Skip to content

docs(plans): non-AWS bare metal cost+feasibility for worker pps scaling (research)#78

Draft
skullcrushercmd wants to merge 1 commit intomainfrom
research/non-aws-perf-platforms
Draft

docs(plans): non-AWS bare metal cost+feasibility for worker pps scaling (research)#78
skullcrushercmd wants to merge 1 commit intomainfrom
research/non-aws-perf-platforms

Conversation

@skullcrushercmd
Copy link
Copy Markdown
Contributor

@skullcrushercmd skullcrushercmd commented Apr 28, 2026

Summary

Research-only planning doc — no engine code, no script changes. Scopes the cost and feasibility of moving AnyScan port-scanner workers off AWS to non-AWS bare metal with Mellanox/mlx5 ConnectX NICs, motivated by the ENA-on-kernel-≤6.19.11 driver-mode AF_XDP zerocopy gap that caps c6in.metal at ~22M pps.

The doc covers Equinix Metal, Hetzner, OVH, Latitude.sh, Vultr BM, and Servers.com:

  • Hardware (NIC count/speed/vendor), pricing snapshot 2026-04-28
  • mlx5 driver-mode AF_XDP zerocopy verified directly in the kernel source (drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c)
  • Egress allowances, provisioning model, IPv4/IPv6 story
  • AUP review for scanner workloads — the dominant constraint

Headline findings

  • Equinix Metal is sunsetting 2026-06-30. Not a long-term destination.
  • Hetzner and OVH explicitly prohibit port scanning. Best $/Mpps on hardware grounds, but eliminated by ToS.
  • Latitude.sh is the primary candidate. Fair-Usage Policy is DDoS-focused with no explicit port-scan ban; needs written AUP confirmation before commit. Gen-4 rs4.metal.large (2× 100G, $1,471/mo) is the recommended experiment box.
  • Servers.com EBM is the credible backup (custom build, Mellanox available, sales-quoted).
  • mlx5 driver-mode zerocopy is well-supported in mainline (since ~5.5); kernels we'd actually run (Ubuntu 24.04 HWE 6.8, Rocky/RHEL 9 + ELRepo, Debian 12 backports) all have it.

Recommended path

A single-instance, two-week, $2k-ceiling experiment on Latitude.sh rs4.metal.large, gated on (1) written AUP confirmation, (2) NIC-vendor confirmation (Mellanox vs Broadcom), (3) egress overage rate. Hypothesis: ≥45M pps (≥2× ENA-AF_XDP), $/Mpps in the $15–18/mo range vs ~$249 on c6in.metal.

Test plan

  • Reviewers: validate the cost-per-Mpps comparison table against your own pricing checks
  • Confirm the AUP read on Latitude.sh — has anyone here run scanner traffic on Latitude.sh?
  • Validate the assumption that rs4.metal.large is Mellanox at 100G (the doc flags this as "confirm before commit")
  • Sanity-check the §3.5 cost ceiling and §3.6 timeline against current sales-cycle expectations

🤖 Generated with Claude Code

@claude
docs(plans): scope non-AWS bare metal candidates for AnyScan worker p…
a3ec30b 
…ps scaling

ENA on kernel ≤6.19.11 has no driver-mode AF_XDP zerocopy, capping c6in.metal
at ~22M pps. Survey enumerates Equinix Metal, Hetzner, OVH, Latitude.sh,
Vultr BM, and Servers.com on hardware (Mellanox/mlx5 ConnectX), pricing,
mlx5 zerocopy support in mainline (verified against
drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c), egress, and AUP for
scanning.

Headline finding: AUP risk dominates $/Mpps. Hetzner and OVH explicitly
prohibit port scanning; Equinix Metal is sunsetting 2026-06-30; Latitude.sh
is the credible primary candidate (Fair Usage Policy is DDoS-focused with no
explicit port-scan ban) with Servers.com EBM as backup. Doc proposes a
$2k-ceiling experiment on Latitude.sh rs4.metal.large (2× 100G, $1,471/mo)
gated on written AUP and NIC-vendor confirmation.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skullcrushercmd