How We Protect Our Network Infrastructure

UltraServers

At UltraServers, one of our top priorities is the security of our network infrastructure. We understand that our clients entrust us with their valuable data and rely on our services to keep their games running smoothly.

Therefore, we take a proactive approach to safeguarding our network against potential threats and cyberattacks. To achieve this, we have implemented various measures to protect our infrastructure, which we will discuss in detail in this blog post.

Owned Hardware

To secure our network infrastructure in the best way possible, we have made sure to fully control the whole chain of hardware. With us having complete control of the hardware, it gives us the opportunity to make the right decisions in every aspect.

From the choice of processor to network switch, we have carefully made our pick with security as one of the top priorities. If you would like to read more about our choice of server hardware, you can click here to read a more detailed blog post on the subject.

In addition to this, we have also set up firewalls with intrusion detection and prevention systems (IDS/IPS) to monitor our network for any suspicious activity. These systems analyse network traffic in real-time, identifying any potential threats and taking immediate action to prevent them from causing damage to our infrastructure.

DDoS Protection

Another critical aspect of network security is DDoS, or Distributed Denial-of-Service. These types of attacks are designed to overload servers with a massive amount of traffic, rendering them inaccessible to our clients. To ensure the safety and security of our network infrastructure, we have implemented several measures to protect against DDoS attacks.

As we already mentioned, we have firewalls set up that analyse traffic in real-time, and it is configured to automatically detect and mitigate DDoS attacks. For most cases this will be more than enough, but we want our service to be secure in any scenario.

To make this a reality, we have partnered with Datapacket and Cloudflare. With Cloudflare’s Magic Transit service, we are ensured to always have our network accessible to our users.

The setup of Cloudflare Magic Transit service:

We have established a GRE tunnel from our edge router at Datapacket data centres with Cloudflare.

The BGP with CloudFlare via this GRE tunnel end on our router. And we announce our currently available /22 Subnet via Datapacket’s ASN AS60068.

We announce the /22 also to Datapacket’s IP Transit with the BGP community which sets the local preference in their network to lower value, so the routes will be used as backup and the Cloudflare route is preferred if present.

With this setup we have covered several scenarios:

In the normal state, our IN traffic will be routed via Cloudflare. Our prefix is announced from Cloudflare so the IN routing will depend on the routing that Cloudflare has.

In case the GRE tunnel is disconnected in some location, the IN traffic from this location will be directed to other working locations depending on Cloudflare routing (as our prefix is announced).

In case all GRE tunnels in all locations will stop working because of some issues on Cloudflare’s side. The backup routes with Datapacket IP Transit will be preferred, so our services will still work without interruptions and this setup will have full redundancy and DDoS protection will switch to Datapacket’s in-house unmetered DDOS protection.

Conclusion

In conclusion, DDoS attacks are a significant threat to our game hosting company’s network infrastructure, and that is why we have taken these measures to ensure we always can deliver our services to our clients.

This blog post was a bit more on the technical side of things, but we hope you found it interesting, and maybe you even learned something while reading it. If you have any questions about this subject, or something else, you are welcome to reach out to us and we will answer your queries. Have a nice day!

Posted

in

by

varg