Using Cluster-wide Tracking for Better DDoS Protection Using Stick Tables
At SoundCloud we use HAProxy as our reverse proxy. We are the target of different DoS/DDoS attacks that aim to interrupt our service or abuse it. We have around 70 HAProxy instances and we were looking for a rate-limiting and DDoS prevention solution that collects the information from all the zones and makes a cluster-wide decision on whether the request should be allowed to pass or not.
We decided to use HAProxy Enterprise’s stick table aggregator and tuned it for our scale. In this talk, we will present the challenges we have faced and how we solved it. Also, we’ll explain our dashboards for viewing blocked requests and resource usage.
Here you can view the slides used in this presentation if you’d like a quick overview of what was shown during the talk.
System and Traffic Engineer, SoundCloud
I am Sadegh Solati from Iran. During my 13 years career in IT, I have been through a lot from network cabling to kernel programming. I joined SoundCloud in 2021.