An attack is detected using real-time analysis of the netflow sent by the routers, which analyze 1/2000 of the traffic that goes through them. The VAC analyes the reports, and compares them to the characteristics of DDoS attacks. If a similarity is detected, mitigation is then triggered automatically.
The analysis of characteristics is measured by packets per second, or in bytes over several protocols, including:
Mitigation refers to the methods and techniques put in place in order to reduce the negative effects on a server or service targeted by a DDoS attack. Mitigation consists of filtering traffic, so that only legitimate traffic reaches the server.
The VAC, a technology designed in cooperation with OVH, carries out several filtering tasks which each have their own specific purpose. The BAC diverts the traffic to analyze it, and only lets legitimate traffic reach the server.
Services can be accessed via the internet. Traffic travels through the backbone of our network, arrives in our data centers, and is then processed by the server, which sends responses to the internet.
The attack is launched from one or more websites, and arrives in our backbone. Thanks to our very high bandwidth capacity, no links are saturated. The attack then reaches the server, which begins to process it. At the same time, the traffic analysis detects that a DDoS attack has started, and mitigation is triggered.
Mitigation begins within a few seconds. The server’s incoming traffic is vacuumed up by our VAC solution. The VAC’s hardware has a total capacity of 4 Tbit/s. The attack is then blocked without any limitation on its volume or duration, regardless of which technique it uses. Legitimate traffic is not blocked and reaches the server. This process is also called auto-mitigation, and is completely managed by us.
A DDoS attack is expensive to launch, especially if it turns out to be ineffective. After a certain amount of time, it will come to an end. Our anti-DDoS solution deactivates automatically when the attack is over, and stays ready to mitigate a new attack straight afterwards.
Measures put in place to protect your system against DDoS attacks, while letting legitimate traffic pass through.
Permanently active L7 mitigation protection, exclusive to Game servers and specifically designed for certain gaming and communication protocols.
A software program you can use to deploy custom rules for filtering traffic, giving you more adapted protection.
An infrastructure designed and deployed by us for all our services, to vacuum and mitigate traffic during a DDoS attack.