Yeah their anti-DDOS is actually to null route everything to your server. It's been a long time since I've seen that but that how they did it in the past (which is actually making any ddos against you really effective but your neighbors won't be as affected).
If it's actually your server that actually attack another server, they will shutdown your server and give you a warning. They will let you boot in their recovery os that let you access your file system but if your server does it again, they terminate your account.
Like I said, maybe it's different from the last time I saw an attack on an OVH server, however when I saw it, it was literally impossible to reach the server even though it was still up. Using their ip failover system was the only way.
Their anti-DDOS system is mostly designed to protect against external attacks. It works at the network level, probably at the connection between their network and the outside world. Because that's the most efficient way: detect them and block them where you have the most bandwidth available.
This is an internal attack, which requires different mitigation measures, and is seen less often in the wild (compromising 500 servers from a specific provider is more difficult than 500 random servers on the internet, and you're pretty much guaranteed that the provider will deactivate most of them after the first attack), so I guess their protection systems aren't as developped against it.
Its on network/hardware level. The issues with internal DDOS is that they are software related. OVH cannot access your server (or it shouldn't) so the only choice they have is to shut the server and wait till you will fix it.
But if you receive DDOS attack to your server from outside, they can defend you using network resources.
