over gbit deal , i do get over my alloted mbps; but they did state its burstable and not capped

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Route Traffic with two Nics Win. Server 08 peep96 Computers and Peripherals 6 02-10-2010 01:50 PM
How to null route China? Gigaron Hosting Security and Technology 6 03-16-2008 05:43 AM
DDoS Protection Without Null-Route IPs D3m0n Dedicated Server 31 10-26-2006 08:51 AM
Multiple Connections, route traffic through 1 connection surfbali Web Hosting Lounge 3 01-19-2006 07:01 AM
Postfix: null route messages to specific recipient xiberk Hosting Security and Technology 0 12-22-2005 02:18 PM

Related posts from TheWhir.com
Title Type Date Posted
Not Your Mother’s DNS: Unique NSONE Algorithms Give Users Way More Traffic Control Web Hosting News 2014-08-21 15:44:51
Zayo Group Acquires FiberLink to Expand Dark Fiber Network Web Hosting News 2013-10-07 13:34:49
Fortinet Launches Application Delivery Controller, Global Server Load Balancing Web Hosting News 2013-08-12 10:55:23
INetU Launches High Performance Cloud Storage Solution Web Hosting News 2013-08-06 13:09:57
Lead Generation Part 4 – Go it Alone Blog 2014-08-14 15:20:55


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?