Changes to NatVPS

1568101115

Comments

  • YmpkerYmpker OGContent Writer

    @natvps_uk said:

    @Ympker said:

    @natvps_uk said:
    SSH Key support has been released for instance customers. This will eventually be available for VPS' as well, hopefully in the next release.

    SSH Keys must be in the ssh-rsa format, ssh-dss keys are not supported.

    It should be fairly self explanatory but documentation will follow.

    When creating a new instance and providing SSH Key, will there be an option to have pw auth disabled by default? I believe this was the case with e.g. Lunanode.

    Not currently:

    It is still down to the client to disable password based login, the way this works currently is a 100 character randomly generated password is set for root - this is never stored and is generated on the node therefore it is never passed in transit either.

    Its unlikely that password based login will be removed due to the possibility of community templates using different SSH clients making this fairly tricky although its still very secure using this method.

    You almost always reply instantly to my posts lol

    Gotcha, thanks :)

  • @natvps_uk said:
    Announcement:
    We have disabled vswap for instances users on the UK nodes, this was being heavily abused by people creating 64MB instances and forcing everything into swap. As this node is on HDDs it was impacting the limited disk performance fairly substantially.

    Along with this change we will be looking at provisioning a new UK node on SSDs, we will not be forcing a migration although VPS users can request to migrate to this node (whilst stocks last) and instance users can simply deploy a new instance on this node.

    We do not yet have a date for the provisioning of the SSD UK node although we will announce it here.

    We're sorry for any inconvenience this may cause, in the meantime we will be offering additional RAM to instance users that were previously relying on vswap, simply open a ticket and we will allocate the memory you require - you will not need to re-provision your instance. Please note that this offer will not apply to newly created instances - Instances should be provisioned with the amount of resources that you require and not intentionally underspec'd.

    We never advertised or sold the fact that these services came with vswap, we simply added it to help with lower specification instances and we will continue to do so on SSD nodes.

    I opened a ticket but still no reply since 6 days. May you please take a look? Ticket number is #LKX-040803. Thank you in advance.

    I like your offer very much. Everthing is stable except the VMs which rely on vswap.

  • MicronodeMicronode Hosting Provider

    @flo82 said:

    @natvps_uk said:
    Announcement:
    We have disabled vswap for instances users on the UK nodes, this was being heavily abused by people creating 64MB instances and forcing everything into swap. As this node is on HDDs it was impacting the limited disk performance fairly substantially.

    Along with this change we will be looking at provisioning a new UK node on SSDs, we will not be forcing a migration although VPS users can request to migrate to this node (whilst stocks last) and instance users can simply deploy a new instance on this node.

    We do not yet have a date for the provisioning of the SSD UK node although we will announce it here.

    We're sorry for any inconvenience this may cause, in the meantime we will be offering additional RAM to instance users that were previously relying on vswap, simply open a ticket and we will allocate the memory you require - you will not need to re-provision your instance. Please note that this offer will not apply to newly created instances - Instances should be provisioned with the amount of resources that you require and not intentionally underspec'd.

    We never advertised or sold the fact that these services came with vswap, we simply added it to help with lower specification instances and we will continue to do so on SSD nodes.

    I opened a ticket but still no reply since 6 days. May you please take a look? Ticket number is #LKX-040803. Thank you in advance.

    I like your offer very much. Everthing is stable except the VMs which rely on vswap.

    We will get back to you, there is a backlog on support at the moment and you are in a queue.

    Thanked by (1)flo82
  • MicronodeMicronode Hosting Provider
    edited February 2023

    New Primary Location!

    We have added a new permanent location to Micronode instances, Limburg, Germany 🇩🇪.

    Node Specifications:

    • Intel(R) Xeon(R) CPU D-1541 4c/8t
    • NVME RAID 1
    • 32GB DDR4
    • 10 Gigabit Port (250Mbps Upload)

    This is available immediately for instance customers. VPS customers will have to wait another few days before we get an offer out.

