Two days ago, an e-commerce friend called me in the middle of the night, his voice was mute, said the site was paralyzed by DDoS, before the use of shared IP high defense can not be carried, asked me how much money in the end of the independent IP high defense servers. I listened to his side of the background sound and customer service team noise, heart straight shake head - this scene I have seen too much, a lot of people in the server to save money, and finally in the collapse of the business doubled to lose out.
So today we are open to talk about the cost of high defense servers with independent IP thing, I have stepped in the pit over the years, paid the tuition fee, all to give you a clean shake.
Fees? That's not a simple question. A bunch of service providers out there quote anywhere from a few hundred to tens of thousands of dollars a month in payments, so which one do you dare to believe?
I found that the actual test, the head of water here is too deep, some boast “T-level protection” low price, in fact, it is an ordinary server plus a soft firewall, really encountered an attack in seconds into a “papier-mâché shield”. Don't believe those blowing up the ads, independent IP high defense cost, the core of the three pieces: hardware resources, bandwidth quality, protection technology. Hardware you have to look at the CPU, memory and storage, bandwidth is not the bigger the better, but to look at the line purity and elasticity, protection technology is more metaphysical, some rely on traffic cleansing, some rely on intelligent algorithms, the effect of the sky is the difference.
Let's start with the hardware, these days even the server room depends on the “character”. I have encountered a service provider, nominal E5 processor, the results of a run stress test, CPU occupancy rate soared, and later found that the second-hand hardware refurbishment. Independent IP high defense servers, hardware costs account for at least 30% of the cost, you cheap choose a low configuration, the attack came directly to resource exhaustion, independent IP instead of becoming a living target. My own experience is that at least 32-core CPU, 64G memory to start, SSD storage can not be saved, otherwise the database reading and writing can not keep up with the strong protection is useless.
Here's a basic configuration checking script I use, you can run it through when you get the server to see if it's true.
Bandwidth is the big money burner, and it's also the place with the most catnip. Many service providers say that they provide 100M exclusive bandwidth, the price is low and attractive, but in reality, it is a shared bandwidth pool out of the pool, once the peak hours are congested. The bandwidth cost of independent IP for high defense servers is usually billed according to the protection traffic and bandwidth peak, such as 10Gbps protection plus 100M premium bandwidth, the monthly rent may be in the range of 2,000-5,000 yuan.
However, note that there is a difference between the lines here, BGP lines are definitely more expensive than single line, but access stability is much better. I have tested, the same attack traffic, BGP line cleaning effect can be faster than 30%, business interruption time is greatly reduced.
Protection technology this piece, simply can write a book “fooled the book”. What “AI intelligent protection”, “global node cleaning”, sounds lofty, the actual effect may not be as good as the old hand to write a iptables rules. Independent IP high defense, the key in the distribution of cleaning center and strategy flexibility. Some service providers have one or two cleaning centers, and the attacking traffic will go around the road and penetrate; good service providers will have multi-location distributed cleaning and real-time scheduling of traffic.
Cost, with independent IP protection services, per Gbps protection monthly fee is about 100-300 yuan, but depends on whether it includes CC attack protection. Missing the CC protection, your independent IP can still be brushed, I have suffered this loss, when the monitoring map looked at the flow of normal, but the business is jammed, and finally found that the application layer attack, the light anti-network layer is useless.
Selection of tips? I summarized three rules of blood and tears: first, do not look at the ads to see the logs, so that the service provider to provide real attack mitigation reports; second, do not figure cheap figure resilience, looking for solutions that can be upgraded on demand protection; third, do not believe in sales letter test, be sure to do stress simulation.
Price comparison, the domestic market is mixed, I pulled a table, the same configuration (32-core, 64G, 100M bandwidth, 500Gbps protection) independent IP high defense, monthly rent from 3500 to 12000 have. The low price of those, mostly in the hidden speed limit or over-sale on the hands, you think, room costs, electricity, technical team, which is not money? Really think people do charity ah.
Here to insert a spit, these days, even high defense servers have to “defense teammates” - some service providers are not strict monitoring, the same server room other users were attacked, and even your independent IP also suffered. So I now choose the service provider, must look at the isolation strategy and SLA (Service Level Agreement), less than 99.9% availability of direct pass.
By the way, speaking of service providers, I've recently used one called 08Host on theIndependent IP high defenseThis piece is a little something. Their BGP line cleaning response fast, and independent IP binding flexible, can switch in seconds, the price of mid-range but stability has nothing to say, especially suitable for e-commerce, games, such as zero tolerance for interruption of the business. But this is just my personal experience, the market is changing, we still have to try more.
The solution? To put it bluntly, it is “matching demand”. If your business is just starting out, the pressure of attacks is small, you can first choose to pay about 2,000 per month to start independent IP high defense, focus on whether the seamless upgrade. I suggest that the initial protection value is not necessary to chase high, 300Gbps or so enough, but the cleaning center to choose at least three geographically distributed. Waiting for the business volume to come up, and then dynamically adjusted.
Configuration example, I have a project on hand with the program, you can refer to: independent IP with 50M high-quality BGP bandwidth, 500Gbps basic protection, with CC protection, the monthly fee of about 4800 yuan. This is not the cheapest price, but two years without a major failure, cost-effective is actually higher. Attached is a clip of Nginx protection configuration, combined with an independent IP can carry most of the CC attacks.
Cost control, there is a tip: long-term contracts often have discounts, but do not bite the bullet and sign three years, the market technology iteration is fast, it is best to sign a year. In addition, the hidden costs to ask, such as independent IP filing support, attacking the billing method after the overload (some of the peak flow rate plus charge, can be expensive to your meat pain).
The most pitiful thing I've seen is that after the attack exceeds the protection value, the attack is charged directly at $500/hour per Gbps, which can burn tens of thousands of dollars in a day, and you have to take a magnifying glass to these clauses in the contract.
To summarize, the cost of a dedicated IP for a high defense server is really not a fixed number. It is like buying insurance, you have to balance the coverage and premium. My experience is that the monthly budget of 3000-8000 yuan is the mainstream range, can buy a reliable independent IP high defense service. But the core still have to look at the business characteristics - financial business do not save, the game class focus on delay, e-commerce class focus on elastic expansion.
Don't be fooled by the “low-cost high defense”, the significance of independent IP is the exclusive use of resources and quickly locate the problem, spend more money to buy is peace of mind. Finally, to be honest, this line of servers, a penny a penny is always right, find a technical support that can communicate at any time, much more important than saving the hundreds of dollars. Well, the limitations of space, the details can not be fully expanded, there are any specific problems at any time to find me nagging, we do not whole virtual combat faction.