0

I want get high availability with BGP (mostly for DDoS Attack) I have.. Ubuntu servers(not Vultr's) and Vultr's ubuntu servers and I'll rent /24 IP block and AS Number soon..(and link it to vultr) (Unfortunately,we need to pay $2000 to get ddos protection in my server country and I don't want to move to other country server)

I have some ideas but I don't know how to do it... (I'll represent it to webserver)

1: load balancing (assign many IPs to the webserver and add the IPs to A record)

2: FailOverIP (if there is ddos attack to the webserver assigned IP,then use 2nd assigned IP to failover.(then I link the IPs to DNS failover service for users?)

3: Reverse IP -GRE Tunnel : Link /24 IPs to server1 and connect server1 and server2(webserver) with BGP Tunnel to forward the traffic.(User->server1->BGP->server2->web)

-Reverse Proxy -TCP Reverse Proxy : Link /24 IPs to server1 and use reverse proxy softwere to redirect TCP:80 request to server2(webserver)

bibi
  • 1
  • 1

1 Answers1

0

BGP by itself is useful but will not save you from DDoS.

DDoS protection is having more bandwidth than the attack, and still filtering bad traffic from reaching your services. How much you need depends on the threats you face. For comparison, large DDoS events that get analyzed on security blogs are in excess of 400 Gbps and 100 million packets per second. This takes serious infrastructure to filter, either scaling up or out.

Talk to multiple DDoS protection and scrubbing services and mention you have a limited budget. Their network and threat filtering experience is what makes them valuable.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34