Anti-DDoS >


Hows does OVH counteract the DDoS attacks?




Managing DDoS attacks: Each step



The 4 stages of managing an attack:


1) The server is operational - no attack


Internet-based services are used without any problem. The traffic passes through the backbone of our network then arrives at the datacentre. Finally it is handled by the server that sends back the responses over the internet.


InternetServerBACKBONE
ROUTERS
DATACENTRE
ROUTERS


2) The DDoS attack begins


the attack is launched via the internet and on the backbone. Given the surplus capacity of the bandwidth on the backbone, the attack will not cause saturation on any link. The attack reaches the server, which begins to handle the initial attack. At the same time, analysis of the traffic flags up that an attack is underway and thus triggers the mitigation.


InternetServerBACKBONE
ROUTERS
DATACENTRE
ROUTERS


3) Mitigation of the attack


Mitigation is activated between 1 and 60 second(s) after the onset of the attack. Incoming traffic to the server is vacuumed by the VACs, a set of devices with a total mitigation capacity of 3 Tbps hosted in 9 OVH datacentres. The attack is blocked regardless of its type and with no time or size limit. Legitimate traffic goes through the VAC and finally arrives at the service. The server then directly answers without going through the VAC again. This process is called auto-mitigation.


InternetServerBACKBONE
ROUTERS
DATACENTRE
ROUTERS


4) End of the attack


Generating an attack is costly, and even more so when it is ineffective. After a certain time has passed, the attack will come to an end. Auto-mitigation is maintained for 26 hrs after the attack has ended. This means any new attack that occurs within a few minutes, a few hours or 24 hours will be blocked. After just 26 hours, auto-mitigation is disabled, but it remains ready to be reactivated on detection of a new attack.


InternetServerBACKBONE
ROUTERS
DATACENTRE
ROUTERS