Let's assume that there are 30 VMs running on a ESXi host and the public IP address of one of them is attacked with UDP DDoS (DNS answers) with 20 gbps. The ESXi is attached with 10 gbps to the FIs. So as a result of the DDoS not only the attacked VM is affected rather all VMs on that ESXi host.
First an currently only idea is to police the traffic per virtual uplink on the upstream router. This includes lots of manual configuration an maintenance (assuming there are xx ESXi Host with thousands of VMs).
Does anyone have an idea how this risk can be mitigated more elegant?
No comments:
Post a Comment