How Our DDoS Protection Works

Most of our services use multiple layers of traffic filtering to mitigate DDoS attacks. Below is a brief rundown and explanation of how the protection works, from the beginning to end.

Note: Clients can manage the network firewall and game firewall (if applicable) for IPs that they are assigned in the client area after ordering. This lets you modify network firewalls rules, enable or disable the network firewalls, and enable or disable permanent mitigation. You can read more about this feature here.

Locations this is used in:
- Montreal, Canada (OpenVZ VPS, KVM VPS, KVM Game VPS, Minecraft)
- Gravelines, France (OpenVZ VPS, KVM VPS, KVM Game VPS, Minecraft)
- Singapore (KVM VPS, Minecraft)
- Vint Hill, Virginia (KVM Game VPS)
- London, UK (KVM Game VPS)
- Sydney, Australia (Minecraft)

The Game Firewall (OVH Game) is available for the following locations:
- Montreal, CA (OpenVZ VPS & KVM Game VPS)
- London, UK (KVM Game VPS)
- Vint Hill, Virginia (KVM Game VPS)

Traffic path while attack is being mitigated:
.. Public Network
... Backbone Routers 
.... Network Firewall ↓
.... Pre-Firewall ↓
.... Tilera (Game Firewall) ["Game Anti-DDoS"] ↓
.... Shield / Armor ↓
... Datacenter Routers ↓
.. Your Server

Here is an explanation of what each one does:

Pre-Firewall: The Pre-Firewall (VAC) blocks most common attacks, allowing TCP/UDP/ICMP/GRE and blocking other protocols.

Network Firewall:
The Network Firewall allows the client to add custom rules to modify traffic to their IP. This includes allowing/blocking IPs/IP ranges, allowing/blocking traffic protocols (AH,ESP,TCP,UDP,GRE,ICMP), allowing/blocking ports, allowing/blocking SYN/TCPs.

Tilera ["Game Anti-DDoS"]: The Tilera (Game Firewall) allows clients to use customized filters for blocking L7 attacks towards their game or voice servers, such as Teamspeak, Ark, Minecraft, Source/CSGO, GTA, etc. This means only legitimate user traffic to the applications will be allowed to your server. It also limits ICMP, blocks DNS amp, malformed IP/UDP header/incorrect checksum. Note: The Tilera (Game Firewall) may not available in certain locations where game servers aren't offered.

Shield / Armor:
The Shield and Armor firewalls are two mitigation layers traffic is sent through and does some of what previous methods do, including blocking most known attacks that work via amplication methods. These are developed by OVH and don't rely on a third partys hardware or software.

Dallas DDoS Protection

VPS plans in our Dallas, Texas location include best effort (10G~) DDoS protection on the HiVelocity network. Protection vary by network and servers, we don't guarantee all attacks to be protected against in Dallas, if your server receives an attack over the threshold of our protection plan the IP could be null routed for a short time. 

Was this answer helpful? 257 Users Found This Useful (615 Votes)

Powered by WHMCompleteSolution