Question

Does increasing droplet size increase instantaneous throughput?

Posted January 18, 2020 397 views
SecurityDigitalOcean

Of all the articles and forum posts I’ve read, Digital Ocean seems very hand-wavy about their droplet networking capabilities. To clarify, I’m not talking about the “monthly bandwidth allowance,” I’m talking about download/upload speeds and total network throughput of a droplet.

Explanation

I’m running a pfSense router as a $5/month droplet. I’m a university student, but I have my own server that I want to run services on. Since I’m behind their firewall, I can’t do this directly, so I run a pfSense site-to-site VPN into the DO cloud to give my local server running in my dorm a “public IP” that I can port forward with.
But my roommate and I are about to announce a game server, giving the IP of the Digital Ocean droplet/router as the connect address. Seeing as how I’m currently at one of the few universities in the US that offer the cybersecurity major, I’m definitely expecting some attacks on my systems and network.
Obviously I’ve locked everything down from a security standpoint, but I’ve hit a roadblock in terms of protecting from brute-force DDoS attacks, since Digital Ocean doesn’t natively provide protection.

Question

I can’t seem to find a straight answer to my question: can I get more throughput (thus being able to operate under higher-bandwidth DDoS attacks) by upgrading to a higher tier droplet, or do they only provide better system specs?
I’m not looking to protect against serious multi-gigabit attacks; I know that I’m kinda screwed there. I’m simply looking to mitigate some dolt with a Raspberry Pi and a university-grade internet connection from taking out my entire network infrastructure.

Side note

It’s not that difficult to run a DoS/DDoS against a $5 droplet. A simple hping3 script running on a handful of computers can easily saturate its bandwidth and knock out service. During a stress test, my droplet wasn’t able to handle any more than 235 Mb/s inbound, which is relatively high compared to many consumer-grade connections, but that’s an upload speed that you could easily find at our local library and run on a single laptop with a gigabit card.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

I believe that the throughput would still be the same, you would get extra resources like RAM, CPUs, SSD storage and Bandwidth.

What you could do is to simple disable ICMP via your firewall, this way hping would not be able to harm you in any way. You can also sing up for a free CDN service like CloudFlare which also comes with free DDOS protection.

ya.. I had the same question years ago (when digital ocean was still in its infancy). Didn’t get a clear answer back then, so I decided to try one of their servers to test the throughput myself.

Back in the day, digial ocean throughput wasn’t reliable, used to fluctuate a lot, so I switched away to a different service, and used to come back every few years to test the throughput only to find the same fluctuation issue.

The service that I continue to go back to for reliable throughput (and they show you your network throughput in the dashboard before creating a server) is rackspace.

Linode has the same reliability issues as digial ocean when it comes to throughput.

And Amazon AWS also hide throughput information, but they have better, more stable throughput than Linode / digital ocean.

Hope this helps

Submit an Answer