Selectel Protection
Selectel protection is enabled by default for products:
For VMware-based Cloud and Fault Tolerant Load Balancer products, a comprehensive protection solution — DDoS-Guard L3-L4 Protection — is automatically enabled.
Protection against DDoS attacks
What types of attacks Selectel's defenses reflect
Protection is provided on network and transport (L3, L4) layers and protects services from types of attacks:
- UDP-based reflection attacks (DNS, NTP, memcache, etc.);
- attacks using fragmented IP traffic;
- TCP SYN/RST/PSH flood;
- different types of UDP floods;
- different types of ICMP floods.
What types of attacks Selectel's defenses do not reflect
Selectel protection does not protect against application-level (L7) DDoS attacks, nor against attacks that require simultaneous analysis of traffic in both directions to detect:
- attacks with valid TCP connections;
- attacks with valid HTTP and HTTPS requests;
- attacks on bottlenecks or vulnerabilities of the attacked service.
To increase the security of the service, you can connect additional security.
Principle of operation
Selectel protection is automatically enabled for all IP addresses in the Selectel standalone system.Client IP addresses (PI and announced as part of the BGP Connection service) that are routed within the Selectel network are also protected.
When Selectel protection works, only incoming traffic is analyzed, with no restrictions.
Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic.If the level of any traffic exceeds a predetermined threshold, the filter imposes a restriction on its passage through the network.In this case, the traffic is not blocked completely, but only the part of it that is related to the DDoS attack is excluded.
Cost
Selectel protection is provided free of charge.
Limitations
If an attack negatively impacts the network infrastructure for a long period of time, incoming traffic can be blocked using blackhole (RTBH).
If a blocking decision is made, we will create a ticket and send it to you.To remove the blocking, reply in the ticket.Automatically, the blocking is removed after eight hours.