Hello Guys,
a friend of mine asked me to help him with a very nasty issue.
He has 2 x 10 Gbps Fiber connection to the local upsteam.
This connection was already in place when he entered the building, as he use no more than 1 gbps of bandwidth.
Recently he started experiencing DDoS in the range of 8-9 Gbps. It is not enough to fill his BW, but it is much more than needed to fry his firewalls.
He is looking around for commercial solutions, but I hope I can convince him to go opensource, possibly pfsense. Eventually we could make up for the added complexity and less support of open source solutions by hiring a part time admin fully dedicated to this issue.
The idea is to layer several x86 machines to gradually filter his traffic until only clean traffic reaches his network. Each machine use a different set of rules, so that we can reach hopefully an high enough PPS ratio,
I was thinking about using this hardware:
Sandy Bridge EP E5-2643 (less cores but more Mhz)
64 (96 ?) Gb of ECC RAM
4 x Intel 120 (300 ?) GB SSD
Intel motherboard
Intel Fiber NIC x 2
Do you think that by layering several machines we could reach enough throughput?
What would be the best configuration?
I thought about placing 2 machines directly attached to the upstream, each with 8 (4 ?) VM instances of pfsense, with load balancing and failover provided by CARP, with another machine in the back doing the last filtering of the traffic.
Any other idea?
Am I crazy/dreaming, or do you think that this is feasible?
a friend of mine asked me to help him with a very nasty issue.
He has 2 x 10 Gbps Fiber connection to the local upsteam.
This connection was already in place when he entered the building, as he use no more than 1 gbps of bandwidth.
Recently he started experiencing DDoS in the range of 8-9 Gbps. It is not enough to fill his BW, but it is much more than needed to fry his firewalls.
He is looking around for commercial solutions, but I hope I can convince him to go opensource, possibly pfsense. Eventually we could make up for the added complexity and less support of open source solutions by hiring a part time admin fully dedicated to this issue.
The idea is to layer several x86 machines to gradually filter his traffic until only clean traffic reaches his network. Each machine use a different set of rules, so that we can reach hopefully an high enough PPS ratio,
I was thinking about using this hardware:
Sandy Bridge EP E5-2643 (less cores but more Mhz)
64 (96 ?) Gb of ECC RAM
4 x Intel 120 (300 ?) GB SSD
Intel motherboard
Intel Fiber NIC x 2
Do you think that by layering several machines we could reach enough throughput?
What would be the best configuration?
I thought about placing 2 machines directly attached to the upstream, each with 8 (4 ?) VM instances of pfsense, with load balancing and failover provided by CARP, with another machine in the back doing the last filtering of the traffic.
Any other idea?
Am I crazy/dreaming, or do you think that this is feasible?