全球主机交流论坛

标题: HE抽风动向 [打印本页]

作者: SalesHosting 时间: 2012-2-3 10:34
标题: HE抽风动向
我在推特上联系到了HE，TMD居然跟我讲以后紧急事件给他发邮件，意思是不要用推特。

他说他们所有的管理员都意识到这个问题了。

我就更费解了，意识到了不作为？

作者: qiqibian 时间: 2012-2-3 10:34
什么问题？

作者: Kokgog 时间: 2012-2-3 10:35
能有什么作为.........

作者: msxcms 时间: 2012-2-3 10:36
这种需要天朝协助的事情他们也没办法

作者: southwind 时间: 2012-2-3 10:37

画圈圈诅咒把

作者: zyzit 时间: 2012-2-3 10:37
啥问题

作者: SalesHosting 时间: 2012-2-3 10:38

zyzit 发表于 2012-2-3 10:37
啥问题

他没说，我都被他屌了，我先屌回去，再问问什么时候解决。

作者: ali727 时间: 2012-2-3 10:39
如果问题出在墙上，你叫HE如何作为？收买墙？

作者: SalesHosting 时间: 2012-2-3 10:41

ali727 发表于 2012-2-3 10:39
如果问题出在墙上，你叫HE如何作为？收买墙？

他上次说是被攻击了。我听了domin的，叫他停止向中国电信广播被攻击的/24

作者: SalesHosting 时间: 2012-2-3 10:48
我都无语了，HE一挂，一堆站长跟着挂。

作者: Chen 时间: 2012-2-3 10:58
本帖最后由 Chen 于 2012-2-3 10:59 编辑

还好我英明一个月前出了HE 现在洛杉矶我马上要换了你们跟紧点。。。

作者: domin 时间: 2012-2-3 11:07

SalesHosting 发表于 2012-2-3 10:41
他上次说是被攻击了。我听了domin的，叫他停止向中国电信广播被攻击的/24

他们是不想解决, 硬抗着算了

作者: rakswift 时间: 2012-2-3 11:13
I was in HE data center yesterday, and today (Fremont 2 Data Center). When I talked to HE admin, it's clear the DDOS attack was on CT / Unicom bordering IPs.. there is really nothing they could do. It's up to China Telecom, and Unicom to solve them

作者: 13407 时间: 2012-2-3 11:19
现在还在抽吗？

作者: boykid 时间: 2012-2-3 11:20

貌似现在已经好了.

作者: boykid 时间: 2012-2-3 11:24

还早看到好了，现在又开始抽了。。。

作者: wenxiao001 时间: 2012-2-3 11:31
求邮件地址

作者: SalesHosting 时间: 2012-2-3 11:43

rakswift 发表于 2012-2-3 11:13
I was in HE data center yesterday, and today (Fremont 2 Data Center). When I talked to HE admin, it' ...

You know, the attacked IP is under HE Autonomous System, so the can stop announcing the attacked ip to CT and CU, but they didn't do that.

作者: rakswift 时间: 2012-2-3 11:43
We have been in HE data center (Fremont 2, Warmspring Avenue), and Coresite Data Center (San Jose), setting up our new servers..

When I talked to Jean (HE engineer), it's clear that the attacking were on China Telecom, and China Unicom bordering IPs.. When the DDOS attacks were out of HE network, there is nothing they could do.

It's up to China Tele and Unicom to resolve them, unfortunately. HE is talking to Cisco, and check if there is anything they could do to config their core routers to minimize the impact.

作者: SalesHosting 时间: 2012-2-3 11:46

rakswift 发表于 2012-2-3 11:43
We have been in HE data center (Fremont 2, Warmspring Avenue), and Coresite Data Center (San Jose), ...

The may can just simple block the IP. I am confused if the attacked IP is not under HE AS so who is the target?

by the way, which Corsite Datacenter you're in? One wilshire ?

作者: domin 时间: 2012-2-3 11:53
There is always something they can do, they are just not willing to do it due to other reasons.
I still don't get it though, what the hell is "the attacking were on China Telecom, and China Unicom bordering IPs" suppose to mean, are they saying CT/CU's router been attacked? I highly doubt that.

