Page 1 of 2 12 LastLast
Results 1 to 25 of 45

Thread: OVH review

  1. #1
    Join Date
    Sep 2012
    Posts
    41

    OVH review

    Ok so I'm hosting with OVH for a couple of months right now and wanted to post a review. There are a lot of negative and positive reviews about OVH so I'll try to be as objective as I can here. I'm not working for OVH or anything, I'm just a customer.

    First some history,

    I have 2 dedis in France and a few weeks ago I opened one in their Canada location. I run game servers, very high risk machines when it comes to DDoS attacks and I've been under attack for almost 2 years, where the attacks ranged from 1 - 30 gbps in size. In these 2 years I've been hopping from one provider to another, either getting kicked by the host because of DDoS attacks, or leaving myself because the protection wasn't sufficient and prices were too steep.

    OVH's prices are very competitive. A dedicated server in France rented through OVH.NL will cost you € 133,- (excl. 21% sales tax) monthly and € 99,- setup costs. Now although the setup costs seems quite outdated, as most companies don't charge you that unless you require any custom stuff, you do get a high performance machine for this price. A 6-core / 12 thread E5-1650 with 128 GB Ram and 2x 2 TB Sata disks. Canada is even more competitive, the server there is costing me USD 59 all-in each month for a i5-3570S with 16 GB RAM and 1 TB sata.

    Delivery times seem to be different based on the location and server you choose. Whatever server u pick at least at OVH.NL you can see how long it will take for your server to be delivered, this can range from 120 seconds to 10 days. For my france servers I think it took about 4 - 5 days, the Canadian server was delivered almost instant, I think it took a few hours.

    That being said, what I don't like about their Canada location is that most servers are sold out. Also you can't have any custom configuration. E.g. I wanted to upgrade my connection from 100 mbps to 1 gbps but this was not possible. The more expensive servers come with 1 gbps but they were sold out so for Canada your options are very, very limited.

    The other thing that I think is not positive is the fact that every OVH location is like a different company. You need separate accounts, support is different per location, management interfaces differ. It would be much more easy to have just one OVH.COM website, have one account, select your server and then select your DC, instead of having to go to OVH.COM/US if you want a server in Canada and have separate billing. I'm sure though this is a work in progress.

    Here comes the best part though, which not one other provider can compete with right now which is OVH's DDoS protection. Every server comes with free Anti-DDoS pro which means you can adjust settings, filter ports, you can pretty much do anything you want and if you have a serious DDoS problem, moving your servers to OVH will be your final solution. Every location can filter up to 160 gbps which is way more than any kid can sent to your server.

    In fact, kids on hackforums.net are already crying that they can't take down OVH, even when sending out 100 gbps of ddos traffic.

    http://s13.postimg.org/5o5hh9iwn/hackforums.png

    If you want to read the full topic it requires registration which is really worth it because it's a great read

    http://www.hackforums.net/showthread.php?tid=3641627

    Now, again the problem is managing the protection, which is different per location. For Canada you have to use the OVH API, but you have to use the Candian API, your login won't work on the ovh.com API.

    https://ca.api.ovh.com/console/#/ip

    Now while the API allows you to basically do anything it's more of a tool for developers and if you're just a basic server administrator it can be quite scary to use the API to change your anti-ddos settings. There's almost no help available except for the one-liners next to each setting and if you ask support to help you out with a setting you mostly get standard replies which are usually not related to your question at all. So basically what they say is here's the API and go figure it out for yourself. Once you get the hang of it though, it's a very powerful tool which can be used to stop any attack.

    E.g. my attackers usually use DNS amplification attacks, when they noticed that didn't work any longer they started doing NTPd bounce attacks, which is basically the same attack but uses port 123. This attack was not picked up by OVH's anti ddos system because according to OVH support, it was too small. It was enough though to saturate my 100 mbit line in Canada and my server went down. All I had to do was go into their API, filter anything with source port 123 and the attack was blocked within seconds and like magic my server was back online, THIS WAS A TRULY AMAZING EXPERIENCE AND I CAN'T BELIEVE THIS IS ONLY COSTING ME 59 BUCKS!

    Remember though that this might all change, as I was told by support their API is in Beta now so it's free for now but they will charge you for it in the future. They didn't tell me how much though so I hope it's still affordable even for people like me that host servers just for fun/non-profit and depend on player donations.

    Now for EU, everything is different again, no API just a control panel which is much more easy to use. You can just force mitigation to always on, leave it on automatic, add/remove firewall rules just like that, here's a screenshot (Any sensitive info removed):

    http://s14.postimg.org/pqiff66gv/cpanel.png

    It took me a while though to find this control panel and to re-find it again because all their control panels are on different places and it feels quite messy from time to time. Especially if you have, like I said before different locations with different versions and different panels it can become very confusing.

