Skip to main content
Selectel Protection
Last update:

Selectel Protection

Selectel protection is free of charge and is enabled by default.

Protected Products: Dedicated servers, Equipment placement, A-DC, Cloud platform (Cloud servers, Managed Kubernetes, Databases).

For products VMware-based cloud и Fault-tolerant load balancer a comprehensive protection solution is automatically connected — DDoS Guard L3-L4.

Protection is provided on network and transport (L3, L4) layers and protects services from types of attacks:

  • UDP-based reflection attacks (DNS, NTP, memcache, etc.);
  • attacks using fragmented IP traffic;
  • TCP SYN/RST/PSH flood;
  • different types of UDP floods;
  • different types of ICMP floods.

Selectel protection does not protect against site-level DDoS attacks, application-level (L7) DDoS attacks, or attacks that require simultaneous analysis of traffic in both directions:

  • attack with valid TCP connections;
  • attacks with valid HTTP and HTTPS requests;
  • attacks on bottlenecks or vulnerabilities of the attacked service.

For additional service protection, you can connect other protections.

Principle of operation

Selectel protection is automatically enabled for all IP addresses in a standalone Selectel system. Client IP addresses (PI, as well as those announced as part of the service BGP connection)that are routed on the Selectel network are also protected.

When Selectel protection works, only incoming traffic is analyzed, with no restrictions.

Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic. If the level of any traffic exceeds a specified threshold, the filter imposes a restriction on its passage through the network. In this case, the traffic is not blocked completely, but only the part of it that is related to a DDOS attack is excluded.

If an attack has a prolonged negative impact on the network infrastructure, incoming traffic can be blocked using blackhole (RTBH). When blocked, a ticket is created. To remove the blocking put in a ticket.. The lock is automatically released after eight hours.