Scaling up TCP servers is usually straightforward. Most deployments start by using a single process setup. When the need arises more worker processes are added.
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers.
As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be?
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps.
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact.