Distributed Denial-of-Service, or DDoS, is a cyberattack method that attempts to disrupt the traffic of a targeted server, service, or network by overwhelming the target with more traffic than it can handle.

DDoS attacks effectively compromise the target server, service, or network to crash it or make it unavailable.

A reflection amplification attack is a type of Distributed Denial-of-Service cyberattack where attackers magnify the amount of traffic generated in order to overwhelm the target and disrupt or shut down systems and services.

We restrict some Droplet network traffic to help protect them against malicious actions, like reflected DDoS attacks. We know these current restrictions also prevent functionality like configuring direct server return and using Droplets as routers and site-to-site VPN gateways. Future changes to our network will support this functionality. Until then, you can work around this limitation by using a VPN mesh network or overlay network.