Google负载平衡器如何处理DDoS [英] How Google Load Balancer handles DDoS
本文介绍了Google负载平衡器如何处理DDoS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在使用贷款平衡器HTTP或网络时,如何处理DDoS?在计算引擎级别上,您可以对源IP进行限制,并且可以确保它不会影响您的服务。然而,这种ip限制在平衡器之后,并且对于每个输入数据,都会有成本$。有什么方法可以避免这种不可预知的成本? Gb负载平衡解决方案已构建DDoS缓解在降低攻击面:
When the loan balancer either http or network is utilized, how DDoS is handled? On compute engine level, you can place restriction on source ip and you can ensure that it does not affect your services. However that ip restriction comes after balancer and for each incoming data, there will be cost $. Is there any way of avoiding such unpredictable cost?
解决方案
- GCP load balancing solution has DDoS mitigations built-in lowering the attack surface:
- configure ingress firewall rules (like iptables)
- network load balancing has port filtering. Any port that is not loadbalanced is dropped by GCP highly scaling frontend infrastructure
- HTTP/HTTPS loadbalancing can absorb and protect from IP spoofing and large SYN flood attacks.
- it has also fair-share allocation built-in
这篇关于Google负载平衡器如何处理DDoS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文