Anti-DDoS infrastructure

OVHcloud® Anti-DDoS infrastructure defends against bad actors

A distributed denial of service (DDoS) attack aims to degrade services or take them completely offline by overwhelming a targeted site or platform with illegitimate traffic. Not only can this type of cyber-attack cost your company financially, but it also has the potential to tarnish credibility. 

By default, every OVHcloud product is supported by the Anti-DDoS infrastructure to defend against malicious activity. Our Anti-DDoS infrastructure combines edge, backbone, and data center network logic and has the proven capacity to mitigate attacks up to 1.3Tbps in size.

Get started
Anti-DDoS infrastructure | OVHcloud

Key business benefits

Icons/concept/Lightbulb Created with Sketch.
Simple and smart

All OVHcloud products are delivered with Anti-DDoS protection ready to enable in case of an attack. If you have additional requirements, you can customize rules via the control panel.

Icons/concept/World/World Created with Sketch.

Global existence

OVHcloud operates its own large distributed global network that provides enough throughput to mitigate attacks no matter where they originate. This is how we are able to provide continuous service to customers during an active attack.

Icons/concept/Pig Created with Sketch.
Savings

No matter the size of your project from a personal blog to a full-scale cloud infrastructure, all benefit from Anti-DDoS protection at no additional cost. No longer do you need to scale up your workloads to maintain QoS during an attack, mitigation is enabled in seconds.

Best practices and guidelines

Get the best of our Anti-DDoS infrastructure

OVHcloud Anti-DDoS Infrastructure is composed of:

  • Over 17Tbps capacity for global attack filtering
  • Always-on attack detection and fast mitigation of malicious traffic
  • Unmetered and at no additional cost, regardless of the volume of attack
  • No time limit on Anti-DDoS protection. Once enabled It will last the full duration of a DDoS attack

Our infrastructure also benefits from:

  • Vast experience in protecting a range of services, from small web servers, and DNS services to large web hosting farms or cloud platforms
  • High-performance hardware and software solutions
  • Data Sovereignty, so your traffic is not shared with external parties
  • True customization to meet your needs and tune components
AntiDDOS-Infrastructure-Application-layer-protection
DDoS_attacks

DDoS attack mitigation guidelines

Are you prepared for a DDoS attack? Be proactive and set up special Edge Network Firewall rules to offload your server's iptables for the duration of an attack. Through our guide, learn how to prepare for a botnet attack, what to observe and which services to place more attention on.

Discover how to stop DDoS in four steps >

Découvrez comment contrer une attaque DDoS en quatre étapes

Multi-layered (or multi staging) defense system

To ensure the best quality of network traffic filtration with minimal added latency for your services, we sliced every mitigation node into a few stages. Every part is responsible for a particular task and implements different logic. We use the latest hardware and software innovations in the industry to assure that we are on top of our game.

Discover more about DDoS attack mitigation >

En savoir plus sur la mitigation des attaques DDoS
Mitigation-guideline
hero network security dashboard

Augmentez votre protection avec Network Security Dashboard

Grâce à l'observabilité fournie, vous obtenez des informations et un contrôle immédiats sur la manière dont vos services d’IP publiques sont protégés contre les attaques réseau par les systèmes de défense réseau d'OVHcloud.

  • Centralisation : accédez directement à votre espace client et obtenez des informations immédiates pour la protection de votre réseau.
  • Outils de monitoring avancés : le tableau de bord fournit des journaux d'activité anti-DDoS complets, des graphiques de trafic dynamiques et des statistiques pour une vue d'ensemble globale de la sécurité.

Application-layer protections

In some cases, generic protection may not be enough. This is especially true in web and gaming areas, which are often subject to application attacks. In such circumstances, application-layer logic is being exploited by attackers which makes these threats invisible to general firewalls. OVHcloud offers a number of products that can help you secure your services.

Ready to get started?

Create an account and launch your services in minutes.