作者: SalesHosting 时间: 2012-2-3 11:55

domin 发表于 2012-2-3 11:53
There is always something they can do, they are just not willing to do it due to other reasons.
I st ...

所以我问到底谁才是攻击目标。

作者: SalesHosting 时间: 2012-2-3 11:59

domin 发表于 2012-2-3 11:53
There is always something they can do, they are just not willing to do it due to other reasons.
I st ...

要是CT和CU的路由被攻击了，如果攻击源是国内的话，不管是肉鸡还是攻击者，那个人网就先不要上了。如果是国外的，不是有长城挡着呢么？

作者: rakswift 时间: 2012-2-3 12:00
If you look the testing data, the congestion is primarily for China Telecom network. China Unicom, and China Mobile network speed to HE is NO PROBLEM..

So the DDOS at this moment is primarily centered on China Telecom network

We are in Coresite Silicon Valley Data Center (not One Wilshire in LA).

The center of the network is shifting from LA to Silicon Valley, because Google, FB etc are in Silicon Valley. Please check out :::: CoreSite’s New Santa Clara Data Center at 2972 Stender Way

FB is there. It's beautiful, and totally THE BEST DATA CENTER in the world. PUE @1.15.. Amazing!!!

作者: SalesHosting 时间: 2012-2-3 12:05

rakswift 发表于 2012-2-3 12:00
If you look the testing data, the congestion is primarily for China Telecom network. China Unicom, a ...

You use racks, cages or private suite? May I know how much?

作者: domin 时间: 2012-2-3 12:05

rakswift 发表于 2012-2-3 12:00
If you look the testing data, the congestion is primarily for China Telecom network. China Unicom, a ...

Just want to know who exactly been attacked? HE client IP or router IP?
Looking at the traceroute, the congestion is between CT and HE(hop 9 and 10).

3  124.74.182.149  0.378 ms  0.386 ms  0.403 ms
4  61.152.80.1  0.533 ms  0.549 ms  0.564 ms
5  61.152.86.46  1.162 ms  1.163 ms  1.217 ms
6  202.97.33.58  20.351 ms  19.945 ms  19.939 ms
7  202.97.33.54  1.828 ms  1.740 ms  1.733 ms
8  202.97.50.122  136.108 ms  135.995 ms  135.854 ms
9  202.97.49.158  253.371 ms  253.452 ms  253.451 ms
10  64.71.131.133  404.227 ms  403.568 ms  403.709 ms
11  72.52.92.21  386.889 ms  387.048 ms *
12  72.52.92.70  381.692 ms  381.002 ms  381.072 ms

作者: SalesHosting 时间: 2012-2-3 12:07

domin 发表于 2012-2-3 12:05
Just want to know who exactly been attacked? HE client IP or router IP?
Looking at the traceroute, ...

你别问那哥们了，我去问HE吧。

作者: domin 时间: 2012-2-3 12:08

SalesHosting 发表于 2012-2-3 12:07
你别问那哥们了，我去问HE吧。

嗯
如果真是他们不作为. 联合起来抵制.
他们的端口到期后我是不会续了.

作者: rakswift 时间: 2012-2-3 12:16
we have our own cages in Coresite.

regarding HE, they are a LOW COST provider. I understand you are upset with their services. On the other hand, they are the cheapest in the market. So the cost/service is fair.

You are right, the attack is between China T & HE border. HE has never experienced this kind of problem before, so it will take a bit time for them to figure a solution

作者: domin 时间: 2012-2-3 12:18

rakswift 发表于 2012-2-3 12:16
we have our own cages in Coresite.

regarding HE, they are a LOW COST provider. I understand you ar ...

It's not the first time they have seen this. I have personally submitted tickets to them before helped fixing routing issues with Chinese networks. It's kinda difficult to get them fix stuff unless you provide a lot of evidence.

作者: rakswift 时间: 2012-2-3 12:22
You are right about HE service.

We partner with Tencent, which has some of their servers in HE Fremont 2. They are also not too happy about their services.

Have you consider Coresite? I know their c level executives, and could get good rates for you (Rack or Cages) if you are interested

作者: SalesHosting 时间: 2012-2-3 12:37

rakswift 发表于 2012-2-3 12:22
You are right about HE service.

We partner with Tencent, which has some of their servers in HE Fre ...

