VAC IP profiles for VPS range (Anti-DDoS security)

[MikeRuSe]

In order to improve the security of the network and ensure that VAC is allowed to filter more specifically malicious traffic and protect better against DDoS, the availability of adding VAC profiles to VPS it's something needed (by requesting it with Packet Captures and filling the required form for the VAC team).

Why in some scenarios is needed?

• Some projects does not require a dedicated machine and with just 4 GB of RAM, it's enough (meaning that in case of getting a dedicated they will overpay for something they do not need).
• VPS are an scalable solution, where in case the project requires it, you can simply upgrade the resources (CPU, Disk, RAM, Bandwidth...). Dedicated servers requires further interactions and manual migrations.

As a customer and a previous VPS user, I think all customers deserve a decent protection with "patches" to those attacks that are trespassing VAC filtering, not to just those customers that have Dedicated Machines (currently VAC team just apply profiles to IPs on Dedicated Servers, not at VPS).

See attachment:

[jslocinski]

VPS, as well as other machines and instances offered by OVHcloud exposed with public IPs are protected by anti-DDoS Infrastructure (VAC). Indeed, today the ability to fine-tune profiles for specific usecase is offered only for baremetal servers and PCI instances, but long-term we want to offer it in more generalized way. For the moment there is no ETA for that.

[jslocinski]

Maybe not 100% fulfilling this request, but since a couple of weeks we updated mechanism treating IPs pointing to VPS servers. This should slightly improve protection of VPS servers. Still keeping this as ref for future updates.