How Our DDoS Protection Works

Nearly all of our services use multiple layers of traffic filtering to mitigate DDoS attacks. Below is a brief rundown and explanation of how the protection works, from the beginning to end.

Note: Clients can manage the network firewall and game firewall (if applicable) for IPs that they are assigned in the client area after ordering. This lets you modify network firewalls rules, enable or disable the network firewalls, and enable or disable permanent mitigation. You can read more about this feature here.

Locations this is used in:
- Montreal, Canada (OpenVZ VPS, KVM VPS, Minecraft)
- Gravelines, France (OpenVZ VPS, KVM VPS, Minecraft)
- Singapore (KVM VPS, Minecraft)
- London, UK (KVM VPS)

The Game Firewall (OVH Game) is available for the following locations:
- Montreal, CA (OpenVZ VPS & KVM Game VPS)
- London, UK (KVM Game VPS)
- Gravelines, FR (KVM Game VPS)
- Singapore (KVM VPS)

Traffic path while attack is being mitigated:
.. Public Network
... Backbone Routers 
.... Network Firewall ↓
.... Pre-Firewall ↓
.... Tilera (Game Firewall) ["Game Anti-DDoS"] ↓
.... Shield / Armor ↓
... Datacenter Routers ↓
.. Your Server

Here is an explanation of what each one does:

Pre-Firewall: The Pre-Firewall (VAC) blocks most common attacks, allowing TCP/UDP/ICMP/GRE and blocking other protocols.

Network Firewall:
The Network Firewall allows the client to add custom rules to modify traffic to their IP. This includes allowing/blocking IPs/IP ranges, allowing/blocking traffic protocols (AH,ESP,TCP,UDP,GRE,ICMP), allowing/blocking ports, allowing/blocking SYN/TCPs.

Tilera ["Game Anti-DDoS"]: The Tilera (Game Firewall) allows clients to use customized filters for blocking L7 attacks towards their game or voice servers, such as Teamspeak, Ark, Minecraft, Source/CSGO, GTA, etc. This means only legitimate user traffic to the applications will be allowed to your server. It also limits ICMP, blocks DNS amp, malformed IP/UDP header/incorrect checksum. Note: The Tilera (Game Firewall) may not available in certain locations where game servers aren't offered.

Shield / Armor:
The Shield and Armor firewalls are two mitigation layers traffic is sent through and does some of what previous methods do, including blocking most known attacks that work via amplication methods. These are developed by OVH and don't rely on a third partys hardware or software.

----------

Dallas DDoS Protection

----------

VPS plans in our Dallas, Texas location include DDoS protection from Psychcz and HiVelocity. Protection limits vary by network and servers, we don't guarantee all attacks to be protected against in Dallas, if your server receives an attack over the threshold of our protection plan the IP could be null routed for a short time.

  • ddos protection, ddos, protection, mitigation, network
  • 118 Users Found This Useful
這篇文章有幫助嗎?

相關文章

Difference between KVM and OpenVZ VPS?

If you're looking at our VPS plans and are wondering whether you should choose OpenVZ or KVM,...

我可以升级或降级我的服务器的计划吗?

如果你有一个VPS或计划的Minecraft你可以随时通过创建客户区支持票请求您的服务升级或降级。您将要支付留在你目前的结算期,如果要升级到一个更高的计划,如果你降级你会被记入留给计划差异的时间...

How do I use Quick Backup for my OpenVZ VPS?

If you need to use the Quick Backup feature please open a technical support ticket requesting it...

Windows Server no network interface (KVM)

If you're using Windows Server 2012 on our KVM VPS, after the inital installation you may see...

SolusVM "New root password invalid" error

If you're trying to reset your VPS root password via SolusVM and are getting a "New root password...

Powered by WHMCompleteSolution