    As you can see in the web panel, monitoring is disabled. OVH monitors your server and will auto create a ticket if it doesn't respond to pings. Since I disable ICMP with iptables I had to disable this feature.

    So to conclude, all in all hosting with OVH has been a great experience for me so far. I never payed that less and recieved so much for it. I'm sure similar services with professional companies will cost you thousands of dollars a month but thanks to OVH, the small hoster can have the same protection now as the enterprise companies like Mastercard and Paypal have which is awesome. So would I recommend OVH, hell yeah.

    Let's sum it all up:

    Pros:

    - Stable connections, low latency.
    - Amazing Anti-DDoS system.
    - Anti-DDoS pro, customize your settings, filter out ports etc.
    - Latest hardware on their dedis.
    - Very competitive pricing.

    Cons:

    - Support is not that great.
    - Lot of different management interfaces can get really confusing.
    - Separate accounts for different locations.

    Let me know if you have any questions, comments etc. I'll try to answer them!

  2. #2
    Join Date
    May 2012
    Posts
    839
    Thanks for sharing your nice & honest views about OVH & their DDOS protection.Because here usually we see OVH competitors, third party anti-DDOS service providers & those people who never used any service from OVH crying about their DDOS protection.
    Last edited by Shoaib_A; 12-29-2013 at 09:42 AM.

  3. #3
    Join Date
    Jan 2011
    Location
    Canada
    Posts
    938
    Thanks martijnk for that very detailed review of their DDoS. I noticed the same thing as Sledger about all the other OVH reviews too so it's nice to see someone who's actually using it instead of heresay.

    One question though, do you notice any transient connection drops when it goes into automatic VAC versus manual ip filtering upstream?

  4. #4
    Join Date
    Sep 2012
    Posts
    41
    Quote Originally Posted by tchen View Post
    Thanks martijnk for that very detailed review of their DDoS. I noticed the same thing as Sledger about all the other OVH reviews too so it's nice to see someone who's actually using it instead of heresay.

    One question though, do you notice any transient connection drops when it goes into automatic VAC versus manual ip filtering upstream?
    Yes, the connection drops for about 30 seconds if it's on automatic. This is the delay needed to re-route the traffic through VAC. Once the traffic goes through VAC it will stay enabled for a pre-defined period, I think about 18 hours (not sure).

    You can however, force enable mitigation so the traffic always goes through VAC then there will be no delays. The problem with this though is that latency is slightly higher which can be an issue for latency sensitive games like counter strike.

    I also noticed VAC has false positives sometimes and blocks legit players so it's probably a bad idea to have it on permanently. This was not bad at all though, out of the thousands different players we've had only a few got blocked.

  5. #5
    Quote Originally Posted by martijnk View Post
    Yes, the connection drops for about 30 seconds if it's on automatic. This is the delay needed to re-route the traffic through VAC. Once the traffic goes through VAC it will stay enabled for a pre-defined period, I think about 18 hours (not sure).

    You can however, force enable mitigation so the traffic always goes through VAC then there will be no delays. The problem with this though is that latency is slightly higher which can be an issue for latency sensitive games like counter strike.

    I also noticed VAC has false positives sometimes and blocks legit players so it's probably a bad idea to have it on permanently. This was not bad at all though, out of the thousands different players we've had only a few got blocked.
    I am only noticing 2-4ms difference with OVH VAC permanently on. It re-routes the traffic over complete different routes as displayed below.

    With DDoS Protection Activated

    Tracing route to [198.27.82.97]
    over a maximum of 30 hops:

    1 1 ms 1 ms 1 ms BTHUB4 [192.168.1.254]
    2 78 ms 126 ms 152 ms 217.32.93.122
    3 13 ms 13 ms 13 ms 217.47.210.161
    4 13 ms 14 ms 14 ms 213.1.69.14
    5 14 ms 27 ms 14 ms 31.55.164.102
    6 14 ms 19 ms 13 ms 31.55.164.37
    7 14 ms 14 ms 14 ms 31.55.164.107
    8 13 ms 13 ms 26 ms acc1-10GigE-0-5-0-5.bm.21cn-ipp.bt.net [109.159.
    248.98]
    9 22 ms 23 ms 23 ms core2-te-0-4-0-4.ilford.ukcore.bt.net [109.159.2
    48.6]
    10 20 ms 20 ms 20 ms peer1-xe1-1-0.telehouse.ukcore.bt.net [109.159.2
    54.134]
    11 27 ms * * ldn-1-6k.uk.eu [178.33.103.232]
    12 23 ms 28 ms 42 ms 178.33.100.63
    13 24 ms 26 ms 23 ms vac1-0-a9.fr.eu.vaccum [178.33.100.149]
    14 31 ms 28 ms 28 ms vac1-1-n7.fr.eu.firewall [178.33.100.152]
    15 25 ms 25 ms 25 ms vac1-2-n7.fr.eu.tilera [37.187.36.245]
    16 25 ms 25 ms 26 ms vac1-3-n7.fr.eu [91.121.215.13]
    17 * * * Request timed out.
    18 * * * Request timed out.
    19 * * * Request timed out.
    20 99 ms 100 ms 100 ms [198.27.82.97]
    Without Anti DDoS Protection Activated

    Tracing route to [198.27.82.97]
    over a maximum of 30 hops:

    1 1 ms 1 ms 1 ms BTHUB4 [192.168.1.254]
    2 13 ms 13 ms 13 ms 217.32.93.122
    3 13 ms 14 ms 13 ms 217.47.210.161
    4 14 ms 14 ms 14 ms 213.1.69.14
    5 13 ms 13 ms 13 ms 31.55.164.102
    6 13 ms 13 ms 14 ms 31.55.164.37
    7 13 ms 14 ms 13 ms 31.55.164.107
    8 19 ms 14 ms 34 ms acc1-10GigE-0-5-0-5.bm.21cn-ipp.bt.net [109.159
    248.98]
    9 25 ms 23 ms 24 ms core2-te-0-4-0-4.ilford.ukcore.bt.net [109.159.
    48.6]
    10 20 ms 21 ms 21 ms peer1-xe1-1-0.telehouse.ukcore.bt.net [109.159.
    54.134]
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 96 ms 95 ms 96 ms bhs-g1-6k.qc.ca [198.27.73.205]
    14 148 ms 96 ms 96 ms bhs-3a-6k.qc.ca [198.27.73.12]
    15 94 ms 94 ms 94 ms [198.27.82.97]

    Trace complete.
    Last edited by davywavy; 12-29-2013 at 01:50 PM.

  6. #6
    Join Date
    Jan 2011
    Location
    Canada
    Posts
    938
    That's kinda interesting it's going through the FR vac when your server is in QC. That said, it might just be the shortest route into the OVH network given you're starting in the UK. I'm curious if it back hauls all that way if you're near QC to begin with.

  7. #7
    Quote Originally Posted by tchen View Post
    That's kinda interesting it's going through the FR vac when your server is in QC. That said, it might just be the shortest route into the OVH network given you're starting in the UK. I'm curious if it back hauls all that way if you're near QC to begin with.
    It back hauls all the traffic to the nearest OVH PoP. As they have 3 Mitigation Points. so Anyone close to the UK the traffic goes through the France VAC System and QC when you are in the UK. Might be the easiest way for them to Mitigate DDoS By hauling it through the closest VAC system. People on HF seem to be mad about the OVH DDoS Protection and all seem to claim they can take it down. When in Reality they know nothing and are just a Bunch of Kids.

    Hopefully OVH up the game and improve the DDoS Protection as time goes on. I see one day in the future DoS / DDoS Attacks will be a thing of the Past. How ever with Larger Transit uplinks and the Internet ever expanding everyday we will see the 480Gbps of DDoS Protection that OVH have need Upgrading to double that figure.

    Most people seem to Believe that OVHs Protection will become saturated with all of the Attacks they will Receive but I highly Doubt it. They will just end up Charging a Fee to have the VAC system enabled Eventually. Even if it's a small fee Just so they Increase Capacity.

  8. #8
    Join Date
    Sep 2012
    Posts
    41
    Quote Originally Posted by davywavy View Post
    It back hauls all the traffic to the nearest OVH PoP. As they have 3 Mitigation Points. so Anyone close to the UK the traffic goes through the France VAC System and QC when you are in the UK. Might be the easiest way for them to Mitigate DDoS By hauling it through the closest VAC system. People on HF seem to be mad about the OVH DDoS Protection and all seem to claim they can take it down. When in Reality they know nothing and are just a Bunch of Kids.

    Hopefully OVH up the game and improve the DDoS Protection as time goes on. I see one day in the future DoS / DDoS Attacks will be a thing of the Past. How ever with Larger Transit uplinks and the Internet ever expanding everyday we will see the 480Gbps of DDoS Protection that OVH have need Upgrading to double that figure.

