How we mitigated over 150 thousand DDoS attacks in 1 year and learned from them.
Published at Oct 17 2022
RoyaleHosting has been the goto provider for protection against attacks for a while now, DDoS protection has also been one of our main priorities and we’ve allocated a massive amount of resources into improving the DDoS protection to filter sophisticated and volumetric attacks.
Increase in DDoS Attacks
During the past year RoyaleHosting has seen a tremendous amount of growth, we had to drastically increase our network capacity and improve our infrastructure to support the growth. With this growth we also noticed an increase in both the amount and sizes of DDoS attacks targetting our customers.
In August 2021 we completely rebuilt our infrastructure and DDoS mitigation approach, from then on we would use Corero (Global Secure Layer) as our primary DDoS protection layer as they’re one of the best options to filter high capacity volumetric attacks reaching multiple terabits a second. Like most general protection layers Corero isn’t perfect and might still let a low amount of DDoS traffic through that can cause harm to the applications running on the servers of our customers. This is why we created a second DDoS protection layer in-house to counter bypass attacks that could not be filtered by Corero.
The Application Shield is a custom-built DDoS protection layer that is built into our network infrastructure. We’re using this layer to protect our customers from sophisticated attacks targetting specific Applications like game servers, VPN servers, web applications, and more. The Application Shield is built to filter attacks that bypass other protection layers that can still cause harm to the applications running on the servers of our customers.Screenshot of the Application Shield dropping DDoS traffic.
One of the most important things with the application shield is performance, since the application shield makes use of advanced filtering techniques that are heavy for a CPU to handle it’s important to offload as much to the server NIC as possible. This is why we’re using Mellanox ConnectX-4/Netronome NICs in our servers to offload the filtering to the NICs. This allows us to filter attacks with a very low impact on the CPU and memory usage of the server. This caused a massive improvement in performance for our customers and allowed us to filter attacks that would have been impossible to filter before.Screenshot of CPU usage on the Application Shield servers during an attack.
One of the last things we set out to do was give our customers the ability to manage their own service firewall, we think it’s important to give our customers full control and visibility about what’s going on so our customers can take action without needing our help. To achieve this goal we created our shield panel that allows our customers to manage their network firewall via an easy-to-use and simple interface.Screenshot of a beta version of the firewall panel.
The importance of good application DDoS Protection
Many hosting providers offer high-capacity volumetric DDoS mitigation but as highlighted above it’s really important to have a solid mitigation solution for application based attacks. By utilizing the RoyaleHosting network you can be sure that your server and application will stay online no matter what, our team is always happy to assist with building custom DDoS protection for your needs! (Contact our team)