Welcome! Log In Create A New Profile

A Nginx Upstream DDoS Blackhole how does it work ?

Forum List Message List New Topic Print View

c0nw0nk

July 27, 2017 01:55AM

Registered: 10 years ago
Posts: 210

So I was looking at a upstream that has been flooded from multiple locations and read that you can create what is called a blackhole within the upstream what helps with the DDoS scenario.

Here Is My upstream config :

upstream web_rack {
server 127.0.0.1:9000 weight=1 fail_timeout=4;
server 127.0.0.1:9001 weight=1 fail_timeout=4;
server 127.0.0.1:9002 weight=1 fail_timeout=4;
server 127.0.0.1:9003 weight=1 fail_timeout=4;
server 127.0.0.1:9004 weight=1 fail_timeout=4;
server 127.0.0.1:9005 weight=1 fail_timeout=4;
server 127.0.0.1:9006 weight=1 fail_timeout=4;
server 127.0.0.1:9007 weight=1 fail_timeout=4;
server 127.0.0.1:9008 weight=1 fail_timeout=4;
server 127.0.0.1:9009 weight=1 fail_timeout=4;
server 127.0.0.1:9010 weight=1 fail_timeout=4;
least_conn;
}

My question is how does a blackhole in the upstream help and work... is setting the "DOWN" state a permament 503 for all timed out upstream requests ?

And here is the upstream i read can act as a blackhole ( itpp2012 gets credit for this )

A simple configuration like:
upstream myLoadBalancer {
server 192.168.169.22:80 weight=1 fail_timeout=5;
server 192.168.169.17:80 weight=1 fail_timeout=5;
server 192.168.169.26:80 weight=1 fail_timeout=5;
server 192.168.169.23:80 weight=1 fail_timeout=5;
server 192.168.169.27:80 weight=1 fail_timeout=5 down;
server 192.168.169.28:80 weight=1 fail_timeout=5 down;
least_conn;
}
upstream myLoadBalancerDDOS {
server 127.0.0.1:8081 weight=1 fail_timeout=5;
server 127.0.0.1:8082 weight=1 fail_timeout=5;
server 127.0.0.1:8083 weight=1 fail_timeout=5 down;
server 127.0.0.1:8084 weight=1 fail_timeout=5 down;
server 127.0.0.1:8085 weight=1 fail_timeout=5 down;
server 192.168.169.254:80 weight=1 fail_timeout=5 down;
least_conn;
}

In myLoadBalancer you have set 2 extra backends ready for expanding capacity.
In myLoadBalancerDDOS you have set 2 backends (or internal redirects to 503 location blocks) to deal with attacks, a backend (...169.254:80) to serve as a blackhole and 3 more for expanding capacity.

Of course you can set as many backends and their destinations as you like, other webservers, faster blackholes, offloading addresses, swap between cloud providers, etc...

http://www.networkflare.com/

Reply Quote

RSS

Subject	Author	Posted
A Nginx Upstream DDoS Blackhole how does it work ?	c0nw0nk	July 27, 2017 01:55AM
Re: A Nginx Upstream DDoS Blackhole how does it work ?	itpp2012	July 27, 2017 09:13AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 273

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

A Nginx Upstream DDoS Blackhole how does it work ?

A Nginx Upstream DDoS Blackhole how does it work ?

Re: A Nginx Upstream DDoS Blackhole how does it work ?

Online Users