Last year I found Tecent's service is on HE's network. You just said price and service is fair. I think join the Coresite, you'd better have your own AS Number, because Any2 is not as same as HE.

作者: master 时间: 2012-2-3 12:40
HE杯具几天了，也就这样了

作者: SalesHosting 时间: 2012-2-3 12:42
HE给我回复了，TM工程师是个日本人。
很明显他在推卸责任。我会回复教他一下的。

回复原文：

Hello,

Our peering link with China is getting saturated. Our routers have
headroom but theirs do not. We have contacted the responsible companies
and are expecting resolution. In the meantime, we are investigating what
we can do on our side to better manage the issue. We are working on
preventing these sorts of issues in the future.

作者: SalesHosting 时间: 2012-2-3 12:43

domin 发表于 2012-2-3 12:05
Just want to know who exactly been attacked? HE client IP or router IP?
Looking at the traceroute, ...

HE回复我了，你看我回帖。

作者: domin 时间: 2012-2-3 12:44

SalesHosting 发表于 2012-2-3 12:43
HE回复我了，你看我回帖。

还是没说谁被攻击啊

作者: rakswift 时间: 2012-2-3 12:46

SalesHosting 发表于 2012-2-2 20:37
Last year I found Tecent's service is on HE's network. You just said price and service is fair. I ...

Yes. we have our own AS #. We are putting in 3 more 10G fibers as well. You need lots of investment to make the service fast and reliable.

Would be glad to help you work out the best deal with Coresite, if you need it. I see their management team almost every week

作者: domin 时间: 2012-2-3 12:49

rakswift 发表于 2012-2-3 12:46
Yes. we have our own AS #. We are putting in 3 more 10G fibers as well. You need lots of investmen ...

What's your AS# ?

作者: 西崽猪猪 时间: 2012-2-3 12:50

我自用he好的，笑着而过

作者: domin 时间: 2012-2-3 12:51

SalesHosting 发表于 2012-2-3 12:37
Last year I found Tecent's service is on HE's network. You just said price and service is fair. I ...

Coresite is carrier neutral, you can always buy transit from carriers with IP space. Don't really need your own AS or IP space.

作者: domin 时间: 2012-2-3 12:52

西崽猪猪发表于 2012-2-3 12:50
我自用he好的，笑着而过

笑什么. 打PP

作者: SalesHosting 时间: 2012-2-3 12:57

rakswift 发表于 2012-2-3 12:46
Yes. we have our own AS #. We are putting in 3 more 10G fibers as well. You need lots of investmen ...

I heard most of their team had been in the military.

作者: SalesHosting 时间: 2012-2-3 12:58

domin 发表于 2012-2-3 12:44
还是没说谁被攻击啊

我又问了他一次。我觉得他这个回答巨扯。

作者: scmlcy 时间: 2012-2-3 12:59
很可能是天朝城墙的问题他们没办法独立解决吧

作者: SalesHosting 时间: 2012-2-3 13:00

scmlcy 发表于 2012-2-3 12:59
很可能是天朝城墙的问题他们没办法独立解决吧

先得搞清楚问题出不出在他那里。

作者: scmlcy 时间: 2012-2-3 13:08

SalesHosting 发表于 2012-2-3 13:00
先得搞清楚问题出不出在他那里。

他们可以做一些优化但是我感觉更多的问题在墙上

作者: domin 时间: 2012-2-3 13:10
他们已经说了是攻击导致线路堵塞, 怎么撤到墙上去

作者: rakswift 时间: 2012-2-3 13:14

SalesHosting 发表于 2012-2-2 20:57
I heard most of their team had been in the military.

I know HE boss Mike. He has NOT been to military. I don't think his team has many people from Military either.

For Coresite, most of their management come from Investment banking. They had investment in Data Cetner real estate, which they put together, and IPO in NYSE. Their stock has been doing really well

作者: SalesHosting 时间: 2012-2-3 13:17

rakswift 发表于 2012-2-3 13:14
I know HE boss Mike. He has NOT been to military. I don't think his team has many people from Mili ...

I mean Coresite, I saw on Weibo that said most of their stuff was in military.

作者: SalesHosting 时间: 2012-2-3 13:22

domin 发表于 2012-2-3 13:10
他们已经说了是攻击导致线路堵塞, 怎么撤到墙上去

HE又否认被攻击。

Our routers are not being attacked. As mentioned before, our network is
able to handle the traffic, but the link with China as well as China's
networks are having trouble.

作者: domin 时间: 2012-2-3 13:24
那说明是他们的客户被攻击, 导致电信连到他们的线路堵塞, 他们不封IP,别说是停止广播了. 我的猜测是对的.

作者: ycgz2008 时间: 2012-2-3 13:27
专门登录，支持这个帖子，自己也用的HE线路，持续关注中

作者: SalesHosting 时间: 2012-2-3 13:39

domin 发表于 2012-2-3 13:24
那说明是他们的客户被攻击, 导致电信连到他们的线路堵塞, 他们不封IP,别说是停止广播了. 我的猜测是对的. ...

那我直接质问他了。

作者: SalesHosting 时间: 2012-2-3 14:18
HE换了个主管工程师回复了：

The attack is a large DDOS coming into our network, targeting our FMT2
facility. We have the attacks null-routed at our borders, but that still
means that China (Tele/Uni)com's equipment has to handle the traffic
before it gets to us.

They're not quite prepared to handle traffic like this, and it's been
causing a lot of problems in their network since the attacks started.

We've reached out to them with details on the attack, but we're still
waiting for a resolution from their end. We have no idea when that will
come.

Until then, we've done everything we can on our side

作者: SalesHosting 时间: 2012-2-3 14:19

domin 发表于 2012-2-3 13:24
那说明是他们的客户被攻击, 导致电信连到他们的线路堵塞, 他们不封IP,别说是停止广播了. 我的猜测是对的. ...

看回复，承认了。

作者: domin 时间: 2012-2-3 14:21
针对电信取消那个被攻击的/24的广播么, 甚至取消那个/24的全球广播.

作者: SalesHosting 时间: 2012-2-3 14:24

domin 发表于 2012-2-3 14:21
针对电信取消那个被攻击的/24的广播么, 甚至取消那个/24的全球广播.

我也觉得这是最好的办法，因为只能这样了。难道他们的工程师不知道这种办法么？

作者: domin 时间: 2012-2-3 14:25

SalesHosting 发表于 2012-2-3 14:24
我也觉得这是最好的办法，因为只能这样了。难道他们的工程师不知道这种办法么？ ...

反正你的ticket已经开了, 就向他们提出咯, 看他们怎么说, 我估计他们觉得影响整个/24不好,范围太大

作者: SalesHosting 时间: 2012-2-3 14:38

domin 发表于 2012-2-3 14:25
反正你的ticket已经开了, 就向他们提出咯, 看他们怎么说, 我估计他们觉得影响整个/24不好,范围太大 ...

我已经回过去了，并且告诉他们China Uni/Tele是state-owned，基本不考虑用户感受，叫HE不要想靠联系他们来解决问题。

作者: SalesHosting 时间: 2012-2-3 14:40
再不解决清楚我准备打电话过去聊聊了。

作者: rakswift 时间: 2012-2-3 14:41
HE has free peering with China Telecom, Unicom.. so China Telecom, Unicom will not treat the congestion to HE with any priority. Free peering = no service

作者: SalesHosting 时间: 2012-2-3 14:46

rakswift 发表于 2012-2-3 14:41
HE has free peering with China Telecom, Unicom.. so China Telecom, Unicom will not treat the congest ...

Yeah, I know , I told them this.

作者: SalesHosting 时间: 2012-2-3 14:57
HE说没办法了。

Routing changes like that will not solve the problem; the attack will
just come in via transit and that's not good for any of the other
networks we would we shifting that burden onto.

Honestly, there's nothing we can do right now except pass the ball over
to China (Tele/Uni)com. We've done everything we reasonably can do to
mitigate the effects of the attack without causing undue harm to other
networks by routing the DDOS through them.

作者: SalesHosting 时间: 2012-2-3 14:58

domin 发表于 2012-2-3 13:24
那说明是他们的客户被攻击, 导致电信连到他们的线路堵塞, 他们不封IP,别说是停止广播了. 我的猜测是对的. ...

