Using Cluster-wide Tracking for Better DDoS Protection Using Stick Tables

Sadegh Solati
System and Traffic Engineer, SoundCloud

At SoundCloud we use HAProxy as our reverse proxy. We are the target of different DoS/DDoS attacks that aim to interrupt our service or abuse it. We have around 70 HAProxy instances and we were looking for a rate-limiting and DDoS prevention solution that collects the information from all the zones and makes a cluster-wide decision on whether the request should be allowed to pass or not.

We decided to use HAProxy Enterprise’s stick table aggregator and tuned it for our scale. In this talk, we will present the challenges we have faced and how we solved it. Also, we’ll explain our dashboards for viewing blocked requests and resource usage.

Slide Deck

Here you can view the slides used in this presentation if you’d like a quick overview of what was shown during the talk.

Sadegh Solati

System and Traffic Engineer, SoundCloud

I am Sadegh Solati from Iran. During my 13 years career in IT, I have been through a lot from network cabling to kernel programming. I joined SoundCloud in 2021.

Organizations rapidly deploy HAProxy products to deliver websites and applications with the utmost performance, observability and security at any scale and in any environment. Looking for more stories?