Using Cluster-wide Tracking for Better DDoS Protection Using Stick Tables

At SoundCloud we use HAProxy as our reverse proxy. We are the target of different DoS/DDoS attacks that aim to interrupt our service or abuse it. We have around 70 HAProxy instances and we were looking for a rate-limiting and DDoS prevention solution that collects the information from all the zones and makes a cluster-wide decision on whether the request should be allowed to pass or not.

We decided to use HAProxy Enterprise's stick table aggregator and tuned it for our scale. In this talk, we will present the challenges we have faced and how we solved it. Also, we'll explain our dashboards for viewing blocked requests and resource usage.