OVH Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVH Community members.

Anti-DDoS too aggressive, shaping my traffic to less than 70mb/sec ( on 7 servers.. )

dedicatedservers
#1

I run some webservers which serve small javascript files ( which are web widgets of about 8kb ) , I have several servers moved on ovh where I also have other services ( I also use their cdn service which is not bad )
the problem is that those servers trigger the anti DDoS service which WRONGLY think that legitimate traffic is an attack, put the server under filtering and I loose about 30% of the traffic… my clients are complaining , my internal statistics show also evidence of the problem since I’ve moved on ovh, when ovh remove the filter immediately the widget success rate increase from 70% to about 99%
( I can only see that in http 200-response and in client-recordered metrics ) the problem is that severs that should handle 500Mbps of traffic are “limited” to less than 70Mbps due to that filter… ( also with server resources ( cpu/ram usage under 30% ) )

I know that serving 8kb/request at 70Mbps is quite a lot, each server receive about 3000 connections/second which for a normal website could look like a DDoS , but for me It’s normal traffic!

I know what I’m talking about because I was serving same widgets on softlayer since a month ago with 1/4 of the ram per server and 1/2 of the servers ( and the have a DDoS too but probably less aggressively configured )

I don’t even know if I can order multiple very small servers instead of less big servers to workaround that issue because OVH don’t want to tell me the DDoS threshold that is hitting me ( Packet per seconds ? ip / seconds ? conntrack ? what ? ) are thresholds equals for all servers ? there is no documentation.

the not so funny part of all that is…
I’ve already opened a ticket for that… 6528169741 , and in 9 days I have yet to reach a tech, on day one a “tech” from italy team asked me a tcpdump which I provided in MINUTES , then silence for days, after a call the tech told me that the dump was too big… ( about 100mb ) , I asked which size would be better for them and he told me about 3mb, I said ok , but you could have truncated the tcpdump yourself with the tcpdump command to the size you want… anyway I’ve uploaded immediately a new tcpdump of 3mb, no reply for more days…
after 6 days of ticket… another italian “tech” told me that have opened an internal ticket… after 3 days I’m still waiting… not knowing a lot of things :

  • If the problem can be fixed ( DDoS thresholds adjusted )
  • how to handle such cases in future ( having to fight with “tech” support for days to get a reply is not my work ) /new servers
#2

I am in the same boat as Francesco. I have an OVH server with 2Gbps dedicated/unmetered option. I noticed that it is only outputting 600 mbps. I reached out to OVH support (Ticket #9684419494) but it’s been days and no resolution came out of it. Still waiting, though.

But if DDoS protection turns out to be the cause of this shaping then I don’t think the service is worth it and I will probably cancel the server to get a cheaper 1Gbps option.

On a side note, OVH seriously needs to step its game up in the control panel and support department. They should seriously sit down and learn from the likes of Digital Ocean, Vultr, even Hetzner. Turns out that the OVH Rescue Mode does not work with servers that have customized partitions – it’s that bad, yes :frowning:

Oh well, good luck to us all.