    For anyone wanting to try this who doesn’t currently have instance credits they can be purchased here: https://clients.natvps.uk/index.php?rp=/store/micronode-instances/1-credit

    YABS from an Instance:

        ## # ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
        #              Yet-Another-Bench-Script              #
        #                     v2022-12-29                    #
        # https://github.com/masonr/yet-another-bench-script #
        # ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
        
        Thu Feb  9 23:24:25 UTC 2023
        
        Basic System Information:
        ---------------------------------
        Uptime     : 0 days, 0 hours, 5 minutes
        Processor  : Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz
        CPU cores  : 1 @ 800.061 MHz
        AES-NI     : ✔ Enabled
        VM-x/AMD-V : ✔ Enabled
        RAM        : 352.0 MiB
        Swap       : 256.0 MiB
        Disk       : 25.5 GiB
        Distro     : Debian GNU/Linux 10 (buster)
        Kernel     : 4.19.0
        
        fio Disk Speed Tests (Mixed R/W 50/50):
        ---------------------------------
        Block Size | 4k            (IOPS) | 64k           (IOPS)
          ------   | ---            ----  | ----           ---- 
        Read       | 74.01 MB/s   (18.5k) | 133.96 MB/s   (2.0k)
        Write      | 74.20 MB/s   (18.5k) | 134.67 MB/s   (2.1k)
        Total      | 148.22 MB/s  (37.0k) | 268.64 MB/s   (4.1k)
                   |                      |                     
        Block Size | 512k          (IOPS) | 1m            (IOPS)
          ------   | ---            ----  | ----           ---- 
        Read       | 105.16 MB/s    (205) | 99.33 MB/s      (97)
        Write      | 110.75 MB/s    (216) | 105.95 MB/s    (103)
        Total      | 215.92 MB/s    (421) | 205.29 MB/s    (200)
        
        iperf3 Network Speed Tests (IPv4):
        ---------------------------------
        Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
        -----           | -----                     | ----            | ----            | ----           
        Clouvider       | London, UK (10G)          | 242 Mbits/sec   | 3.36 Gbits/sec  | 12.7 ms        
        Scaleway        | Paris, FR (10G)           | busy            | busy            | 9.94 ms        
        NovoServe       | North Holland, NL (40G)   | 242 Mbits/sec   | 3.97 Gbits/sec            | 9.27 ms        
        Uztelecom       | Tashkent, UZ (10G)        | 232 Mbits/sec   | 750 Mbits/sec   | 93.7 ms        
        Clouvider       | NYC, NY, US (10G)         | 230 Mbits/sec   | 709 Mbits/sec   | 85.8 ms        
        Clouvider       | Dallas, TX, US (10G)      | busy            | 642 Mbits/sec   | 121 ms         
        Clouvider       | Los Angeles, CA, US (10G) | 221 Mbits/sec   | 680 Mbits/sec   | 146 ms  
        
        iperf3 Network Speed Tests (IPv6):
        ---------------------------------
        Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
        -----           | -----                     | ----            | ----            | ----           
        Clouvider       | London, UK (10G)          | busy            | busy            | 12.8 ms        
        ping: ping6.online.net: Name or service not known
        Scaleway        | Paris, FR (10G)           | busy            | 3.41 Gbits/sec  |                
        NovoServe       | North Holland, NL (40G)   | 239 Mbits/sec   | 5.53 Gbits/sec  | 9.25 ms        
        Uztelecom       | Tashkent, UZ (10G)        | 224 Mbits/sec   | 806 Mbits/sec   | 93.6 ms        
        Clouvider       | NYC, NY, US (10G)         | 229 Mbits/sec   | 866 Mbits/sec   | 85.8 ms        
        Clouvider       | Dallas, TX, US (10G)      | 223 Mbits/sec   | 833 Mbits/sec   | 121 ms         
        Clouvider       | Los Angeles, CA, US (10G) | busy            | 645 Mbits/sec   | 146 ms 
    
    Thanked by (5)ehab sh97 flo82 Ympker ruets
  • i am happy to see Germany node.

    congrats and i wish you good sales.

    Thanked by (1)Ympker
  • Still waiting for Finland loc.

    Btw, some bugs when creating SSH Key.
    If you press back, it will show false slider info like RAM and Storage.

