{"id":28369,"date":"2023-04-01T14:04:43","date_gmt":"2023-04-01T14:04:43","guid":{"rendered":"https:\/\/www.ntsplhosting.com\/blog\/?p=28369"},"modified":"2023-04-01T14:07:35","modified_gmt":"2023-04-01T14:07:35","slug":"expanding-cloud-armor-ddos-protection-to-network-load-balancing-and-vms-with-public-ip-addresses","status":"publish","type":"post","link":"https:\/\/www.ntsplhosting.com\/blog\/expanding-cloud-armor-ddos-protection-to-network-load-balancing-and-vms-with-public-ip-addresses\/","title":{"rendered":"Expanding Cloud Armor DDoS protection to Network Load Balancing and VMs with Public IP addresses"},"content":{"rendered":"<div class=\"block-paragraph\">\n<div class=\"rich-text\">\n<p>Over the past few years, Google has observed that distributed denial-of-service (DDoS) attacks are <a href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/identifying-and-protecting-against-the-largest-ddos-attacks\">increasing in frequency and growing exponentially in size<\/a>. Google Cloud customers have been using <a href=\"https:\/\/cloud.google.com\/armor\">Cloud Armor<\/a> and leveraging the scale and capacity of Google\u2019s network edge to protect their environment from <a href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps\">some of the largest DDoS attacks ever seen<\/a>.<\/p>\n<p>We are excited to announce the general availability of <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos\">Cloud Armor advanced network DDoS protection<\/a>, which expands Cloud Armor\u2019s DDoS protection capabilities to workloads using <a href=\"https:\/\/cloud.google.com\/load-balancing\/docs\/network\">external network load balancers<\/a>, <a href=\"https:\/\/cloud.google.com\/load-balancing\/docs\/protocol-forwarding\">protocol forwarding<\/a>, and VMs with Public IP addresses. These workloads are used by a diverse set of customers, including gaming (such as UDP-based traffic) and telecommunications (such as VOIP traffic), and support a wide set of protocols, including custom implementations.<\/p>\n<p>Cloud Armor advanced network DDoS protection provides customers with always-on attack detection and mitigation to defend against volumetric network and protocol DDoS attacks, such as SYN flood, UDP flood, DNS reflection, and NTP amplification attacks. Google Cloud customers can now easily activate advanced network DDoS protection and safeguard themselves from the damaging outcomes of DDoS attacks, including an increase in operational costs, a loss in business continuity, and a degraded user experience.<\/p>\n<p>The Cloud Armor team has been building this new capability in close collaboration with our customers, who use Cloud Armor\u2019s advanced network DDoS protection in their production environments.<\/p>\n<p>\u201cCloud Armor\u2019s advanced network DDoS protection is easy-to-deploy and manage. The automatic detection and mitigation mechanism reduces operational overhead,\u201d said Shay Ben-Haroche, platform group manager, Symantec Zero Trust Network Access and Web Isolation, Broadcom.<\/p>\n<p>Customers using advanced network DDoS protection are also eligible for <a href=\"https:\/\/cloud.google.com\/armor\/docs\/managed-protection-overview#ddos_bill_protection\">bill protection<\/a> and support from the <a href=\"https:\/\/cloud.google.com\/armor\/docs\/managed-protection-overview#ddos_response_support\">DDoS response team<\/a>. Bill protection provides credits for future Google Cloud usage for some increases in billing that are a result of a verified DDoS attack. The DDoS response team includes 24\/7 help and potential custom mitigations from DDoS attacks from the same engineering team that protects all Google services.<\/p>\n<\/div>\n<\/div>\n<div class=\"block-image_full_width\">\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \"><img src=\"https:\/\/storage.googleapis.com\/gweb-cloudblog-publish\/images\/Figure_1_I6NBgKN.max-1000x1000.jpg\" alt=\"Figure 1.jpg\" \/><figcaption class=\"article-image__caption \">\n<div class=\"rich-text\"><i>Cloud Armor advanced network DDoS protection architecture overview<\/i><\/div>\n<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"block-paragraph\">\n<div class=\"rich-text\">\n<h3>Advanced DDoS protection &#8211; How it works<\/h3>\n<p>Cloud Armor\u2019s advanced network DDoS protection operates at Google\u2019s network edge to detect and mitigate attacks far upstream of the customer&#8217;s infrastructure. It monitors a variety of signals for signs of attack including monitoring customers\u2019 workloads health for early signs of distress, and monitoring incoming traffic for anomalies.<\/p>\n<p>First, Cloud Armor observes early signs of workload distress, and quickly <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos#attack_mitigation_event_logs\">alerts the customer that an attack is detected<\/a>. This always-on monitoring mechanism results in timely and accurate attack detection, without adding latency to the traffic flow.<\/p>\n<\/div>\n<\/div>\n<div class=\"block-image_full_width\">\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \"><img src=\"https:\/\/storage.googleapis.com\/gweb-cloudblog-publish\/images\/Figure_2_jrX3Ku0.max-1000x1000.jpg\" alt=\"Figure 2.jpg\" \/><figcaption class=\"article-image__caption \">\n<div class=\"rich-text\"><i>Cloud Armor advanced network DDoS protection &#8211; how it works<\/i><\/div>\n<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"block-paragraph\">\n<div class=\"rich-text\">\n<p>Next, Cloud Armor analyzes incoming traffic to identify the attack signatures. Cloud Armor then automatically deploys the mitigation at the edge of the network, while allowing legitimate traffic to pass through. The incoming DDoS attacks are stopped at the edge before reaching customers\u2019 workloads. During attack mitigation, the traffic flow is unchanged \u2014 no additional hops are added \u2014 and therefore there is no latency impact.<\/p>\n<p>Once Cloud Armor confirms the attack has ended, it will disable the mitigations. The whole process, from detection to mitigation, takes mere seconds and doesn\u2019t require user intervention.<\/p>\n<h3>Comprehensive attack visibility<\/h3>\n<p>Cloud Armor\u2019s advanced network DDoS protection provides attack visibility into past and ongoing DDoS attacks by recording telemetry in <a href=\"https:\/\/cloud.google.com\/logging\">Cloud Logging<\/a>. Customers can view these logs under the \u2018network_security_policy\u2019 resource in <a href=\"https:\/\/console.cloud.google.com\/logs\/query?_ga=2.225803545.2094031690.1679078397-427337224.1679078781\">Logs Explorer<\/a>, and use them for analysis and alerting.<\/p>\n<p>Advanced network DDoS protection generates <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos#attack_mitigation_event_logs\">three types of event logs<\/a> when mitigating DDoS attacks:<\/p>\n<ol>\n<li>\u2018Mitigation Started\u2019 &#8211; Detection of a potential attack and the start of mitigation.<\/li>\n<li>\u2018Mitigation Ongoing\u2019 &#8211; Updates about ongoing mitigation every 5 minutes for as long as the attack is active.<\/li>\n<li>\u2018Mitigation Ended\u2019 &#8211; Conclusion of the attack and the end of mitigation.<\/li>\n<\/ol>\n<p>Logging events include information on attack classification and traffic volumes.<\/p>\n<p>Customers can also apply Cloud Armor\u2019s advanced network DDoS protection in <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos#use_preview_mode\">preview mode<\/a>. In preview mode, the proposed mitigation will not be automatically enforced. Customers will receive logging and telemetry about detected attacks and suggested mitigations. This provides flexibility for customers to test the mitigation effectiveness before enabling it in the production environment. Since the security policy is configured per-region, the customer can enable or disable preview mode per-region.<\/p>\n<\/div>\n<\/div>\n<div class=\"block-image_full_width\">\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \"><img src=\"https:\/\/storage.googleapis.com\/gweb-cloudblog-publish\/images\/figure_3.max-1000x1000.jpg\" alt=\"figure 3.jpg\" \/><figcaption class=\"article-image__caption \">\n<div class=\"rich-text\"><i>Cloud Armor advanced network DDoS protection logging example of SYN flood &amp; NTP amplification<\/i><\/div>\n<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"block-paragraph\">\n<div class=\"rich-text\">\n<h3>Easy to set up<\/h3>\n<p>To apply advanced network DDoS protection, you need to enroll your project into <a href=\"https:\/\/cloud.google.com\/armor\/docs\/managed-protection-overview\">Managed Protection Plus<\/a>.\u00a0 Advanced network DDoS protection is configured on a per-region basis, enabling the protection for all the workloads in that region.<\/p>\n<p>To enable advanced network DDoS protection, please navigate to the <a href=\"https:\/\/console.cloud.google.com\/net-security\/securitypolicies\/\">Cloud Armor<\/a>console and press \u2018create security policy\u2019. For details, see <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos\">Configure advanced network DDoS protection<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"block-image_full_width\">\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \"><img src=\"https:\/\/storage.googleapis.com\/gweb-cloudblog-publish\/images\/figure_4.max-1000x1000.jpg\" alt=\"figure 4.jpg\" \/><figcaption class=\"article-image__caption \">\n<div class=\"rich-text\"><i>Configuring Network edge security policy with advanced network DDoS protection<\/i><\/div>\n<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"block-paragraph\">\n<div class=\"rich-text\">\n<h3>Try one month of Cloud Armor Managed Protection Plus<\/h3>\n<p>To get you started with advanced Network DDoS protection, we are pleased to offer a one month evaluation period for Managed Protection Plus. You can turn on Managed Protection Plus and try it for 30 days.<\/p>\n<p>Google Cloud is offering flexible cancellation terms for the first 30 days after activating the annual subscription for Cloud Armor Managed Protection Plus. To cancel within the evaluation period, please contact <a href=\"https:\/\/cloud.google.com\/support\/billing\">Billing Support<\/a>.<\/p>\n<h3>Get started<\/h3>\n<p>Don\u2019t wait for the next DDoS attack to disrupt your services. Enable Cloud Armor advanced network DDoS protection today to protect your workloads. Check out <a href=\"https:\/\/cloud.google.com\/armor\/docs\/advanced-network-ddos\">this guide<\/a> to learn more or configure using the <a href=\"https:\/\/console.cloud.google.com\/net-security\/?_ga=2.177947237.1505104279.1677618223-1800746757.1677173604\">Google Cloud console<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"block-related_article_tout\">\n<div class=\"uni-related-article-tout h-c-page\">\n<section class=\"h-c-grid\">\n<div class=\"uni-related-article-tout__inner-wrapper\">\n<p class=\"uni-related-article-tout__eyebrow h-c-eyebrow\">Related Article<\/p>\n<div class=\"uni-related-article-tout__content-wrapper\">\n<div class=\"uni-related-article-tout__image-wrapper\">\n<div class=\"uni-related-article-tout__image\"><\/div>\n<\/div>\n<div class=\"uni-related-article-tout__content\">\n<h4 class=\"uni-related-article-tout__header h-has-bottom-margin\">How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps<\/h4>\n<p class=\"uni-related-article-tout__body\">By anticipating a DDOS attack, a Google Cloud customer was able to stop it before it took down their site. They just weren\u2019t expecting it&#8230;<\/p>\n<div class=\"cta module-cta h-c-copy uni-related-article-tout__cta muted\"><span class=\"nowrap\">Read Article<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<\/section>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Over the past few years, Google has observed that distributed denial-of-service (DDoS) attacks are increasing in frequency and growing exponentially in size. Google Cloud customers have been using Cloud Armor and leveraging the scale and capacity of Google\u2019s network edge to protect their environment from some of the largest DDoS attacks ever seen. We are [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":31767,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[479,34],"tags":[505,506,507],"_links":{"self":[{"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/posts\/28369"}],"collection":[{"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=28369"}],"version-history":[{"count":2,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/posts\/28369\/revisions"}],"predecessor-version":[{"id":31769,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/posts\/28369\/revisions\/31769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/media\/31767"}],"wp:attachment":[{"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=28369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=28369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ntsplhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=28369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}