We’ve just recently been hit on by a low-level DDoS on one of our compute nodes. The attack was fulling our conntrack table while having no noticeable impact on our server load, which is why it took us a while to detect it. Is there any recommended practice regarding server configuration to reduce the impact of a DDoS on the whole compute node and thus, prevent it from going down? I understand that increasing the size of the conntrack table is one, but outside of that?
Openstack system administrator
Administrateur système Openstack
OpenStack-operators mailing list