At the risk of sounding like the "why do you need DropBox if you have rsync herr derr" guy, why... do I need DDoS protection from my VPS provider if I have Cloudflare anyway?
Why do you need DDoS protection from Cloudflare if your VPS provider has it anyway?
Some people prefer all-in-one solutions, otherwise things like AWS wouldn't exists. Others prefer to spread out their eggs. One is not absolutely right and the other absolute wrong.
Magic Transit is priced for the enterprise, out of reach for for a big chunk of the cheap VPS market: Minecraft servers and gaming in general, common DDOS targets.
Compared to other mitigation providers there were very few filters, and when you were under attack it just seemed to throttle your whole connection to as low as 50Kbps, meaning players would disconnect.
Magic Firewall exists now which is pretty powerful a la wire shark filters if I remember correctly. Otherwise MT filters are pretty good now. However I have encountered a few cases where a valid connection may drop depending on how sensitive your application is but pretty rare.
Spectrum is cool but priced completely out of reach for most Cloudflare users.
I proxy through Fly.io or AWS Global Accelerator when I can’t use Cloudflare for TCP as a hobbyist.
(Why only three protocols and such strict limits, years after launching? You won’t cannibalize Spectrum by allowing more hobbyists to use it, you’ll market it for use at scale - like Argo Tunnel’s trycloudflare)
I presume they were referring to gameservers run by communities and not by game studios? I run gameservers for events that raise money for charity and we're having more and more of our boxes get hit offline - last time I had a look Spectrum required an enterprise plan for anything other than Minecraft?
Depends on the usecase, and whether you're shelling out the huge sums for Cloudflare Enterprise. Don't think there's too many cheap options for obfuscation if e.g. you're hosting a game server, which also happens to be one of the most common DDoS targets.
one method is to look up what IPs someone owns and try to direct connect to them. Or you can just guess and assume they picked an IP address near the start of the block they have.
You don't have to be a big company to own a block. An ipv4 block is <$10k and the price is on a downtrend now that covid is over. It is risky as a site if you don't own your IP block because false abuse complaints can be sent to the ASN you are renting an IP from and can result in downtime. If you own the IP, the abuse reports for it go to you to handle.
>won't just drop non-Cloudflare traffic
Not all sites do this. Also they likely have other stuff running on the machines that are accessible without cloudflare.
Some people prefer all-in-one solutions, otherwise things like AWS wouldn't exists. Others prefer to spread out their eggs. One is not absolutely right and the other absolute wrong.