Google负载平衡器如何处理DDoS [英] How Google Load Balancer handles DDoS

问题描述

在使用贷款平衡器HTTP或网络时，如何处理DDoS？在计算引擎级别上，您可以对源IP进行限制，并且可以确保它不会影响您的服务。然而，这种ip限制在平衡器之后，并且对于每个输入数据，都会有成本$。有什么方法可以避免这种不可预知的成本？ Gb负载平衡解决方案已构建DDoS缓解在降低攻击面：

• 配置入口防火墙规则（如iptables）
  
• 网络负载平衡具有端口过滤功能。任何未负载均衡的端口都会被GCP高度扩展的前端基础设施丢弃。
  
HTTP / HTTPS负载平衡可以吸收和防止IP欺骗和大型SYN泛滥攻击。

• 它也有内置的公平分配

When the loan balancer either http or network is utilized, how DDoS is handled? On compute engine level, you can place restriction on source ip and you can ensure that it does not affect your services. However that ip restriction comes after balancer and for each incoming data, there will be cost $. Is there any way of avoiding such unpredictable cost?

解决方案

• GCP load balancing solution has DDoS mitigations built-in lowering the attack surface:
  • configure ingress firewall rules (like iptables)
  • network load balancing has port filtering. Any port that is not loadbalanced is dropped by GCP highly scaling frontend infrastructure
  • HTTP/HTTPS loadbalancing can absorb and protect from IP spoofing and large SYN flood attacks.
  • it has also fair-share allocation built-in

这篇关于Google负载平衡器如何处理DDoS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！