    Thanked by (1)Ympker
  • My 96MB Germany instance running wireguard

    Basic System Information:
    ---------------------------------
    Uptime     : 0 days, 13 hours, 31 minutes
    Processor  : Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz
    CPU cores  : 1 @ 931.823 MHz
    AES-NI     : ✔ Enabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 96.0 MiB
    Swap       : 256.0 MiB
    Disk       : 4.9 GiB
    Distro     : Debian GNU/Linux 10 (buster)
    Kernel     : 4.19.0
    
    fio Disk Speed Tests (Mixed R/W 50/50):
    ---------------------------------
    Block Size | 4k            (IOPS) | 64k           (IOPS)
      ------   | ---            ----  | ----           ----
    Read       | 35.62 MB/s    (8.9k) | 54.57 MB/s     (852)
    Write      | 35.73 MB/s    (8.9k) | 55.02 MB/s     (859)
    Total      | 71.35 MB/s   (17.8k) | 109.59 MB/s   (1.7k)
               |                      |
    Block Size | 512k          (IOPS) | 1m            (IOPS)
      ------   | ---            ----  | ----           ----
    Read       | 114.04 MB/s    (222) | 15.75 MB/s      (15)
    Write      | 120.10 MB/s    (234) | 17.58 MB/s      (17)
    Total      | 234.14 MB/s    (456) | 33.33 MB/s      (32)
    
    iperf3 Network Speed Tests (IPv4):
    ---------------------------------
    Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping
    -----           | -----                     | ----            | ----            | ----
    Clouvider       | London, UK (10G)          | 242 Mbits/sec   | 2.84 Gbits/sec  | --
    Scaleway        | Paris, FR (10G)           | 242 Mbits/sec   | 2.21 Gbits/sec  | --
    NovoServe       | North Holland, NL (40G)   | 243 Mbits/sec   | 3.41 Gbits/sec  | --
    Uztelecom       | Tashkent, UZ (10G)        | 226 Mbits/sec   | 892 Mbits/sec   | --
    Clouvider       | NYC, NY, US (10G)         | 231 Mbits/sec   | 685 Mbits/sec   | --
    Clouvider       | Dallas, TX, US (10G)      | 225 Mbits/sec   | 619 Mbits/sec   | --
    Clouvider       | Los Angeles, CA, US (10G) | 218 Mbits/sec   | 590 Mbits/sec   | --
    
    Thanked by (2)Micronode Ympker
  • YmpkerYmpker OGContent Writer

    @ehab said:
    i am happy to see Germany node.

    congrats and i wish you good sales.

    Awesome! Happy to see Germany along with 10Gbps :)

    Thanked by (1)ehab
  • YmpkerYmpker OGContent Writer

    Loving it:

    Retrieving speedtest.net server list...
    Selecting best server based on ping...
    Hosted by Deutsche Telekom (Hamburg) [1.82 km]: 11.315 ms
    Testing download speed........
    Download: 1396.56 Mbit/s
    Testing upload speed.............
    Upload: 220.54 Mbit/s
    
    Thanked by (1)Micronode
  • @natvps_uk

    Success! Your instance has bow been created!

    Is it a typo or intended?

    Thanked by (3)Micronode Ympker cochon
  • MicronodeMicronode Hosting Provider

    @Fritz said:
    @natvps_uk

    Success! Your instance has bow been created!

    Is it a typo or intended?

    Typo, now fixed.

  • MicronodeMicronode Hosting Provider

    Our South Korea location is now back in stock for Instance users with a few minor changes.

    Korea is by far the most expensive node we have, we have just substantially upgraded this to allow stock in this location for the foreseeable future.

    Down to the cost of bandwidth in this location and the amount of abuse on this node we have limited the bandwidth to 100GB per month per instance credit.

    None of our instance users have used this much bandwidth in the last 4 months therefore we don't believe it will cause too much drama however this was a decision that we did not take lightly and it is the only way we can profitably sustain this location.

    We will give all users that need more bandwidth the opportunity to purchase more at cost. We pay £0.01 per GB in this location and we would be happy to pass this cost on to any client that wishes to have more Bandwidth in this location.

    We also have plans to implement a new Asian location with unlimited bandwidth fairly soon.

    For anyone that does not currently have a KR instance enjoy the new stock!

    Thanked by (2)ElonBezos go626201
  • @natvps_uk said:
    Down to the cost of bandwidth in this location and the amount of abuse on this node we have limited the bandwidth to 100GB per month per instance credit.

    Does 100GB count on egress only or sum of both directions?

    What happens if the 100GB limit is reached?
    Does the network connection get suspended, or does it have snail speed unmetered network?

    Suppose an account has 2 credits, one expiring on Nov 15 and another expiring on Dec 01.
    The account has one Korea container, whose RAM and storage do not exceed one credit.
    In the month of November, how much bandwidth can be used, 100GB or 150GB or 200GB?

