Welcome! Log In Create A New Profile

Advanced

A Nginx Upstream DDoS Blackhole how does it work ?

July 27, 2017 01:55AM
So I was looking at a upstream that has been flooded from multiple locations and read that you can create what is called a blackhole within the upstream what helps with the DDoS scenario.

Here Is My upstream config :

upstream web_rack {
server 127.0.0.1:9000 weight=1 fail_timeout=4;
server 127.0.0.1:9001 weight=1 fail_timeout=4;
server 127.0.0.1:9002 weight=1 fail_timeout=4;
server 127.0.0.1:9003 weight=1 fail_timeout=4;
server 127.0.0.1:9004 weight=1 fail_timeout=4;
server 127.0.0.1:9005 weight=1 fail_timeout=4;
server 127.0.0.1:9006 weight=1 fail_timeout=4;
server 127.0.0.1:9007 weight=1 fail_timeout=4;
server 127.0.0.1:9008 weight=1 fail_timeout=4;
server 127.0.0.1:9009 weight=1 fail_timeout=4;
server 127.0.0.1:9010 weight=1 fail_timeout=4;
least_conn;
}



My question is how does a blackhole in the upstream help and work... is setting the "DOWN" state a permament 503 for all timed out upstream requests ?

And here is the upstream i read can act as a blackhole ( itpp2012 gets credit for this )

A simple configuration like:
upstream myLoadBalancer {
server 192.168.169.22:80 weight=1 fail_timeout=5;
server 192.168.169.17:80 weight=1 fail_timeout=5;
server 192.168.169.26:80 weight=1 fail_timeout=5;
server 192.168.169.23:80 weight=1 fail_timeout=5;
server 192.168.169.27:80 weight=1 fail_timeout=5 down;
server 192.168.169.28:80 weight=1 fail_timeout=5 down;
least_conn;
}
upstream myLoadBalancerDDOS {
server 127.0.0.1:8081 weight=1 fail_timeout=5;
server 127.0.0.1:8082 weight=1 fail_timeout=5;
server 127.0.0.1:8083 weight=1 fail_timeout=5 down;
server 127.0.0.1:8084 weight=1 fail_timeout=5 down;
server 127.0.0.1:8085 weight=1 fail_timeout=5 down;
server 192.168.169.254:80 weight=1 fail_timeout=5 down;
least_conn;
}

In myLoadBalancer you have set 2 extra backends ready for expanding capacity.
In myLoadBalancerDDOS you have set 2 backends (or internal redirects to 503 location blocks) to deal with attacks, a backend (...169.254:80) to serve as a blackhole and 3 more for expanding capacity.

Of course you can set as many backends and their destinations as you like, other webservers, faster blackholes, offloading addresses, swap between cloud providers, etc...

http://www.networkflare.com/
Subject Author Posted

A Nginx Upstream DDoS Blackhole how does it work ?

c0nw0nk July 27, 2017 01:55AM

Re: A Nginx Upstream DDoS Blackhole how does it work ?

itpp2012 July 27, 2017 09:13AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 76
Record Number of Users: 8 on December 15, 2016
Record Number of Guests: 386 on August 02, 2016
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready