There are many parameters of data centers, which determine their reliability and cost of its services. In the first half of 1990s the Uptime Institute (USA) has developed a classification of data center reliability consisting of four levels (Tier 1, 2, 3, 4). Thanks to this, customers can clearly understand what to expect from the provider. It is worth to note that although only Uptime Institute Professional Services organization can issue the official certificate, the certification criteria are described in detail in the documentation, so some service providers may claim that they meet the requirements of a particular Tier.  

What are the criteria for evaluation of reliability?

Levels of data centers differ in many ways, here are the main ones: 

• Equipment redundancy. This parameter defines the presence of redundant components in the structure. These components provide failure-free operation, in case of failure of the main elements. Redundancy is carried out according to schemes N+1 (one backup component is added to each type of elements) and 2(N+1) (two parallel systems and a backup component for each type).
• Distribution paths. This is a characteristic of the organization of engineering systems: communication cables, cooling, power supply. Redundant distribution paths provide a high speed of service and increase fault tolerance.
• Carrying out maintenance without shutting down. High-level facilities are equipped with redundant components that allow you to repair and maintain equipment without interruptions.
• Total annual downtime. The number of hours per year when the servers are not available.
• The percentage of fault tolerance. The ratio of downtime to the length of the year.

Based on these criteria, each data center is assigned a certain Tier. The higher it is, the better.

Tier 1 – Basic level

Tier I is the lowest level of the data center according to this classification. Such a data center has a dedicated room for hardware and equipped with cooling systems and uninterruptible power supply. To receive a basic certificate, it must meet the parameter of maximum downtime of 28.8 hours a year. There may be no spare power generators, humidity and air conditioning controllers, and raised floors for routing utility cables and pipes.

If maintenance is needed, the entire system should be shut down. Current requirements for Internet projects in terms of speed of repairs and availability have stepped far ahead, so the technical capabilities of such structures are severely outdated.

Tier 2 – Capacity reservations

In addition to all the features of the previous one, the data center is equipped with spare uninterruptible power supply (UPS) and cooling units, raised floors for cables and pipes. The equipment is organized according to the N+1 scheme. Therefore, the probability of emergency situations is significantly reduced. However, during maintenance or troubleshooting, hosting services will have to be suspended. The regulatory downtime for Tier II is less than 22 hours per year.

Tier II Tier is often found on the market. Such hosting services are characterized by affordable prices and are used in small businesses, for which a short-term hosting outage does not imply big losses.

Tier 3 – Maintenance works without shutdowns

Tier 3 data centers are the most common, they are the optimal solution for IT projects that cannot tolerate long downtime and possible outages. In this case, only one of the data center systems remains active in operating mode. The maximum downtime is reduced to 1.6 hours thanks to the redundancy of the entire infrastructure. This makes it possible to carry out maintenance of the hardware without a complete shutdown.

In this regard, Tier III can be considered as highly fault-tolerant, with a very high degree of availability. It is used by many modern online projects and web-services of government agencies.

Tier 4 – Maximum fault tolerance

Tier 4 is the most reliable class of data centers. Its distinctive feature is the 100% duplication of all infrastructure components according to the 2(N+1) scheme. In addition, the structural blocks of the Tier IV data center are divided into separate sections on different premises. This gives complete independence and provides an annual downtime limit of only 26 minutes.

Such numbers are essential for IT projects and services for which a potential outage is simply not tolerated. However, building and maintaining such data centers is very expensive, which has a direct impact on the cost of hosting. Moreover, for many organizations, such characteristics are superfluous.

For convenience of comparison, all levels of data centers are presented in the table:

Which Tier to choose?

The choice of a data center should be based on the business goals. The key task for the client in this case is to find a balance between cost and acceptable indicators, because the higher the tier, the higher the hosting price. For critical infrastructure projects, where even the smallest failure may lead to serious losses, it is better to choose Tier 4 data centers. If you need high-quality and virtually trouble-free hosting – pick Tier 3 provider. Small projects can be hosted in the second tier. However, you need to keep in mind the possibility of some outages and backup your servers for a faster recovery.

It is worth mentioning that reliability is not the only criterion in determining the provider. The provider’s expertise, the speed of technical support and geographical location are also very important here. Melbicom network is located in 14 Tier III and IV data centers in Europe, Africa, MENA, Asia, and North America.

IT technology has become a vital part of people’s lives. According to Cisco analysts, in 2023 the number of Internet users will reach 5.3 billion people. At the same time, the number of computers and other devices connected to the World Wide Web will reach 29.3 billion units.

Smartphones, laptops, smart cookers and TV set-top boxes – an average Internet user has more than three devices connected to the network. They interact with each other via the Internet Protocol (or IP) technology, which routes and addresses data over an Internet connection. Currently, two versions of the protocol are used: IPv4 and IPv6. What are their features? What are the differences between IPv4 and IPv6? And why the Internet has not come to one of the solutions yet? We will try to answer these questions in this article.

