Configuration Options
Using load balancing to support higher bandwidth in service provider environment
FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
29
•
ip address 10.1.0.250 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.0.254
Threshold setting using predefined profiles
When traffic for different attacked customers are diverted through the FortiDDoS
device during attacks, the device may not have the granular traffic thresholds set
correctly corresponding to the traffic level normally experienced by the customer
network.
To solve this issue, you can take two approaches:
1 Learning Mode:
During normal times, train customer network traffic in different
VIDs, archive profile for future use. Restore the threshold configuration during
attack to a specific VID. Divert the traffic and configure the VIDs so that the
FortiDDoS device uses the thresholds corresponding to that VID for the traffic.
2 Predefined Profiles Mode:
Predefine different traffic levels - say 1 Mbps, 10 Mbps,
20 Mbps, 100 Mbps, etc. in various VIDs. Use additional predefined parameters
such as SYN/second, SYNs/Src, Concurrent Connections/Source,
Packets/second, etc. Use such predefined traffic level configurations for different
VIDs and send the attack traffic to a VID that corresponds to the customer traffic
level based on past historical knowledge of the data.
Using load balancing to support higher bandwidth in service provider
environment
Load balancing
Many data center architectures require protecting network infrastructure, and server
farms. With these requirements becoming more prevalent, traffic requirements on
some networks may exceed the capabilities of the FortiDDoS appliance. Furthermore,
the FortiDDoS devices in such network topologies could potentially become a network
bottleneck. FortiDDoS appliances are restricted by interface speeds and support only
1 Gbps full duplex throughput. Thus to increase the overall throughput, you require
some type of load balancing solution using multiple FortiDDoS appliances.
This leads to the requirement that the load-balancing device must exceed the
throughput of numbers of multiple FortiDDoS devices.
Load Balancer intercepts all traffic between the LAN and the WAN, and dynamically
distributes the load among the available FortiDDoS appliances, based on Load
Balancer configuration. Load Balancing utilizes all the appliances concurrently,
providing overall improved performance, scalability and availability.
The FortiDDoS device is a layer-2 bridge and therefore does not have either a MAC
address or an IP address in the data path (path of the packets.). For transparent
bridges, the Load Balancer receives a packet, makes a load balancing decision, and
forwards the packet to a FortiDDoS device. The FortiDDoS device does not perform
NAT on the packets; the source and destination IP addresses are not changed.
The load balancer must perform the following:
•
Balance traffic across two or more FortiDDoS devices in your network, allowing
them to work in parallel.
Содержание FortiDDoS
Страница 1: ...FortiDDoS v3 2 Installation Guide ...
Страница 37: ......