R
R
Roman Bogachev2014-10-05 17:38:30
DDoS Protection
Roman Bogachev, 2014-10-05 17:38:30

How to limit the number of skipped packets on Radware?

Radware DefensePro 1016 is available with licenses for 1Gbps (1,000,000 packets).
I do artificial DDoS - all the rules work, BDoS picks up the trash hold of incoming traffic and cuts it, giving the required speed to the server.
But the trouble is that I solved the issue with speed, but not with packages.
I'll deviate from the topic a bit so that it's clearer.
The Radware license provides for accounting only bypass traffic, it is not considered legitimate, even if it hits the ceiling. In my case, I limited it to 100 Mbit/s.
So, when approximately 900,000 kbpps is reached, the piece of iron displays the message "Throughput has reached 90% of the limit of your throughput license" and disables the BDoS system, thereby all unfiltered traffic flows to the server.
I found the "Connection PPS limit Protection" function, set it up, but it does not work.
Who worked closely or is working with such equipment, please, tell me or direct me on the right path?
I immediately warn you that I am not a pro with DDoS equipment.
I study the piece of iron myself, because there is no money to call a specialist from Radware.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
apkotelnikov, 2015-12-30
@apkotelnikov

Good afternoon!
Let's go in order.
Firstly, the x16 platform (ODS 2), however, like any other platform, is licensed only for legitimate traffic. You have a license for 1 gigabit of traffic. Anything that qualifies as an attack doesn't count. 1M PPS is a platform hardware limitation. But there is one "subtlety" in the calculation is not only incoming traffic, but also outgoing. To be more precise, all outgoing traffic on all ports is summed up. This is how only legitimate traffic is counted. You will see a message about reaching 90% of the license usage already at, say, 700 megabits of incoming and 200 outgoing.
Now about what happens when the license is exceeded. Everything that is more than the existing license is simply dropped. At the same time, no protection modules are disabled and everything functions in the normal mode. In older versions of the software, there were various bugs, including those related to errors in the DME, which led to the disabling of DoS filtering (Actually, the DME is responsible for filtering by signatures generated by the BDoS software module). Send me a version and I'll take a look.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question