Features of IPv4

If you need to send a letter to someone, you’ll have to know his or her exact address. This sounds perfectly logical: it is the only way the other person can surely receive the letter and send a reply. A similar principle is used for data exchange in the Internet. The Internet Protocol gives every device an address – a unique combination of numbers by which the device can be definitely identified. The fourth version of IPv4, created back in 1982, defines the rules of exchange and gives everyone a web address consisting of 32 bits. It contains four sections separated by a dot. For example: 192.168.1.103. The range of values for each section varies from 0 to 255. To separate local and external addresses, the protocol uses a special mask that is applied to the IP address and allows you to define its relation to the network system. In 32 bits of information, 4.29 billion different combinations can be encrypted.

As you can see from the analysis in the introduction, the number of such combinations within the IPv4 is significantly smaller than the number of network connections in the world. This problem became obvious back in the mid-90s, when Internet technology began to develop rapidly. Initially, in order to compensate the deficit, it was suggested to expand the number of available IPv4 addresses thanks to CIDR (Classless Inter-Domain Routing), and later NAT (Network Address Translation – translation of network IP and ports), which replaces the internal network IP to the public one. However, despite all attempts, the need for unique IP began to overtake the possibilities of the fourth architecture. 

Advantages of IPv6

In response to the deficit of free IPv4 addresses, an improved version of the protocol was introduced in 1995, it was called IPv6.  The main difference between IPv6 and IPv4 was that the entire 128 bits were allocated for address generation. The space of possible address combinations for IPv6 is 2^128, or 60 million addresses per person on Earth. It seems that this should be enough for a very long time.

Every IPv6 address, consists of four hexadecimal digits separated by colons into 8 groups. For example, ef05: 1db1: 12a5: 0200: 0230: a71e: 1363: 53e1. At the same time, due to the increased size, it is possible to encrypt much more additional parameters that increase the efficiency of the transmission. This format offers a number of significant advantages:

• A larger number of addresses, which is enough to assign every device a unique web address.
• There is no need for NAT and CIDR, which has a positive impact on the efficiency of VPN and p2p connections.
• Better Internet routing due to the ability to build a hierarchy within the available amount of address information. This reduces the cost of traffic distribution according to the routing table.
• Simplified Quality of Service (QoS) system, which identifies delay-sensitive packets.
• Header optimization helps you handle incoming and outgoing traffic more efficiently.
• High connection security due to the built-in IPSec network-level cryptographic security protocol.
• Better compatibility with mobile data transfer.

IPv6 vs IPv4 comparison table

To make the comparison of IPv6 and IPv4 easier to understand, all their main characteristics can be summarized in a table:

As you can see from the table comparing IPv6 and IPv4, version 6 has significant advantages. IT-giants like Amazon, Google and Facebook have been working on IPv6 for a long time. Many hosting providers also provide IP addresses in the new format. However, according to the data for 2020, the share of IPv6 compared to IPv4 in total traffic is only about 30%. And there are reasons for that

Difficulties of moving to IPv6

Not everyone rushes to switch to IPv6. In fact, the infrastructure, which emerged during the era of rapid development of web-technologies, is shaped under IPv4. The transition to a new Internet Protocol requires technical re-equipment and significant financial and time resources. It is necessary to buy and configure expensive hardware, update DNS, and make many other works to integrate – unfortunately, not all administrators fully understand how to properly serve IPv6. Due to the fact that the sixth version of the protocol is not backward compatible with the fourth one, Dual stack technology is needed to use two protocols simultaneously.

However, despite all the difficulties, the transition to IPv6 is just a matter of time. With spreading of computers, cell phones and other gadgets, requirements to their connection parameters are increasing. The v6 IP protocol not only extends the address space, but also simplifies Internet routing and increases its security.

Even people who are far from the technical side of the Internet are familiar with the concept of a DDoS attack. We face its results in our lives regularly: websites hang up, applications glitch and fail to load pages, online games shows connection error messages. How do these attacks happen? How much does a business lose due to these attacks? Is it possible to protect your project from bot attacks? How to protect a server from DDoS? We will try to answer these questions in this article.

What is a DDoS?

A Distributed Denial Of Service Attack (or DDoS attack) is an attack on Internet resources in order to disable them and make them unavailable to visitors. In a nutshell, it is sending a huge amount of requests to a certain web resource over the Internet. As a result, the server can not handle this amount of incoming data and hangs. Another possible result is that the communication channel of this server is so clogged that requests from real users stop coming in, and the cost of paying for it exceeds reasonable limits. In all cases, access to the resource becomes unavailable.

A significant fraction of attacks occurs according to the following algorithm:

• Collecting analytics about the target to identify possible vulnerabilities and select the best scenario of the attack.
• Creation of a special network of bots (botnet) from infected or vulnerable devices, from which the attack will be performed.
• Simultaneous requests from multiple bots.
• Analysis of the results: whether the targets have been reached, whether additional data collection about the architecture and vulnerabilities is needed.

Sometimes an attack is organized without deploying botnets. The attacking computer sends requests while spoofing its own IP address with IP of the victim. All this causes much higher response volume, which is received by the victim’s server. DDoS attacks can also target a specific segment of a web service. “Smart” cyberattacks select individual resource-intensive segments and load them directly, leading to the failure of the entire web application.

