Skip to main content
Selectel Protection
Last update:

Selectel Protection

Selectel protection is free of charge and is enabled by default.

Protected Products: Dedicated servers, Hardware colocation, A-Data Center, Cloud platform (Cloud servers, Managed Kubernetes, Databases).

For VMware-based Cloud and Fault Tolerant Load Balancer products, a comprehensive protection solution — DDoS Guard L3-L4 Protection — is automatically enabled.

Protection is provided at network and transport (L3, L4) layer and protects services from attack types:

  • UDP-based reflection attacks (DNS, NTP, memcache, etc.);
  • attacks using fragmented IP traffic;
  • TCP SYN/RST/PSH flood;
  • different types of UDP floods;
  • different types of ICMP floods.

Selectel protection does not protect against site-level DDoS attacks, application-level (L7) DDoS attacks, or attacks that require simultaneous analysis of traffic in both directions:

  • attack with valid TCP connections;
  • attacks with valid HTTP and HTTPS requests;
  • attacks on bottlenecks or vulnerabilities of the attacked service.

For additional service protection, you can connect other protection.

Working principle

Selectel protection is automatically enabled for all IP addresses in a standalone Selectel system. Client IP addresses (PI as well as those announced as part of the BGP Connection service) that are routed on the Selectel network are also protected.

When Selectel protection works, only incoming traffic is analyzed, with no restrictions.

Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic. If the level of any traffic exceeds the specified threshold, the filter imposes a restriction on its passage through the network. In this case, the traffic is not blocked completely, but only the part of it that is related to the DDOS attack is excluded.

If an attack has a prolonged negative impact on the network infrastructure, incoming traffic can be blocked using blackhole (RTBH). A ticket is created when blocking occurs. To remove the lock write in ticket. The lock is automatically released after eight hours.