oles@ovh.net
10-02-2010, 10:36 AM
Hello,
This week we started the migration system of shared hosting to load balancing new infrastructure. For now we have just done the 1000gp which was a migrated success. The other plans will be migrated in the week.
In addition to the new system load balancing, we test a system to protect against attacks.It is located upstream of the load distribution and allows
block all packets embryonic (Synflood) and better manage the timeout on the real connections. All this avoid congestion due to DDoS. Thus, any purge
is upstream of the load distribution which sees that the real connections.
Funny thing (if you will) that this morning is 1000gp IP was gently attacked by 1200 from around the world, creating more than 15,000 simultaneous connections.
Session # sh ipv4 dest-port 6969 | i Total Sessions
Total Sessions: 15,704
The protection operation and we see no impact on the service:
Session # sh ipv4 dest-port 80 | i Total Sessions
Total Sessions: 1405
We will continue test the protection system against attacks. The goal is to provide Protection against attacks without requiring you to change your infrastructure. OVH and can provide an IP firewall which is going to take the attack, we will serve the bad packets and return you to the right packets
IP of your dedicated server. And this even if you do not have a server at OVH. To get the protections you do not do anything except change in the DNS
A field ... and that's it. Concrete example, the site
http://www.hadopi.fr that is not hosted by OVH and is down due to attacks, we could very well order an IP firewall to protect against attacks
without having to move at OVH. Such protection activated in 5 minutes ... Simple, fast and very effective.
Reagrds
Octave
This week we started the migration system of shared hosting to load balancing new infrastructure. For now we have just done the 1000gp which was a migrated success. The other plans will be migrated in the week.
In addition to the new system load balancing, we test a system to protect against attacks.It is located upstream of the load distribution and allows
block all packets embryonic (Synflood) and better manage the timeout on the real connections. All this avoid congestion due to DDoS. Thus, any purge
is upstream of the load distribution which sees that the real connections.
Funny thing (if you will) that this morning is 1000gp IP was gently attacked by 1200 from around the world, creating more than 15,000 simultaneous connections.
Session # sh ipv4 dest-port 6969 | i Total Sessions
Total Sessions: 15,704
The protection operation and we see no impact on the service:
Session # sh ipv4 dest-port 80 | i Total Sessions
Total Sessions: 1405
We will continue test the protection system against attacks. The goal is to provide Protection against attacks without requiring you to change your infrastructure. OVH and can provide an IP firewall which is going to take the attack, we will serve the bad packets and return you to the right packets
IP of your dedicated server. And this even if you do not have a server at OVH. To get the protections you do not do anything except change in the DNS
A field ... and that's it. Concrete example, the site
http://www.hadopi.fr that is not hosted by OVH and is down due to attacks, we could very well order an IP firewall to protect against attacks
without having to move at OVH. Such protection activated in 5 minutes ... Simple, fast and very effective.
Reagrds
Octave