On The Protection of A High Performance Load Balancer Against SYN Attacks

Abstract

SYN flooding is a simple and effective denial-of-service attack. In this attack, many TCP SYN requests are sent to the targeted server, in an attempt to consume its resources and make it unresponsive to legitimate traffic. While SYN attacks have traditionally targeted web servers, they are also known to be very harmful to intermediate cloud devices, and in particular to stateful load balancers (LBs). Fighting against a SYN attack without negatively affecting legitimate connections is not easy, especially if the LB needs to perform frequent server pool updates during the attack, which is very likely since attacks can often last for many hours or even days. This paper is the first to propose LB schemes that guarantee high throughput of one million connections per second, while supporting a high pool update rate without breaking connections and fighting against a high rate SYN attack. Using an analysis and a proof of concept, we show that the LB can handle up to 10 million fake SYNs per second when the RTT is 10ms, and up to 5 million fake SYNs per second when the RTT is 20ms.