tl;dr Trialing SDR-based servers (Valve's "VPN"), available now in EU and NA, give them a go
Over the past 6 months there has been a large increase in the amount, size and complexity of DDoS attacks. Some of the DDoS protection offered by our providers proved to be ineffective, with no fix in sight.
In EU, only the servers hosted by OVH proved resilient, while in NA, only the servers hosted by NFO proved sufficiently protected against most attacks.
For EU we were able to add a second location (Germany, PetraBrigade) with OVH DDoS protection, since not everyone has great routing to France. In NA we would have liked to have NFO Dallas as a reliable DDoS-protected location in addition to NFO Chicago. Unfortunately their anti-DDoS capabilities in Dallas proved insufficient.
Thanks to community member and server hoster Rob (Rob#9019), we were able to add two very powerful Dallas-based servers with anti-DDoS (DAL3+DAL4).
In addition to these new DDoS protected servers we're also trialing a new kind of server. A couple of weeks ago, Valve added SDR support to TF2. SDR is kind of like a VPN for gaming traffic, already used to keep DOTA and CS:GO servers safe from DDoS.
Both the server and players get private IPs, which is good for your privacy and good for keeping the real IP of the server a secret. Apart from privacy and DDoS protection, SDR can also help with routing, especially over longer distances, so it can even improve your ping in some cases.
Starting today we're trialing SDR in EU and NA. In EU, we've added a Dutch machine in a new location, and the servers on that machine are only reachable through SDR.
In NA, we've added a machine located in Dallas, also at a new datacenter, again only reachable through SDR.
What this means for you:
You make a reservation for these servers just like normal, SDR servers are clearly named. After making the reservation you get a preliminary IP and port. These can still change if the server has to receive a full reboot before your reservation starts (e.g. a TF2 update), so if you can't connect, check back once your reservation has fully launched for the final IP and port. This can take about a minute longer than you're used to.
The IP and port for an SDR is in the 169.254.xxx.xxx range. Normally this is a private IP range, but your TF2 takes care of connecting to this "fake" ip properly. In addition to the server having this fake IP, you as a player also get a fake IP in this same range. So as a server hoster, we never get to see your real IP, which is a nice privacy bonus.