H O S T I N G F U Z E

WELCOMES YOU!!!

Free DDoS Protected by Voxility, OVH Gaming & Hetzner

OVH Anti-DDoS Technology

A unique system for protecting against distributed denial-of-service attacks

Anti-DDoS technologies: Pre-firewall, Firewall Network - OVH

The pre-firewall

The pre-firewall is the first component of our VAC system. It is fully managed by OVH, and applies rules that define filters directing data packets to the Firewall Network (see below). These rules are applicable to all OVH solutions. When a DDoS attack is launched, the pre-firewall manages part of the filtering, and sends the rest to the Firewall Network, which has customisable rules. Our pre-firewall is based on an Arista 7508R, which can reach a communication capacity of 28.8 Tbit/s. Isolation by VRF then routes the traffic through our system’s successive stages.

The Firewall Network

This is the second component of the VAC. The Firewall Network is a solution that limits exposure to attacks from the public network. It activates automatically as soon as a DDoS attack starts. You can configure it by creating up to 20 rules, which will filter packets more finely and can be adapted to fit your server’s activity. Each rule is a specific authorisation you can use to optimise protection for your service. This firewall activates automatically whenever a DDoS attack begins, and you cannot deactivate it until the attack is over. This is why it is important to keep your firewall rules up-to-date. You can use this technical guide to help you configure rules.

Shield and Armor

The Shield intervenes if an attack uses an amplification technique (DNS amp, NTP amp). Armor is the most advanced filter in our VAC, and mitigates the strongest attacks. Armor is the most advanced filter in our VAC, and intervenes in mitigating the strongest attacks.

Mitigation

Mitigation refers to the methods and techniques put in place in order to reduce the negative effects on a server or service targeted by a DDoS attack. Mitigation consists of filtering traffic, so that only legitimate traffic reaches the server.

The VAC, a technology designed by OVH, carries out several filtering tasks which each have their own specific purpose. The VAC diverts the traffic to analyse it, and only lets legitimate traffic reach the server.

Analysis

An attack is detected using real-time analysis of the netflow sent by the routers, which analyse 1/2000 of the traffic that goes through them. The VAC analyses the reports, and compares them to the characteristics of DDoS attacks. If a similarity is detected, mitigation is then triggered automatically.

The analysis of characteristics is measured by packets per second, or in bytes over several protocols, including:

  • DNS
  • ICMP
  • IP fragmentation, Null and Private
  • TCP Null, RST, SYN, ACK
  • UDP

Vacuuming

Vacuuming is one of the main features that makes the OVH anti-DDoS solution stand out. Channelling a DDoS attack requires a high capacity to bear the load. With its 15 Tbit/s network, OVH infrastructures can absorb a very high volume of traffic during DDoS attacks. Another specific feature of the OVH VAC is the fact that it is replicated in 10 datacentres across three continents. The VAC is activated simultaneously in all of these datacentres, so that all regions can combine their power and absorb the traffic. They have a combined capacity of more than 4 Tbit/s.

List of compatible games and applications

Arma III, Half-Life, Team Fortress Classic, Counter-Strike 1.6, Counter-Strike: Source, Half-Life Deathmatch Classic, Half-Life 2, Half-Life 2: Deathmatch, Day of Defeat, Day of Defeat: Source, Left 4 Dead, Left 4 Dead 2, Team Fortress 2, Counter-Strike: Global Offensive, Garry’s Mod, Grand Theft Auto San Andreas Multiplayer SA: MP, Multi Theft Auto San Andreas MTA: SA, TrackMania (+ TCP protocol), TrackMania 2 (+ TCP protocol), ShootMania Storm (+ TCP protocol), Minecraft Pocket Edition, Minecraft, ARK: Survival Evolved, RUST, TeamSpeak, Mumble.

Find out more about the technology you can use to block DDoS attacks, without affecting any of your services!

HostingFuze Network is reseller: Voxility LLC , Hetzner Online GmbH