  • MicronodeMicronode Hosting Provider

    @yoursunny said:

    @natvps_uk said:
    Down to the cost of bandwidth in this location and the amount of abuse on this node we have limited the bandwidth to 100GB per month per instance credit.

    Does 100GB count on egress only or sum of both directions?

    Both directions.

    What happens if the 100GB limit is reached?
    Does the network connection get suspended, or does it have snail speed unmetered network?

    We get notified and contact the client to arrange a mutual agreement. If the client wants to pay for additional bandwidth they will have that option, failing that it would be service suspension.

    Suppose an account has 2 credits, one expiring on Nov 15 and another expiring on Dec 01.
    The account has one Korea container, whose RAM and storage do not exceed one credit.
    In the month of November, how much bandwidth can be used, 100GB or 150GB or 200GB?

    200GB, the bandwidth limit starts in the 1st of the month and ends on the 1st of the following month.

    Thanked by (1)yoursunny
  • NatVPS-512m-UK

    can you use wireguard / wireguard-go in this one?

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • @Encoders said:

    NatVPS-512m-UK

    can you use wireguard / wireguard-go in this one?

    WireGuard no.
    Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard, at least for LXC based location such as Amsterdam.

    WireGuard-go yes.
    But it's buggy and slow userspace implementation instead of polished and fast kernel implementation.

    Thanked by (1)Encoders
  • @yoursunny said:
    WireGuard no.
    Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard, at least for LXC based location such as Amsterdam.

    WireGuard-go yes.
    But it's buggy and slow userspace implementation instead of polished and fast kernel implementation.

    well that's a shame, i hope there's some explanation why they refused to do it. security concern maybe? but that's high unlikely.
    I'll wait a bit until they respond i guess (for refusing to load the kernel module) otherwise-- meh userspace is good enough i guess

    Thanked by (1)bliss

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • Userspace is good enough.

    Thanked by (3)Encoders bdl Micronode
  • @Encoders said: well that's a shame, i hope there's some explanation why they refused to do it. security concern maybe? but that's high unlikely.

    Glad to hear that we think alike.

    @yoursunny said: Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard,

    MicroLXC is lovable. Uptime of C1V

  • MicronodeMicronode Hosting Provider

    @yoursunny said: Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard

    Absolutely a security concern, I doubt the wireguard team support this and I’d be even more surprised if it was tested officially on OpenVZ.

    We can’t just load kernel modules on a shared kernel without fully understanding the risks.

  • @natvps_uk said: Absolutely a security concern, I doubt the wireguard team support this and I’d be even more surprised if it was tested officially on OpenVZ.

    If security is a high priority, then you should just stop that micro-node control panel and switch to other widely used ones.Because I don't your developing skills can match that widely used ones'.
    Most providers here don't offer that control panel, actually as far as I know, none of the providers here use that.

    MicroLXC is lovable. Uptime of C1V

  • edited February 2023

    @bliss said:

    @natvps_uk said: Absolutely a security concern, I doubt the wireguard team support this and I’d be even more surprised if it was tested officially on OpenVZ.

    If security is a high priority, then you should just stop that micro-node control panel and switch to other widely used ones.Because I don't your developing skills can match that widely used ones'.
    Most providers here don't offer that control panel, actually as far as I know, none of the providers here use that.

    On the other hand, wireguard has been absorbed into the kernel for more than 2 years.
    If you really think wireguard might breach security holes, then compile and run a customized kernel.

    MicroLXC is lovable. Uptime of C1V

  • MicronodeMicronode Hosting Provider

    Most providers here don't offer that control panel, actually as far as I know, none of the providers here use that.

    They don’t have access to it, it’s our in house panel.

    We take security seriously, the panel is pentested regularly and we follow best practices.

    Thanked by (3)Ympker sh97 ElonBezos
  • MicronodeMicronode Hosting Provider
    edited February 2023

    On the other hand, wireguard has been absorbed into the kernel for more than 2 years.

    On the other hand wireguard-go has been considered stable for years, it is used on the Windows application for example.

    We can’t just add every kernel module someone asks for, that’s not how we work.

    Thanked by (3)bdl Brueggus ElonBezos
  • @natvps_uk said:
    We can’t just add every kernel module someone asks for, that’s not how we work.

