DDoS mitigation / virtual LAN

  • Hi!


    I just ordered a few root servers which I will use for a Kubernetes cluster. I am going to use this for a standard web application, and I am wondering about Netcup's DDoS mitigation. So far I've been using Cloudflare but I'm not too happy with the added latency so I would like to use it only for static assets with a dedicated domain, and have requests for dynamic content served by my servers directly, since TTFB is a lot better without a proxy in between.


    This will mean that I cannot benefit from Cloudflare's DDoS mitigation. How good is Netcup's? What kind of attacks can it mitigate? It's a standard app which will unlikely attract attacks I think, but these days better safe than sorry.


    Together with the servers I also ordered a virtual 1Gb/sec LAN to connect them. Can anyone confirm if this is a truly private network? I wouldn't want to use encryption between the servers since this slows things down considerably.


    Thanks!

  • Regarding Netcups DDOS-Protection I cannot tell you anything helpful for your decision. I never noticed a DDOS on my services the last 4 years - but just use the Forum-search, some other users noticed attacks. Nobody like me not noticing any attacks will ever submit a forum-post like "glad to have Netcups DDOS protection", but every single customer having any Performance/(D)DOS-Issue will likely fire up a new Forum-Post complaining to be victim.


    What I noticed is, that there was a discussion about "UDP DDOS Traffic" which seems to be not detectable / filtered by Netcups DDOS-Infrastructure. As you seem not to speak german and machine-based language-translation probably will not provide you the information, that the the referenced Forum-Thread-Author seems to be a very young and/or unexperienced person (disclaimer: this is just my personal view, based on the style of writing), I would suggest to focus on the Postings of "[netcup] Felix" in this thread which give some insights you maybe like to read.


    Regarding CloudFlare and Latency: A "standard web application" will not noticeable suffer by the "cloudflare latency". But as you seem to have a certain type of Web-Application where latency is a key indicator I would suggest:


    1. prepare and test your setup for cloudflare (or a similar service)

    2. disable cloudflare for regular (day to day, high-performance) service usage

    3. re-enable cloudflare in the case of a DDOS to provide additional protection "on demand"

    4. automate the switch between cloudflare enabled / disabled to make it as easy and trivial as possible for you to quickly add additional protection in case of needed

  • Hi gunnarh ! And thanks for your reply. Regarding the vLAN, by private I mean that nobody can intercept the traffic between my servers or something like that, since I need database and storage replication between them in my Kubernetes cluster. Is this the case with Netcup's vLAN? Thanks!

  • Define "nobody can intercept" please.

    And: Is passive eavesdropping OK but Interception is not?


    Who is "nobody"? Other Netcup-Customers? Everyone? Nobody but Netcup?


    Of course at least Netcup could technically do both, passive eavesdropping as well as active interception.


    Other Netcup-Customers having control over Virtual Machines should not be able to do eavesdropping or active interception that easy. Other Netcup-Customers having access to a physical Network-Port (e.g. customers which are renting a physical server) shouldn't have an easy possibility to do eavesdropping or interception too, but I think for them it is only the L2-Network-Environment protecting your encapsulated Ethernet-Frames with a very low guarantee regarding this request (e.g. typically Attacks in L2-Networks like ARP-Spoofing or Flooding the SAT-Tables etc... are maybe not 100% mitigated).

  • Neu erstellte Beiträge unterliegen der Moderation und werden erst sichtbar, wenn sie durch einen Moderator geprüft und freigeschaltet wurden.

    Die letzte Antwort auf dieses Thema liegt mehr als 365 Tage zurück. Das Thema ist womöglich bereits veraltet. Bitte erstellen Sie ggf. ein neues Thema.

    • :)
    • :(
    • ;)
    • :P
    • ^^
    • :D
    • ;(
    • X(
    • :*
    • :|
    • 8o
    • =O
    • <X
    • ||
    • :/
    • :S
    • X/
    • 8)
    • ?(
    • :huh:
    • :rolleyes:
    • :love:
    • :pinch:
    • 8|
    • :cursing:
    • :wacko:
    • :thumbdown:
    • :thumbup:
    • :sleeping:
    • :whistling:
    • :evil:
    • :saint:
    • <3
    • :!:
    • :?:
    Maximale Anzahl an Dateianhängen: 10
    Maximale Dateigröße: 1 MB
    Erlaubte Dateiendungen: bmp, gif, jpeg, jpg, pdf, png, txt, zip