Managing a DDoS attack
OVH's step-by-step approach to blocking DDoS attacks
The server is working
Services can be accessed via the internet. Traffic travels through the backbone of our network, arrives in our datacentres, and is then processed by the server, which sends responses to the internet.
The DDoS attack starts
The attack is launched from one or more websites, and arrives at our backbone. Thanks to our very high bandwidth capacity, no links are saturated. The attack then reaches the server, which begins to process it. At the same time, the traffic analysis detects that a DDoS attack has started, and mitigation is triggered.
The VAC mitigates the attack
Mitigation begins within a few seconds. The server’s incoming traffic is vacuumed up by our VAC solution. The VAC’s hardware has a total capacity of 4 Tbit/s. The attack is then blocked without any limitation on its volume or duration, regardless of which technique it uses. Legitimate traffic is not blocked and reaches the server. This process is also called auto-mitigation, and is completely managed by OVH.
The DDoS attack ends
A DDoS attack is expensive to launch, especially if it turns out to be ineffective. After a certain amount of time, it will come to an end. Our anti-DDoS solution deactivates automatically when the attack is over, and stays ready to mitigate a new attack straight afterwards.