Anti-DDoS infrastructure


OVHcloud® Anti-DDoS infrastructure defends against bad actors

A distributed denial of service (DDoS) attack aims to degrade services or take them completely offline by overwhelming a targeted site or platform with illegitimate traffic. Not only can this type of cyber-attack cost your company financially, but it also has the potential to tarnish credibility. 

By default, every OVHcloud product is supported by the Anti-DDoS infrastructure to defend against malicious activity. Our Anti-DDoS infrastructure combines edge, backbone, and data center network logic and has the proven capacity to mitigate attacks up to 1.3Tbps in size.

Anti-DDoS infrastructure | OVHcloud

Key business benefits

Icons/concept/Lightbulb Created with Sketch.
Simple and smart

All OVHcloud products are delivered with Anti-DDoS protection ready to enable in case of an attack. If you have additional requirements, you can customize rules via the control panel.

Icons/concept/World/World Created with Sketch.

Global existence

OVHcloud operates its own large distributed global network that provides enough throughput to mitigate attacks no matter where they originate. This is how we are able to provide continuous service to customers during an active attack.

Icons/concept/Pig Created with Sketch.
Savings

No matter the size of your project from a personal blog to a full-scale cloud infrastructure, all benefit from Anti-DDoS protection at no additional cost. No longer do you need to scale up your workloads to maintain QoS during an attack, mitigation is enabled in seconds.

Best practices and guidelines

Get the best of our Anti-DDoS infrastructure

OVHcloud Anti-DDoS Infrastructure is composed of:

  • Over 17Tbps capacity for global attack filtering
  • Always-on attack detection and fast mitigation of malicious traffic
  • Unmetered and at no additional cost, regardless of the volume of attack
  • No time limit on Anti-DDoS protection. Once enabled It will last the full duration of a DDoS attack

Our infrastructure also benefits from:

  • Vast experience in protecting a range of services, from small web servers, and DNS services to large web hosting farms or cloud platforms
  • High-performance hardware and software solutions
  • Data Sovereignty, so your traffic is not shared with external parties
  • True customization to meet your needs and tune components
AntiDDOS-Infrastructure-Application-layer-protection
DDoS_attacks

DDoS attack mitigation guidelines

Are you prepared for a DDoS attack? Be proactive and set up special Edge Network Firewall rules to offload your server's iptables for the duration of an attack. Through our guide, learn how to prepare for a botnet attack, what to observe and which services to place more attention on.

Discover how to stop DDoS in four steps >

Multi-layered (or multi staging) defense system

To ensure the best quality of network traffic filtration with minimal added latency for your services, we sliced every mitigation node into a few stages. Every part is responsible for a particular task and implements different logic. We use the latest hardware and software innovations in the industry to assure that we are on top of our game.

Discover more about DDoS attack mitigation >

Mitigation-guideline
hero network security dashboard

Elevate your protection with Network Security Dashboard

With provided observability you get immediate insigts and control on how your public IP services are being protected from network attacks by OVHcloud's network defense systems.

  • Centralized: access directly from your Control Panel and get immediate insights for your network protection.
  • Advanced monitoring tools: the dashboard provides comprehensive Anti-DDoS activity logs, dynamic traffic charts, and statistics for a complete security overview.

Application-layer protections

In some cases, generic protection may not be enough. This is especially true in web and gaming areas, which are often subject to application attacks. In such circumstances, application-layer logic is being exploited by attackers which makes these threats invisible to general firewalls. OVHcloud offers a number of products that can help you secure your services.

Ready to get started?

Create an account and launch your services in minutes.

Choose the right protection for your needs

ddos-infrastructure_website-protection

Website protection

Websites and web applications are increasingly being attacked and without distinction. To guard against the most common threats to your website’s security, OVHcloud offers services to protect you.

ddos-infrastructure_infrastructure-protection

Infrastructure protection

This is the first line of defense for any product and service on the OVHcloud network. Broad network capacity and a distributed, worldwide platform provide the ability to protect against even the largest of attacks.

ddos-infrastructure_hostservice-security

Host & service security

High-level protection services deal with your application needs. This level of protection addresses the need for granular and advanced security options for your application.

FAQ

What kind of attacks does the Anti-DDoS Infrastructure protect me from?

Cybersecurity covers a broad range of threats. Our Anti-DDoS Infrastructure addresses many of those: Distributed Denial-of-Service attacks, packet floods (incl. syn flood), spoofing, malformed or amplification attacks, etc. Most of these you can't filter on your own as they can saturate the network link in front of your server.

Which OVHcloud products are protected by OVHcloud’s Anti-DDoS Infrastructure?

Each and every OVHcloud product and solution is protected. Protection is at the edge of our network and also inside our backbone network. In this manner, everything exposed from the OVHcloud network to the outside world is protected.

Why is OVHcloud Anti-DDoS Infrastructure needed for my server?

The likelihood of becoming the target of a DDoS attack is high and a very common occurrence. With OVHcloud anti-DDoS protection, you can protect your services against these types of threats, and ensure that your web users do not experience any issues like slow browsing or inaccessible pages.

Will I pay extra if I come under a large attack?

No, OVHcloud's Anti-DDoS Infrastructure is unmetered, which means we are not billing bandwidth. In addition, protection is built into the price of our products.

Am I protected even after "mitigation is disabled"?

Yes, our system has always-on detection. If anything suspicious is detected, then the traffic goes under "mitigation" which means deeper analysis is enabled and filtering may occur. When mitigation is disabled, all returns to the normal state and the system remains ready to mitigate any attacker's activities.

Is there a limit to the number of attacks per month that may be mitigated?

There is no limit to receiving Anti-DDoS protection, regardless of how many times your services are targeted by DDoS attacks.

Will the anti-DDoS solution stop working if the attack exceeds a set traffic threshold (in GB/s)?

We do not apply any limits in terms of traffic, even if the attacks are of high volume.

What is the VAC?

The VAC is a principal part of our Anti-DDoS Infrastructure and is a combination of different technologies constantly being developed by OVHcloud, and designed to mitigate DDoS attacks. VAC can filter incoming traffic so that only legitimate data packets pass through and reach your server, while illegitimate traffic is blocked. Notably, VAC includes an Edge Network Firewall and Shield and Armor components.

What does it mean if I observe entries in the 'Scrubbing Centre Activity Log?

Since years, OVHcloud offers an Anti-DDoS system to protect your public IP addresses. Recently, you can review such events directly in your Control Panel. The Scrubbing Centre log is where you can find record of all detected suspicious activities. And for the most recent events, you also have the option to view related traffic charts.

I don't see any entries in the Scrubbing Center log, is this normal?

Yes, that's good! That means we haven't seen any suspected attacks targeting your public IP addresses.

Why I don't see traffic charts or logs for the public IP addresses I entered?

Such data is available only for Public IP addresses during automatic Anti-DDoS Infrastructure detection event (when traffic is redirected via the Scrubbing Center for deeper analysis or cleaning)

Why am I unable to view traffic charts for certain entries in the Scrubbing Center log?

Please note that traffic chart data is available only for the last 2 weeks, while we keep logs available for a period of 1 year.