    Most people seem to Believe that OVHs Protection will become saturated with all of the Attacks they will Receive but I highly Doubt it. They will just end up Charging a Fee to have the VAC system enabled Eventually. Even if it's a small fee Just so they Increase Capacity.
    Yeah latency only increases by a few ms, which is not a whole lot indeed, it's the false positives though that matter, so I have it on auto for now. I do still block UDP 53 and 123 though, I don't know if these blocks still work with VAC on auto, probably not.

    I don't think their protection will become saturated either. Most of these kids pay good money for ddos attacks as they don't have their own botnets. They're not gonna pay money and keep the attack running while it's failing, there's no fun in that and it's a waste of resources.

    At this point OVH has the best ddos protection available and it's (almost) free of charge, while other companies like Black Lotus charge you insane amounts of money for usually just 10 gbps protection which is about the same as having no protection at all these days. There is no way professional anti-ddos companies can currently compete with what OVH has to offer.

  9. #9
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    A couple of points

    1 - According to Arbor, the average attack size is 2.7 Gbps
    2 - High quality networks and carrier grade filtering gear is expensive

  10. #10
    Quote Originally Posted by martijnk View Post
    At this point OVH has the best ddos protection available and it's (almost) free of charge, while other companies like Black Lotus charge you insane amounts of money for usually just 10 gbps protection which is about the same as having no protection at all these days. There is no way professional anti-ddos companies can currently compete with what OVH has to offer.
    Voxility offer the same levels of DDoS Protection as OVH but charge 800 Euro a Month to use the Feature. and Yes OVH do not charge anything and the false Positives might be annoying. But as the service is free complaining is not a Option

    But hopefully they improve the Protection over time and offer better features.

  11. #11
    Join Date
    Sep 2012
    Posts
    41
    Quote Originally Posted by IRCCo Jeff View Post
    A couple of points

    1 - According to Arbor, the average attack size is 2.7 Gbps
    2 - High quality networks and carrier grade filtering gear is expensive
    I find 2.7 hard to believe.

    With DNS amp you only need one server to get a 10 - 20 gbps attack as long as you have enough open resolvers. My average attack sizes were more in the 15 - 17 gbps neighborhood.

  12. #12
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by martijnk View Post
    I find 2.7 hard to believe.

    With DNS amp you only need one server to get a 10 - 20 gbps attack as long as you have enough open resolvers. My average attack sizes were more in the 15 - 17 gbps neighborhood.
    This is directly from an Arbor report. They are regarded as an authoritative source in our industry. The information comes directly from a constellation of their customer's flow collectors. Our own network reports support the same findings.

    If you're able to launch a larger attack, that means you're more awesome than all of the other packet kids

  13. #13
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    One thing I want to point out is that certain type of attacks will still able to hit your server until OVH's Arbor filter kicks in, and there is no option to have their Arbor filter on permanently. With ~30Gbps of these type of attacks, it can saturate their Arbor filter capacity, and OVH will null the IP.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  14. #14
    Quote Originally Posted by CNSERVERS View Post
    One thing I want to point out is that certain type of attacks will still able to hit your server until OVH's Arbor filter kicks in, and there is no option to have their Arbor filter on permanently. With ~30Gbps of these type of attacks, it can saturate their Arbor filter capacity, and OVH will null the IP.
    For a Extra $20 it is Possible to configure both Arbor Protection And Tilera Protection. I'm guessing the Arbor Protection is for Layer7 Attacks where the Tilera Protection is for Layer 4.

  15. #15
    Join Date
    Sep 2012
    Posts
    41
    Yeah I heard about these Layer 7 attacks but they are mostly based on http protocol.

  16. #16
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by davywavy View Post
    For a Extra $20 it is Possible to configure both Arbor Protection And Tilera Protection. I'm guessing the Arbor Protection is for Layer7 Attacks where the Tilera Protection is for Layer 4.
    There is no way to enable Arbor permanently even with the $20 extra feature.

    The Arbor is for certain Layer 4 attacks as well, I was specifically referring to those that could hit your server until the Arbor kicks in.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  17. #17
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by CNSERVERS View Post
    One thing I want to point out is that certain type of attacks will still able to hit your server until OVH's Arbor filter kicks in, and there is no option to have their Arbor filter on permanently.
    .. which is quite standard for high capacity systems. This offers extreme scalability and prevents false positives when filtering is not needed. Protection can be engaged as quickly as flows are generated and analyzed at the sensor.