There are many classifications of DDoS. The most common classification is based on the seven-layer Open Systems Interconnection (OSI) model of data network architecture:

• Network layer (L3): This kind of attacks targets network devices directly, such as routers, switches and switches. The attack uses the following protocols: IP OSPF, ICMP, IGMP, RIP, DVMRP PIM-SM, IPsec, IPX, DDP.
• Transport layer (L4): This is where hackers attack the servers themselves and some Internet services, such as gaming portals. The attack targets TCP and UDP protocols, and DP Lite, DCCP, SCTP, RUDP subprotocols.
• Application layer (L7): Here, attackers target imperfections in the programming code of web applications. The attack is performed via DNS, HTTP, HTTPS, etc.

How dangerous are DDoS attacks?

Modern companies are very dependent on information and communication technology. Almost every business can be called an IT project in a way. Digitalization has turned IT channels into critical points for data exchange with clients and partners, for internal communication and analytics. Failures of digital infrastructure, downtime of corporate portals lead to significant losses and damage to the reputation of entire corporations.

With the massive going online after the pandemic, not only banking, government, gaming, and e-commerce services can become a target for DDoS attacks. Small business websites, food deliveries, healthcare portals are also in danger now.

DDoS attacks have become a popular tool of hackers and malefactors: they are relatively easy to launch, inexpensive, and effective. The cost of organizing a single botnet attack starts from $50 per day. You can even find dedicated services on the darknet that provide DDoS services with ratings and cashback.

Possible losses of business owners is disproportionately higher than the costs of a DDoS attack itself. Even if you run a small sushi delivery shop, you can calculate that with an average check of $50 and 60 orders per day, you can lose $90 000 in revenue per month and at the same time you will receive significant damage to your business reputation. While for hackers, this attack will only cost about $1500.

Obviously, for large corporations, the cost of damage and risks are much higher. For example, the recent October disruption of Facebook, Instagram, and WhatsApp, when users reported problems with logging in, downloading, and accessing the platforms, cost Mark Zuckerberg $6.6 billion.

Protecting your website from DDoS: what can you do yourself?

We should mention that it is barely possible to create a full-fledged web protection by yourself. Attempting to fight back network raids on your own is complicated by the fact that a barrage of messages from bots can block communication channels even before your filtering system. There is not a single guaranteed free method of protecting your website from DDoS attack. Nevertheless, there is something you can still do:

• Capacity expansion. This is an expensive option, which is commonly used by large web resources to back up. Investments in bandwidth and computing resources allow more information to be processed at the same time.
• Router configuration. The traffic router can be configured to filter  “garbage” traffic. The main disadvantage of this method is that it can be difficult to determine what traffic should be blocked and what should be allowed through. After all, requests from a botnet can come from different regions, have different content and even be masked to look like real people.
• Fine-tuning and regular software updates. Some DDoS attacks target specific vulnerabilities in the software code or operating system of the main server. Developers of good proprietary software products keep an eye out for new hacker techniques and fix problems in their next updates. The default OS and web server settings of Apache or Nginx often have significant limitations. This is especially true for the performance of servers running on Nginx and the Linux network stack. Also, if a third-party CMS (like WordPress, Joomla, Opencart) is used on a website, you should thoroughly read the optimization manual.
• Server status monitoring. It is strongly recommended to connect monitoring of key indicators: CPU load, percentage of RAM usage, number of visitors, and so on. So you will be able to detect unusual events on time and minimize possible losses.

DDoS protection services

If your bandwidth and computing resources are insufficient to repel attacks on your own, you can consider using DDoS protection solutions offered by hosting providers. What are the advantages of such IT solutions?

• Protection at all OSI layers. Self-protection methods are applicable if a cyberattack occurs at one particular layer. Specialized technologies comprehensively filter botnet traffic using several tools at once, which helps secure all layers L3-L7.
• You’ll get only a “clear” traffic. The protection system of hosting providers processes the incoming traffic before it reaches your server. All operations on “clearing” Internet traffic do not reduce your performance.
• Scalability. Since you don’t need to integrate protection into your own IT infrastructure, you don’t have to rebuild the architecture and buy more equipment when expanding. You just need to choose a more suitable tariff.
• Technical support during accidents. Attackers constantly invent sophisticated ways and approaches, and if your server becomes a target for a bot invasion, you won’t be left alone with the problem and you can count on professional help.
• Big capacities. Hosting companies that provide DDoS protection have a powerful dedicated internal infrastructure, designed specifically to clean up requests that can not be compared to the capabilities of a single project.

So what to do?

The impact of DDoS attacks on businesses is increasing proportionately with the degree of digitization of the economy and the growing “Internet addiction” of companies. For many projects, the failure of a website, even for one day, means huge losses. Attackers uses the newest technologies and discover new vulnerabilities. It looks like a real war between hackers and coders: who will outsmart whom. And to protect yourself in this war, it is better to seek for a professional IT-service.

Melbicom provides professional DDoS attack protection services. The distinctive feature of this service is charging regardless of the attack volume, 24-hour technical support, as well as combined (hardware/software) traffic verification mechanisms.