I just ordered a few root servers which I will use for a Kubernetes cluster. I am going to use this for a standard web application, and I am wondering about Netcup's DDoS mitigation. So far I've been using Cloudflare but I'm not too happy with the added latency so I would like to use it only for static assets with a dedicated domain, and have requests for dynamic content served by my servers directly, since TTFB is a lot better without a proxy in between.
This will mean that I cannot benefit from Cloudflare's DDoS mitigation. How good is Netcup's? What kind of attacks can it mitigate? It's a standard app which will unlikely attract attacks I think, but these days better safe than sorry.
Together with the servers I also ordered a virtual 1Gb/sec LAN to connect them. Can anyone confirm if this is a truly private network? I wouldn't want to use encryption between the servers since this slows things down considerably.