  18. #18
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by IRCCo Jeff View Post
    .. which is quite standard for high capacity systems. This offers extreme scalability and prevents false positives when filtering is not needed. Protection can be engaged as quickly as flows are generated and analyzed at the sensor.
    And the players get disconnected as quickly as well.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  19. #19
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by CNSERVERS View Post
    And the players get disconnected as quickly as well.
    They also stay disconnected when an attack scales beyond the capabilities of an inline device.

  20. #20
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,315
    Quote Originally Posted by IRCCo Jeff View Post
    They also stay disconnected when an attack scales beyond the capabilities of an inline device.
    That's when null route comes in don't you think? I don't see your point.
    CNSERVERS.COM - Los Angeles, San Jose, Portland, Seattle, HongKong
    AS40065 | In-House DDoS protection | BGP Network with 6T+ capacity
    Zayo/HE/PCCW/Cogent/Telia/GTT/NTT/TATA/China Telecom/CN2/China Unicom/China Mobile
    Colocation / DDOS Protection / High Bandwidth Server

  21. #21
    Join Date
    Feb 2005
    Location
    UK
    Posts
    554
    What is it that attracts these DDoSers to the point where they're willing to waste their own money on it? What is there to gain from taking some game servers down?

  22. #22
    Quote Originally Posted by Ryan Williams View Post
    What is it that attracts these DDoSers to the point where they're willing to waste their own money on it? What is there to gain from taking some game servers down?
    Usually they have competitive game servers and they want to discredit the competition.

  23. #23
    Join Date
    Sep 2012
    Posts
    41
    Quote Originally Posted by sannin View Post
    Usually they have competitive game servers and they want to discredit the competition.
    That's usually the reason yes. But there's also the players that get banned and think they got unfairly treated or players doing it out of spite.

    I even saw cases where they did it to annoy another player, so they ddos your server to get back to one player.

    Good example was derptrolling who downed a lot of sites just to get one player. They even called SWAT on his home address saying there was a hostage situation.

    http://siliconangle.com/blog/2014/01...new-years-day/

  24. #24

    * THE TRUTH ABOUT OVH

    This has been the worst experience in hosting in a while for me. This is also the first review page search result that pops up on Google, so don't come crying to me about this being an old post, Jack!

    Their customer support is AWFUL!
    They took my site down without reason in the past.
    They never allowed us to recover our data, bills were all paid up too!

    They left me hanging when I called support, so basically, they took my money and never guided me through the WHM and CPANEL setup.

    I was stuck and no one would help, plus no one was even familiar with the English language as their first language!!! I got lucky if I ever talked to someone who didn't sound like they were talking with a bag full of marbles in their mouth due to their heavy accents. I had to call them several times for one issue that never got resolved.

    Needless to say, same day purchase, same day refund.

    THANKS BUT NO THANKS OVH, YOU SUCK!!!

  25. #25
    Join Date
    Feb 2012
    Posts
    2,103
    Quote Originally Posted by NinjaChance View Post
    This has been the worst experience in hosting in a while for me. This is also the first review page search result that pops up on Google, so don't come crying to me about this being an old post, Jack!

    Their customer support is AWFUL!
    They took my site down without reason in the past.
    They never allowed us to recover our data, bills were all paid up too!

    They left me hanging when I called support, so basically, they took my money and never guided me through the WHM and CPANEL setup.

    I was stuck and no one would help, plus no one was even familiar with the English language as their first language!!! I got lucky if I ever talked to someone who didn't sound like they were talking with a bag full of marbles in their mouth due to their heavy accents. I had to call them several times for one issue that never got resolved.

    Needless to say, same day purchase, same day refund.

    THANKS BUT NO THANKS OVH, YOU SUCK!!!
    They are an unmanaged service, they aren't there to guide you on setting up software, that's up to you, if you don't have the experience of doing that then you need a managed provider.
    Clouveo - SSD/NVMe Cloud VPS & Web Hosting
    Cloud VPS Servers | DDoS Protected | Snapshots | Auto Backups | One Click Apps | Custom ISOs
    clouveo.com | Locations: [UK] London, [NL] Amsterdam, [US] Los Angeles

Page 1 of 2 12 LastLast

Similar Threads

  1. OVH.ie almost 3 year review (Bad review)
    By weaklinks in forum Dedicated Server
    Replies: 4
    Last Post: 07-22-2013, 03:36 PM
  2. OVH.co.uk .... Review
    By lynxus in forum VPS Hosting
    Replies: 1
    Last Post: 06-21-2013, 03:11 PM
  3. OVH Review
    By difumetti in forum Dedicated Server
    Replies: 9
    Last Post: 02-27-2013, 11:58 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •