The pre-firewall is the first component of our VAC system. It is fully managed by OVH, and applies rules that define filters directing data packets to the Firewall Network (see below). These rules are applicable to all OVH solutions. When a DDoS attack is launched, the pre-firewall manages part of the filtering, and sends the rest to the Firewall Network, which has customisable rules. Our pre-firewall is based on an Arista 7508R, which can reach a communication capacity of 28.8 Tbit/s. Isolation by VRF then routes the traffic through our system’s successive stages.