看回复。

作者: 张扬自主 时间: 2012-2-3 14:59
没用过he的啊

作者: domin 时间: 2012-2-3 15:02

SalesHosting 发表于 2012-2-3 14:58
看回复。

意思就是如果他们这边停止了对电信广播, 攻击会由其它ISP过来, 影响其它ISP, 影响其它ISP总好过影响HE吧? 而且他们可以停止掉全球广播嘛.那就谁都不受影响了.

作者: SalesHosting 时间: 2012-2-3 15:03

domin 发表于 2012-2-3 15:02
意思就是如果他们这边停止了对电信广播, 攻击会由其它ISP过来, 影响其它ISP, 影响其它ISP总好过影响HE吧? ...

我已经说了，看他怎么回复吧。我再次提醒了电信联通不会理他们的。

作者: domin 时间: 2012-2-3 15:05

SalesHosting 发表于 2012-2-3 15:03
我已经说了，看他怎么回复吧。我再次提醒了电信联通不会理他们的。

估计他们还是不会愿意解决的, 就硬抗着.

作者: domin 时间: 2012-2-3 15:08

SalesHosting 发表于 2012-2-3 15:03
我已经说了，看他怎么回复吧。我再次提醒了电信联通不会理他们的。

我估计他们连被攻击的IP都没封掉

作者: rakswift 时间: 2012-2-3 15:12
Unless HE invest for Paid Peering with CT and Unicom..

作者: SalesHosting 时间: 2012-2-3 15:36

rakswift 发表于 2012-2-3 15:12
Unless HE invest for Paid Peering with CT and Unicom..

The unequal peering with CT CU is very very expensive in China, so it's more expensive outside.

作者: SalesHosting 时间: 2012-2-3 15:37

domin 发表于 2012-2-3 15:08
我估计他们连被攻击的IP都没封掉

他们还没给我回复，估计不愿意，不愿意就扛着吧。电信联通过一会儿就下班了，他们准备抗一个周末吧。

作者: domin 时间: 2012-2-3 15:41
抗到攻击者放弃...苦了我们...

作者: SalesHosting 时间: 2012-2-3 15:45

domin 发表于 2012-2-3 15:41
抗到攻击者放弃...苦了我们...

DDOS，只要肉鸡足够多，攻击者根本不用考虑任何问题，也根本不用考虑放弃。

作者: oldghost 时间: 2012-2-3 15:47
神马情况？

作者: domin 时间: 2012-2-3 15:50

SalesHosting 发表于 2012-2-3 15:45
DDOS，只要肉鸡足够多，攻击者根本不用考虑任何问题，也根本不用考虑放弃。 ...

看情况吧, 如果攻击者得到的利益无法维持攻击就会放弃, 毕竟大流量攻击鸡掉得还是比较快的. 希望早日放弃咯.

作者: SalesHosting 时间: 2012-2-3 16:01

rakswift 发表于 2012-2-3 13:14
I know HE boss Mike. He has NOT been to military. I don't think his team has many people from Mili ...

You know HE's boss, you know each other?

作者: hitsword 时间: 2012-2-3 16:23
赶上直播了啊。。。

作者: rakswift 时间: 2012-2-3 22:51
Yes. He is a great guys, self-made man. We partner for other projects, such as Tencent. See him all the time in the data center

作者: rakswift 时间: 2012-2-3 22:54

SalesHosting 发表于 2012-2-2 23:36
The unequal peering with CT CU is very very expensive in China, so it's more expensive outside.

You are absolutely right. CT (ChinaNet) & Unicom bandwidth in US are very very expensive. 10$/M.. so it's very unlikely for HE to buy PAID BANDWIDTH from CT, and Unicom

作者: wr浅唱 时间: 2012-2-3 22:58
你以为呢？

作者: SalesHosting 时间: 2012-2-4 09:19

rakswift 发表于 2012-2-3 22:51
Yes. He is a great guys, self-made man. We partner for other projects, such as Tencent. See him all ...

He works in data center as an engineer or what? Why he is still working himself?

作者: rakswift 时间: 2012-2-4 10:24
He is the single owner of the business, and he doesn't do handson work that much anymore.. but he extremely hard working.

He works long hours, and are expanding the facility for more racks to keep up the demand. HE is doing quite well, despite its challenges.

