100G DDoS Protection is a unique service that Sharktech provides our dedicated server customers that expect DDoS attacks that exceed our standard DDoS protection limit, currently set at 40Gbps.
This service spreads incoming attacks using BGP across all of our data centers leveraging our total bandwidth available and our DDoS protection hardware located at each site. The IPs provided for the 100G DDoS protection are unique and differ from the standard IPs assigned to your server. The reason behind that is these IPs belong to prefixes that are being advertised across all of our data centers using anycast.
Anytime communication is initiated with a 100G IP the closest BGP path is selected for incoming traffic and reaches one of our data centers where it goes through our network and DDoS protection system than it is transported via GRE to the network hosting your service, your service would than respond back to communication through the local network. This means the traffic path is asymmetric (incoming traffic is going through to your service by a different path than outgoing).
A few things are worth considering when choosing 100G DDOS protection:
- It’s highly recommended that the 100G IPs are not used as primary IPs of your server. It’s standard procedure to keep service primary IP for only management access, and assign any public facing services to secondary IPs on service including 100G IPs.
- Unfortunately due to BGP load balancing, it’s not always possible to ensure the best path of incoming traffic to your 100G IP. We might be able to help you optimize, but this is a difficult situation with limited options to help us optimize path.
- Again due to BGP load balancing, it is not guaranteed that we are able to load-balance incoming DDoS attack across all our data centers evenly. This is caused sometimes by geo-centric DDoS attacks that causes a single site to receive a significantly higher rate than other locations. However, with the network upgrades we are conducting our thresholds are being increased constantly.
- Because of the spread of attacks across multiple data centers, notification of attack and action may not have accurate attack size, that is due to the fact that detection is happening at each site. This means the first site that detects an attack it is triggering the filters, sending the filters to all data centers, and sending email notification.
If you have any questions please feel free to contact our Sales Department via our helpdesk or sales@sharktech.net.
More to Read
Think the Cheapest Dedicated Server is A Good Idea? What You Need to Know
Should you hunt for the cheapest dedicated server? Finding the most affordable option
Oct
Discover How These 8 Cloud Monitoring Tools Can Help You Drive Better Business Performance
When it comes to managing your cloud environment, cloud monitoring tools are essential
Oct
Pick the Best Cloud Management Platform with These 5 Pro Tips
Managing cloud infrastructure can become overwhelming, especially as businesses scale and adopt more
Oct
Thinking About Public to Private Cloud Migration? Here’s the Essentials
The cloud. Love it or hate it, 94% of businesses depend on cloud
Sep
Why a Cloud Migration Checklist Helps Overcome Migration Challenges
Moving data is a complex, often nerve-wracking endeavor. However, it’s often necessary for
Aug
Cloud Cost Management Tools: The Good, The Bad, and The Alternative
Managing cloud costs has become a critical task for businesses of all sizes.
Aug