Mitigation refers to the methods and techniques put in place by OVH to contain and reduce the negative impacts of DDoS attacks on an infrastructure or service. To do this, we provide VAC technology, which relies on a unique combination of techniques that perform three tasks.
An attack is detected using real-time analysis of the netflow sent by the routers, which analyze 1/2000 of the traffic that goes through them. The VAC analyes the reports, and compares them to the characteristics of DDoS attacks. If a similarity is detected, mitigation is then triggered automatically.
The analysis of characteristics is measured by packets per second, or in bytes over several protocols, including:
- DNS ;
- ICMP ;
- IP fragmentation, Null and Private ;
- TCP Null, RST, SYN, ACK ;
Vacuuming is one of the main features that makes the OVH anti-DDoS solution stand out. Channeling a DDoS attack requires a high capacity to bear the load. With its 15 Tbit/s network, OVH infrastructures can absorb a very high volume of traffic during DDoS attacks. Another specific feature of the OVH VAC is the fact that it is replicated in 10 data centers across three continents. The VAC is activated simultaneously in all of these data centers, so that all regions can combine their power and absorb the traffic. They have a combined capacity of more than 4 Tbit/s.
Mitigation refers to the methods and techniques put in place in order to reduce the negative effects on a server or service targeted by a DDoS attack. Mitigation consists of filtering traffic, so that only legitimate traffic reaches the server.
The VAC, a technology designed by OVH, carries out several filtering tasks which each have their own specific purpose. The BAC diverts the traffic to analyze it, and only lets legitimate traffic reach the server.