DDOS mitigation @flipkart
Submitted by Sameer Garg (@sameerg) on Monday, 12 May 2014
In this talk we explore various types of attacks and what flipkart does for mitigation.
DDOS Attacks have been on the rise all over the world. This include Volumetric i.e. Layer 4 TCP / UDP and Application i.e. Layer 7 HTTP, MySQL.Volumetric attacks are all about muscling out the attacker at the upstream / scrubbing farms. The same cannot be done for Layer 7 attacks.
Traditional DDoS systems cannot catch Layer7 attacks as they all work on layer 4. There are inline solutions such as WAF, etc which looks at traffic and make profiles like IDP. But at scale all that becomes resource intensive and affects latencies. At flipkart we devised a solution that looks at logs from various layers, detects patterns and automatically blocks the attacker at the perimeter.
In this talk we explore various types of attacks and what Flipkart does for mitigation.
Basic understanding of TCP/IP and Internet Routing protocols
Sameer is a Senior Operations Engineer at Flipkart, India's largest e-commerce website with multiple data centers and thousands of servers, where he works on website reliability, scalability and network performance. Before fipkart he handled gigs at Yahoo! and Naukri.