DDoS Protection


Analysis

Thumbnail

An attack is detected using real-time analysis of the netflow sent by the routers, which analyze 1/2000 of the traffic that goes through them. The VAC analyes the reports, and compares them to the characteristics of DDoS attacks. If a similarity is detected, mitigation is then triggered automatically.

The analysis of characteristics is measured by packets per second, or in bytes over several protocols, including:

  • DNS ;
  • ICMP ;
  • IP fragmentation, Null and Private ;
  • TCP Null, RST, SYN, ACK ;
  • UDP.
Thumbnail

Mitigation

Mitigation refers to the methods and techniques put in place in order to reduce the negative effects on a server or service targeted by a DDoS attack. Mitigation consists of filtering traffic, so that only legitimate traffic reaches the server.

The VAC, a technology designed in cooperation with OVH, carries out several filtering tasks which each have their own specific purpose. The BAC diverts the traffic to analyze it, and only lets legitimate traffic reach the server.






Thumbnail
Thumbnail

The server is operational

Services can be accessed via the internet. Traffic travels through the backbone of our network, arrives in our data centers, and is then processed by the server, which sends responses to the internet.

Thumbnail

Beginning of the DDoS attack

The attack is launched from one or more websites, and arrives in our backbone. Thanks to our very high bandwidth capacity, no links are saturated. The attack then reaches the server, which begins to process it. At the same time, the traffic analysis detects that a DDoS attack has started, and mitigation is triggered.

Thumbnail
Thumbnail
Thumbnail

Attack mitigation with the VAC

Mitigation begins within a few seconds. The server’s incoming traffic is vacuumed up by our VAC solution. The VAC’s hardware has a total capacity of 4 Tbit/s. The attack is then blocked without any limitation on its volume or duration, regardless of which technique it uses. Legitimate traffic is not blocked and reaches the server. This process is also called auto-mitigation, and is completely managed by us.

Thumbnail

End of the DDoS attack

A DDoS attack is expensive to launch, especially if it turns out to be ineffective. After a certain amount of time, it will come to an end. Our anti-DDoS solution deactivates automatically when the attack is over, and stays ready to mitigate a new attack straight afterwards.

Thumbnail

Thumbnail

Mitigation

Measures put in place to protect your system against DDoS attacks, while letting legitimate traffic pass through.

Thumbnail

Game Anti-DDoS

Permanently active L7 mitigation protection, exclusive to Game servers and specifically designed for certain gaming and communication protocols.

Thumbnail

Firewall Network

A software program you can use to deploy custom rules for filtering traffic, giving you more adapted protection.

Thumbnail

VAC

An infrastructure designed and deployed by us for all our services, to vacuum and mitigate traffic during a DDoS attack.


Source: https://www.ovh.co.uk/anti-ddos/