Get Started

Choose the right protection for your needs

ddos-infrastructure_website-protection

Website protection

Websites and web applications are increasingly being attacked and without distinction. To guard against the most common threats to your website’s security, OVHcloud offers services to protect you.

ddos-infrastructure_infrastructure-protection

Infrastructure protection

This is the first line of defense for any product and service on the OVHcloud network. Broad network capacity and a distributed, worldwide platform provide the ability to protect against even the largest of attacks.

ddos-infrastructure_hostservice-security

Host & service security

High-level protection services deal with your application needs. This level of protection addresses the need for granular and advanced security options for your application.

FAQ

What kind of attacks does the Anti-DDoS Infrastructure protect me from?

Cybersecurity covers a broad range of threats. Our Anti-DDoS Infrastructure addresses many of those: Distributed Denial-of-Service attacks, packet floods (incl. syn flood), spoofing, malformed or amplification attacks, etc. Most of these you can't filter on your own as they can saturate the network link in front of your server.

Which OVHcloud products are protected by OVHcloud’s Anti-DDoS Infrastructure?

Each and every OVHcloud product and solution is protected. Protection is at the edge of our network and also inside our backbone network. In this manner, everything exposed from the OVHcloud network to the outside world is protected.

Why is OVHcloud Anti-DDoS Infrastructure needed for my server?

The likelihood of becoming the target of a DDoS attack is high and a very common occurrence. With OVHcloud anti-DDoS protection, you can protect your services against these types of threats, and ensure that your web users do not experience any issues like slow browsing or inaccessible pages.

Will I pay extra if I come under a large attack?

No, OVHcloud's Anti-DDoS Infrastructure is unmetered, which means we are not billing bandwidth. In addition, protection is built into the price of our products.

Am I protected even after "mitigation is disabled"?

Yes, our system has always-on detection. If anything suspicious is detected, then the traffic goes under "mitigation" which means deeper analysis is enabled and filtering may occur. When mitigation is disabled, all returns to the normal state and the system remains ready to mitigate any attacker's activities.

Is there a limit to the number of attacks per month that may be mitigated?

There is no limit to receiving Anti-DDoS protection, regardless of how many times your services are targeted by DDoS attacks.

Will the anti-DDoS solution stop working if the attack exceeds a set traffic threshold (in GB/s)?

We do not apply any limits in terms of traffic, even if the attacks are of high volume.

What is the VAC?

The VAC is a principal part of our Anti-DDoS Infrastructure and is a combination of different technologies constantly being developed by OVHcloud, and designed to mitigate DDoS attacks. VAC can filter incoming traffic so that only legitimate data packets pass through and reach your server, while illegitimate traffic is blocked. Notably, VAC includes an Edge Network Firewall and Shield and Armor components.

À quoi correspondent les entrées observables dans le journal d'activité du centre de nettoyage (Scrubbing Center) ?

Depuis des années, OVHcloud propose un système anti-DDoS pour protéger vos adresses IP publiques. Récemment, vous pouvez consulter ces événements directement dans votre espace client. Le journal du centre de nettoyage correspond à l'emplacement où vous pouvez trouver l'enregistrement de toutes les activités suspectes détectées. Et pour les événements les plus récents, vous avez également la possibilité de consulter les graphiques de trafic connexes.

Je ne vois aucune entrée dans le journal du centre de nettoyage, est-ce normal ?

C’est une bonne nouvelle ! Cela signifie que nous n'avons détecté aucune attaque suspecte ciblant vos adresses IP publiques.

Pourquoi ne vois-je pas de graphiques de trafic ou de journaux pour les adresses IP publiques que j'ai saisies ?

Ces données ne sont disponibles que pour les adresses IP publiques lors d’un événement de détection automatique de l’infrastructure anti-DDoS (lorsque le trafic est redirigé via le centre de nettoyage pour une analyse plus approfondie ou un nettoyage).

Pourquoi ne puis-je pas afficher les graphiques de trafic de certaines entrées dans le journal du centre de nettoyage ?

Veuillez noter que les données des graphiques de trafic sont disponibles uniquement pour les deux dernières semaines, tandis que nous conservons les journaux disponibles pour une période d'un an.