Hi. I have found mixed responses about this so as of now I am not yet sure of whether DO currently has DDoS mitigation or not. I have a managed Kubernetes cluster (DOKS) with a load balancer. At the moment the load balancer is behind Cloudflare but Cloudflare adds latency since it’s a proxy. Things like Argo didn’t seem to help.
So, are these load balancers protected from DDoS attacks? Do I still need Cloudflare or can I do without?
Thanks in advance
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello, @vito
DigitalOcean have DDoS protection on data center level however you still need to implement some security/firewall rules in order to protect your server from DDoS attacks. You can install some additional software like CSF (Config server level) or just implement some iptables rules.
You can check our tutorial on how to mitigate DDoS attacks with CloudFlare
You can also check our Cloud Firewalls:
DigitalOcean Cloud Firewalls, which are free of charge.
DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule, in other words, the traffic is blocked before it even reaches your Droplets, which means less load to your Droplets.
Hope that this helps!
Regards, Alex
Hello there,
Quick update here. I’m excited to share that DigitalOcean has introduced a new feature in response to the valuable feedback we’ve received from users like you: DigitalOcean DDoS Protection:
Here are some key points about this new offering:
-
Cost: DigitalOcean DDoS Protection is available at no additional cost. That’s right, it’s a free service for all users!
-
Coverage: The protection extends to a range of DigitalOcean resources including:
- Droplets
- Kubernetes
- Managed Databases
- Load Balancers
- Reserved IPs
-
Protection Layers: This service provides protection primarily at the Network (layer 3) and Transport (layer 4) layers of the OSI model. Please note that Application layer (layer 7) DDoS Protection is currently not supported.
-
Latency Concerns: One of the standout features of this service is that mitigation takes place entirely within the DigitalOcean network. This means that data traffic doesn’t leave our network for mitigation, ensuring that your applications experience no additional latency.
-
Overall Benefit: DigitalOcean DDoS Protection is an always-on service designed to defend your DigitalOcean cloud resources against a range of generalized, network-layer DDoS attacks. This ensures that your apps and websites run smoothly, without the threat of potential disruptions from such attacks.
Best,
Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.