Discover how RoyaleHosting evolved from game hosting to providing enterprise-grade services with robust DDoS protection

After conducting numerous interviews with long-standing customers of NL-ix, we now turn our focus to a new customer. This time, we traveled to Dedemsvaart to speak with Stan, the CEO of RoyaleHosting. Stan started his company at the remarkably young age of 12, and we are eager to learn about his journey, now seven years later. Naturally, we didn't miss the chance to celebrate with cake.

Who is RoyaleHosting and what do you do?

At RoyaleHosting we provide enterprise-grade hosting, Transit, and colocation services backed with industry-leading DDoS protection. We began our journey as a game hosting provider, in a market notorious for DDoS attacks. As a result, we used various datacenters and Transit providers but couldn't find a solution that adequately protected us. This challenge led us to move towards creating our secure network, offering safe hosting environments for customers frequently targeted by DDoS attacks. Meanwhile, we have ceased game hosting entirely.

Stan van de Klippe , CEO @ RoyaleHosting

Today, we provide hosting, Transit, and colocation services, granting our customers Internet access through a highly secure network with unique in-house developed DDoS protection. This network leverages the knowledge and experience gained from our game hosting times, combined with subsequent knowledge. We offer our customers innovative tools to set up their firewalls as needed and provide detailed insights into attacks.

What specific measures have you implemented for DDoS mitigation?

Our network consists of multiple layers, which are focused on mitigating DDoS attacks. The first layer utilizes flow-spec-based mitigation, leveraging our suppliers' backbones to filter out the majority of attacks.

The second layer consists of our shield panel which allows our customers to create firewall rules at our network edge. Customers often enable protections for commonly attacked ports, such as SSH on port 22. These types of attacks are often amplification attacks which are very server resource-intensive to filter out when they arrive.

The third layer incorporates Corero technology, and the fourth is a custom layer we've developed ourselves. This layer can filter very specifically in a way that all three previous layers cannot, and completely filters out the last part of the attack.

For example, our software tracks all connections from IP addresses, blocking second connections from the same IP to prevent common yet frequently overlooked spoofing attacks.

Additionally, within our network, traffic from different customer servers is routed through our core network. We filter not only external traffic but also internal traffic. This prevents someone from maliciously renting a server with us and attacking servers internally.

I really value open, direct communication and the option to call if needed. The Internet will always have issues, but having someone to talk to when problems arise is essential

Stan van de Klippe , CEO @ RoyaleHosting

What is the most important thing RoyaleHosting wants to offer its customers?

Our customer-centric approach. Routine support problems and questions through our support desk are solved within hours. We strive to try and help our customers as efficiently as possible, and we recognize many of their stress and problems—we've been there ourselves.

I also appreciate this exactly for NL-ix—the ability to directly reach out if necessary is simple. I think this is also important for my customers, but I would also like to experience this myself with my suppliers. It mirrors our approach, allowing quick communication and problem-solving.

I also noticed a degree of mutual appreciation and interest at NL-ix in each other's product, that bit of human touch is often missing in companies. Our experience with NL-ix so far has been very good, the provisioning process went smoothly and we are growing in traffic. We have a stack at our Nikhef location and we also link there with NL-ix. Since we connected to NL-ix, we have added a lot of new peers with whom we connect directly. We prefer having our traffic sent to us through NL-ix, not through Transit. Providing us with lower latency connections.

We built our network from the ground up to tackle huge spikes in traffic. Our network uses between 500 and 600 gigabits of active traffic, but during attacks, we sometimes experience peaks of up to 3 terabits. The entire chain, including suppliers, is designed to handle large peaks, even though we don't always need that capacity. In addition, our network is extremely efficient, we optimize power consumption with everything we do. We want to keep our costs as low as possible, but also for our customers, and avoid unnecessary electricity expenses.

Regarding DDoS attacks, how many are you dealing with?

If I take a look now, I see 5,504 attacks that we've had to deal with in the last 30 days, with notable volumes of 200 gigabits, 400 gigabits, and 188 gigabits. We filter the largest volumes outside our network, so the initial attacks are much more significant. At the customer level, we log and analyze all attacks, continuously perfecting our mitigation efforts.

All attacks received by RoyaleHosting are recorded in detail through logs. We also report these to the police with the hope that action can be taken, although many attackers are minors and unaware of the damage they cause. They can launch an attack for as little as ten or twenty euros, but it costs millions to filter out the damage caused.

Have you noticed any changes in the types of DDoS attacks over time?

What we see is that there are many more politically motivated attacks happening these days, a kind of Internet activism. For example, Ukrainian websites, or anything related to the Israel-Palestine conflict. COVID-19 was also such a topic. In all cases, they disrupt business and as a company, you have to do something about it.

What is your ultimate goal for RoyaleHosting?

My big dream is to continue to expand our locations, currently, we are in Amsterdam and New York, but we are also going to support Singapore and Los Angeles shortly. We want to have a quality presence everywhere, and then we can anycast our network. If an attack arrives in Europe, it is filtered in Europe, even if the server is in North America; which we already do, but not at a global scale.

Another wish is for companies to understand that DDoS protection is essential. Many companies still think that it is optional, but with all the developments now, that is simply no longer the case. The costs of the damage often outweigh the costs of preventing it.