DDoS Protected VPS Providers for Reverse SSH Proxy

Image by Peter Hoey
Too big, too late. picture by Peter Hoey
I never allow users to connect directly to the clouds, since clouds from great providers like AWS or Google, doesn’t come with DDoS Protection. So, I have to build a protection.
Sometime ago I read a decent review about “DDoS Protected VPS Providers” on LowEndTalk (really, on LET):

https://www.lowendtalk.com/discussion/comment/1735623/

It’s indeed very accurate based on my experiences so far. Today I trust 3 providers for my SSH/SFTP/MySQL tunnels: LunaNode from Montreal (OVH), RamNode from Atlanta (Staminus) and QuadraNet from Miami (In-House).

A few costumers complained about a SSH proxy from RamNode (via HAProxy). Then, I started to test it:

1. Downloaded a test file called “100mb.test” to one of my cloud servers;
2. Downloaded the same test file to my computer (BR), naming it “100mb.test.2”;
3. Downloaded the test file from the cloud to my computer using sftp command “get 100mb.test” and wrote the average speed on a spreadsheet;
4. Uploaded the “100mb.test.2” from my computer to the cloud using “put 100mb.test.2” and wrote again.

Later I picked a VPS from New York and did the same test. The average speeds were (KB/s):

Direct (no tunnel) LunaNode RamNode QuadraNet
Download from BR 330 290 800* 950
Upload from BR 115 100 110 120
Download from NY 3250 2230 2700* 3150
Upload from NY 2620 980 2120 2450

*After 19MB of download, I got the exactly same error my customers were getting. RamNode (Staminus) stalled/blocked the connection for 30 minutes.

I did the same test the next day, results were almost the same. Despite the fact that the QuadraNet Protection (standard) is only 3Gbps vs 50Gbps from RamNode and 480Gbps from LunaNode, the proxy isn’t mission critical.

If you need a reverse proxy for game servers or web servers, I’d recommend another way. HTTP/HTTPS, for example, I have very good experiences with TotalUptime and Sucuri, but you can use LunaNode with NGINX as reverse proxy as well or a GRE tunnel.

Game servers or another not-web application, in another hand, you’ll probably be fine using Geo-Routing DNS to distribute the connections through different proxies around the world. Amazon Route 53 and TotalUptime DNS are your friends. Good luck.