madkoder.com

We have deployed what we call a “constellation” of reverse proxy VM or VPS nodes running the high performance Web server Nginx. The VM nodes were purchased from several providers given they are located at separate facilities. Essentially, we are off-loading and “splitting” both packet processing and bandwidth consumption across several data center facilities (physical routers & carriers).

The configuration of the Nginx nodes is a typical reverse proxy configuration with the usual extra kernel security configuration. So for a 2Gbps attack and with 20 VM nodes, the bandwidth consumption per node is a maximum of 2GBps / 20 = 100Mbps. That’s a 100Mbps load per VM node, which is reasonable enough and is below the threshold for getting one’s IP null routed by the provider. One could add more and more Nginx nodes to the constellation without issues.

The Nginx front-end nodes will run in proxy mode caching static files and requests. The more aggressive the DDoS the higher the time-to-live for cache objects should be. Your domain’s A records is going to be the IP of the Nginx front nodes configured in round robin fashion.