DDoS Protection at Digital Ocean Datacenter

April 20, 2016 4k views
Security Networking

We have a diverse hosting environment with VPS severs across several providers. How does Digital Ocean Protect against a DDoS attack on the Datacenters level? One of providers, Linode, has been susceptible to attacks over the last several months to their entire Datacenters? How does Digital Ocean differ from this regard in mitigating these types of attacks?

1 Answer


We use a variety of methods internally, and with our partners. One thing we do is use providers that are able to blackhole, or cordon off traffic from an IP range, or to a certain server. We also have internal teams that constantly monitor and react to events like the ones that you bring up. We also have the ability to move server and DNS traffic around on our own infrastructure, and can dynamically add resources to a pool of servers to handle traffic spikes.

  • That sounds great. As far as I understand in most cases the traffic to the ddos victim will be blackholed on the uplink network the attack originates from. Some datacenters also can install and provide an application-layer proxy that can separate malitious requests from real users. And in case if the attack is really big one the best option is to put mitigation service into a different place from the backend and non-ddosed clients like described here http://v-sys.org/services/ddos_protection

Have another answer? Share your knowledge.