I will have another lunch with him once I'm done with my Coresite expansion

作者: SalesHosting 时间: 2012-2-4 16:57

rakswift 发表于 2012-2-4 10:24
He is the single owner of the business, and he doesn't do handson work that much anymore.. but he ex ...

If you have a chance to meet HE's boss, can you tell him the problem about peering with China and what we have discussed here?

I sent a email to HE again to ask if there got some update about the issue, there was no respons.I guess they don't want to answer me anymore and they won't solve the problem competely.

作者: SalesHosting 时间: 2012-2-4 16:58

rakswift 发表于 2012-2-4 10:24
He is the single owner of the business, and he doesn't do handson work that much anymore.. but he ex ...

Sorry , got a typo , the last words is "completely".

作者: rakswift 时间: 2012-2-4 17:02
We talked about it over lunch last time. It will cost HE lots of money to BUY bandwidth from CT.. at 10$/m, for a 2G link, it would cost 20,000$ / month..

that is a lot of money

作者: uconny 时间: 2012-2-4 17:21
提示: 作者被禁止或删除内容自动屏蔽

作者: Kvm 时间: 2012-2-4 17:24

uconny 发表于 2012-2-4 17:21
换香港的吧

香港直接10G过去就报废了

作者: Zeddicus 时间: 2012-2-4 17:38
推上说人家会反感，发邮件是要确定你是客户。

作者: SalesHosting 时间: 2012-2-4 20:22

rakswift 发表于 2012-2-4 17:02
We talked about it over lunch last time. It will cost HE lots of money to BUY bandwidth from CT.. at ...

Well, first, I think if HE reallly want to buy peerig with CT/CU, 2G is too small, because HE has a lot of customers are in China. Well $10 for CT/CU is actually cheap. You know in China, our house-use ADSL is much more expensive than this, an the peering in China has a lot of additional charge, very disgusting.

If they have strong peering with China, HE will earn a huge number of business in China. Now is still very hard to find a datacenter in US which is very fast wih both CT and CU.

作者: SalesHosting 时间: 2012-2-4 20:46
88L 正解。

作者: SalesHosting 时间: 2012-2-4 20:49
更新：

HE说现在情况好多了。

This should be better now, it looks like CT/CU have cleaned up the
attack traffic headed our way a fair bit.

作者: SalesHosting 时间: 2012-2-4 20:50

domin 发表于 2012-2-3 15:50
看情况吧, 如果攻击者得到的利益无法维持攻击就会放弃, 毕竟大流量攻击鸡掉得还是比较快的. 希望早日放弃 ...

HE回复了，说情况好多了。你那里怎么样了。

作者: SalesHosting 时间: 2012-2-4 20:51
HE的高级网络工程师居然是女的？

作者: sdyizhe 时间: 2012-2-4 21:46
不明白　高人都在说什么啊．．．

作者: rakswift 时间: 2012-2-5 00:04
But 10$/m * 10G = 100,000$/m.. that is a lot of money. He may have to raise the price to all Chinese customers by 20%..

Do you think Chinese customers will support the price increase, with more stable CT/CU connections?

作者: tobeychan 时间: 2012-2-5 00:08
什么个情况

作者: domin 时间: 2012-2-5 00:44

SalesHosting 发表于 2012-2-4 20:50
HE回复了，说情况好多了。你那里怎么样了。

处理得太慢. HE应该自己这边处理. 为了一个客户, 影响其它客户, 可能他们觉得还是划算的.反正他们的端口到期后我只保留一个.

作者: SalesHosting 时间: 2012-2-5 07:46

rakswift 发表于 2012-2-5 00:04
But 10$/m * 10G = 100,000$/m.. that is a lot of money. He may have to raise the price to all Chinese ...

Maybe I can open another post in this forum to ask if they accept the increase. Although 20% is expensive but I think first HE is cheapest and there already have some datacenter have faster speed to CT/CU than HE, such as KT and PR,and their price is a a littile higher but still get many customers.

Do you think 2G peering is enough?

作者: SalesHosting 时间: 2012-2-5 08:09

rakswift 发表于 2012-2-5 00:04
But 10$/m * 10G = 100,000$/m.. that is a lot of money. He may have to raise the price to all Chinese ...

I think another important thing is no attack on this route if it's 2G only.

欢迎光临全球主机交流论坛 (https://lilynana.eu.org/)