100G DDoS Protection is a unique service that Sharktech provides our dedicated server customers that expect DDoS attacks that exceed our standard DDoS protection limit, currently set at 40Gbps.
This service spreads incoming attacks using BGP across all of our data centers leveraging our total bandwidth available and our DDoS protection hardware located at each site. The IPs provided for the 100G DDoS protection are unique and differ from the standard IPs assigned to your server. The reason behind that is these IPs belong to prefixes that are being advertised across all of our data centers using anycast.
Anytime communication is initiated with a 100G IP the closest BGP path is selected for incoming traffic and reaches one of our data centers where it goes through our network and DDoS protection system than it is transported via GRE to the network hosting your service, your service would than respond back to communication through the local network. This means the traffic path is asymmetric (incoming traffic is going through to your service by a different path than outgoing).
A few things are worth considering when choosing 100G DDOS protection:
- It’s highly recommended that the 100G IPs are not used as primary IPs of your server. It’s standard procedure to keep service primary IP for only management access, and assign any public facing services to secondary IPs on service including 100G IPs.
- Unfortunately due to BGP load balancing, it’s not always possible to ensure the best path of incoming traffic to your 100G IP. We might be able to help you optimize, but this is a difficult situation with limited options to help us optimize path.
- Again due to BGP load balancing, it is not guaranteed that we are able to load-balance incoming DDoS attack across all our data centers evenly. This is caused sometimes by geo-centric DDoS attacks that causes a single site to receive a significantly higher rate than other locations. However, with the network upgrades we are conducting our thresholds are being increased constantly.
- Because of the spread of attacks across multiple data centers, notification of attack and action may not have accurate attack size, that is due to the fact that detection is happening at each site. This means the first site that detects an attack it is triggering the filters, sending the filters to all data centers, and sending email notification.
If you have any questions please feel free to contact our Sales Department via our helpdesk or sales@sharktech.net.
More to Read
Understanding Edge Computing
In the ever-evolving landscape of technology, one term that has been gaining significant attention is
Mar
HostingAdvice.com About Sharktech
Check what one of the leading hosting news portals says about Sharktech.
Feb
Content Delivery Network Basics
In the ever-evolving landscape of web technologies, Content Delivery Network (CDN) has become a crucial
Feb
Kubernetes vs Docker Swarm
ntainer orchestration is crucial in handling the intricacies of deploying and scaling containerized applications. Two
Feb
Top 5 Ways To Protect Your Personal Data
In today’s digital age, our personal data is more vulnerable than ever. With the increasing
Jan
Building Your Disaster Recovery Plan
In the ever-evolving digital landscape, preparing for the unexpected is not just a good practice—it’s
Jan