    This! @natvps_uk 's business, @natvps_uk 's rules!

    Thanked by (1)Micronode
  • @natvps_uk said:

    @yoursunny said: Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard

    Absolutely a security concern, I doubt the wireguard team support this and I’d be even more surprised if it was tested officially on OpenVZ.

    We can’t just load kernel modules on a shared kernel without fully understanding the risks.

    WireGuard kernel module is officially tested on LXC.
    In fact, it's designed for such use cases: network namespaces.
    Thus, you can safely load this module in Amsterdam location that uses LXC.

  • MicronodeMicronode Hosting Provider

    @yoursunny said:

    @natvps_uk said:

    @yoursunny said: Provider refuses to load the kernel module, despite that it's literally one line modprobe wireguard

    Absolutely a security concern, I doubt the wireguard team support this and I’d be even more surprised if it was tested officially on OpenVZ.

    We can’t just load kernel modules on a shared kernel without fully understanding the risks.

    WireGuard kernel module is officially tested on LXC.
    In fact, it's designed for such use cases: network namespaces.
    Thus, you can safely load this module in Amsterdam location that uses LXC.

    I’m happy to enable it in LXC locations, that’s really not an issue.

    The issue here is the lack of support on OpenVZ and the fact that we have to compile the module with several patches and maintain it.

  • edited February 2023

    @natvps_uk said:
    We have disabled vswap for instances users on the UK nodes, this was being heavily abused by people creating 64MB instances and forcing everything into swap. As this node is on HDDs it was impacting the limited disk performance fairly substantially.
    Instances should be provisioned with the amount of resources that you require and not intentionally underspec'd.

    Ubuntu 22.04 apt update command crashes on 64MB without swap, even if I stopped everything.
    I think it should be acceptable to use some swap during installation and upgrades, but not during normal operation.

    I deleted UK instance and created Germany instances, which has swap.
    There's no way to modify a loadbalancer, so I have to delete and re-create it too.
    This causes downtime because TLS certificate isn't provisioned on the new loadbalancer right away.

    In an attempt to reproduce the apt update failure, I created another UK instance but it has swap again.
    Does this mean the UK SSD node has arrived?

  • MicronodeMicronode Hosting Provider
    edited February 2023

    @yoursunny said:

    @natvps_uk said:
    We have disabled vswap for instances users on the UK nodes, this was being heavily abused by people creating 64MB instances and forcing everything into swap. As this node is on HDDs it was impacting the limited disk performance fairly substantially.
    Instances should be provisioned with the amount of resources that you require and not intentionally underspec'd.

    Ubuntu 22.04 apt update command crashes on 64MB without swap, even if I stopped everything.
    I think it should be acceptable to use some swap during installation and upgrades, but not during normal operation.

    I deleted UK instance and created Germany instances, which has swap.
    There's no way to modify a loadbalancer, so I have to delete and re-create it too.
    This causes downtime because TLS certificate isn't provisioned on the new loadbalancer right away.

    Loadbalancer and instance editing is coming very soon, the work is almost complete we just need to write tests. It should be available as a beta by the end of the week - happy to add your account to the beta program.

    This will allow you to add additional RAM to an instance for maintenance then remove it afterwards. It will also allow you to add and remove instances from an LB without any downtime although if the dns name isn’t changing the cert will likely not be regenerated - they remain cached for 24 hours.

    Thanked by (1)yoursunny
  • @yoursunny said:

    @natvps_uk said:
    We have disabled vswap for instances users on the UK nodes, this was being heavily abused by people creating 64MB instances and forcing everything into swap. As this node is on HDDs it was impacting the limited disk performance fairly substantially.
    Instances should be provisioned with the amount of resources that you require and not intentionally underspec'd.

    Ubuntu 22.04 apt update command crashes on 64MB without swap, even if I stopped everything.
    I think it should be acceptable to use some swap during installation and upgrades, but not during normal operation.

    I deleted UK instance and created Germany instances, which has swap.
    There's no way to modify a loadbalancer, so I have to delete and re-create it too.
    This causes downtime because TLS certificate isn't provisioned on the new loadbalancer right away.

    In an attempt to reproduce the apt update failure, I created another UK instance but it has swap again.
    Does this mean the UK SSD node has arrived?

    Having the same problem. Not able to install security updates.
    Createt a ticket a while ago... still no reply :-(

Sign In or Register to comment.