There are a few gotchas, including if I understand it correctly the need to "retry twice" when you try to SSH in your server when a DDoS is going on but...
OVH doesn't even feel a 85 Gbps attack (let alone a 20 Gbps one like in the article). They can deal with attack much larger than that automatically.
They seem to have very good DDoS protection against the "flood" type of DDoS. And this is pretty much transparent to users.
I hope more and more hosting company start implementing similar anti-DDoS features: more competition would bring better protection against flood-type DDoS and cheaper price.
Here's the explanation as to how their system works (in french but there are several graphics):
Basically as soon as a DDoS trying to saturate your server(s) is detected the attacker faces the problem of needing to DDoS... OVH itself.
And the DDoS doesn't even make it to your server while the legitimate trafic still does.
I find it great that there are people actually looking for solutions to the DDoS issue.
Though a friend at another related service had been kicked from two VPS providers due to receiving a few DDoS attacks.
These providers claimed it was against their Terms of Service and ejected him as a customer.
That day he learned it is best to keep offsite-cross-company backups of everything, since he did not get a single byte from his machines.
Storage is so cheap these days there is no excuse not to keep client data for at least a month.
I'm a big fan of OVH.
It just shouldn't be a surprise anymore that DDOS's happen.
In practice, there is. If we're talking about an HTTP flood, the other endpoint address is always validated (due to the 3-way handshake) so it's plausible to rate limit and block individual addresses. (But without validated client addresses, the rule is to NEVER create state off those, because spoofing is too easy.)