After some months with CheapVPS, I can finally write something more detailed about the issues I encountered and the general impression I got during that time.
Initial setup
As to the particular hosting solution from this provider – I’m in general satisfied. After some glitches at the beginning (they were out of stock of Xen UK machines, some setup errors occurred – both technical and order handling) most of the things (though not all) went fine. The faulty ntpd was promptly corrected, reverse DNS settings worked OK, but had to be applied manually and I’ve experienced some major problems with the firewall, but let’s do it step-by-step.
Independent clock on Xen stations
First the correction applied to keep the local clock in sync with my NTP servers.
Out of the box, Xen enforces the usage of the main node hardware clock. It’s OK as long as the node gets synced correctly. To enable per system time adjustments you have to set the following Xen parameter:
echo 1 > /proc/sys/xen/independent_wallclock
It’s more convenient and permanent to put it into /etc/sysctl.conf (this will keep it between restarts):
xen.independent_wallclock=1
For more information on this subject look for example here.
HyperVM traffic meter
At the beginning it did not want to work. I was told you had to wait some days for it to gather data, but that was not the case. Having forgotten about this issue, the meter began counting traffic after some weeks have passed (and numerous other changes & fixes have been applied on the way). Hard to say if it was fixed, physical node change made it work or something else (maybe kernel problems fixed), but it’s OK right now.
Swap issues
First, the swap partition was not installed properly. I had to add it manually into /etc/fstab:
/dev/sda2 swap swap defaults,noatime 0 0
Reducing the swappiness also helped a bit, as the VPS was very aggressive with its swapping tendencies.
So I had put the following line into /etc/sysctl.conf:
vm.swappiness = 25
Firewall issues
This one was a major problem – it took 12 days to fix it. First I requested the following modules be activated for my installation (for APF installation):
ip_tables
iptable_filter
iptable_mangle
iptable_nat
ip_nat_ftp
ip_conntrack
ip_conntrack_irc
ip_conntrack_ftp
ipt_state
ipt_multiport
ipt_limit
ipt_recent
ipt_LOG
ipt_REJECT
ipt_ecn
ipt_length
ipt_mac
ipt_multiport
ipt_owner
ipt_state
ipt_ttl
ipt_tos
ipt_TOS
ipt_tcpmss
ipt_TCPMSS
ipt_ULOG
Then after some booting issues and reworking everything from scratch (distil clean image) I got the following error:
vps:~# iptables -L
modprobe: QM_MODULES: Function not implemented
modprobe: QM_MODULES: Function not implemented
modprobe: Can’t locate module ip_tables
iptables v1.3.6: can’t initialize iptables table `filter’: iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
This was later pinned down to be an incompatibility between a x86_64 kernel and a i386 OS image:
The issue happened to be a combination between a kernel issue coupled with an issue with the template itself. This has since been fixed, and the changes have been applied to your VPS.
Network interface eavesdropping
The last thing, still under deployment (seems as if the issue had been dropped dead completely, no interest at all), is a fix for the potential network sniffing possible for all systems hosted on the same physical node.
Issuing a command like this:
tcpdump -A -s 1000 -n not host vps.example.com and not arp | grep -C 5 HTTP
revealed a lot of undesired traffic (not mine) that should not be getting through to my VPS. This applies the other way round too, so using SSL is a must for the time being. But it’s a good general precaution either not to trust shared systems. Even if they only share the virtualized physical components.
Outages
There were two major service interruptions during my hosting period with CheapVPS.co.uk. First some short brakes, but quite often (1/10/2008) due to a localised DOS attack on my rack and then on the 28th December major issues with the datacenter connectivity. But apart from that, I get quite a stable service with nice uptime and “~99,9%” availability. I’m not so sure about the 99,9% any more. Either it’s bad luck or some problems every now and then are getting normal. Not giving me the feeling of a reliable uninterrupted service. Too bad.
General impressions
As you can see, my experience with CheapVPS was not a seamless one from the beginning. But as soon as you get all the major issues straight, the service is quite decent for what you get to pay. The FILLEM promo offer was also a very nice incentive (double resources for your standard plan, a really nice bang for your bucks) and in that case it’s hard to find anything better in this price class. Still, you have to be patient, as most of the issues take a bit long to be resolved (though I can’t complain about criticals – they always get decent attention), but finally they get fixed either way. Just hope I won’t be disappointed soon by some quality degradation.
I’ve deleted the old uptime stats as they were a bit obsolete and not that reliable anyway.
For further reference, my Monitis statistics for the past 3 months:
Week 23 2009-06-01-2009-06-07 100,00%
Week 22 2009-05-25-2009-05-31 99,95%
Week 21 2009-05-18-2009-05-24 99,82%
Week 20 2009-05-11-2009-05-17 88,07%
Week 19 2009-05-04-2009-05-10 99,98%
Week 18 2009-04-27-2009-05-03 95,12%
Week 17 2009-04-20-2009-04-26 99,48%
Week 16 2009-04-13-2009-04-19 100,00%
Week 15 2009-04-06-2009-04-12 100,00%
Week 14 2009-03-30-2009-04-05 100,00%
Week 13 2009-03-23-2009-03-29 99,91%
Week 12 2009-03-16-2009-03-22 100,00%
Week 11 2009-03-09-2009-03-15 99,71%
Later on I had a major downtime (a week or so) due to VAServ problems (the whole thing with HyperVM exploit and the repercussions) so reporting for uptime during that period misses the point completely.
Now I’ve finally had some time to get everything up and running as it should be.
In the meantime I changed from Monitis to free Pingdom account. So the public reports for the main website are now available here:
http://www.pingdom.com/reports/sk6cstlmquwi/