DDoS

DDoS 缓解架构图，涵盖清洗中心设计、传输服务集成以及 F5 分布式云大流量攻击防护。

DDoS 缓解架构

多层 DDoS 缓解方案，包含网络层清洗、应用层检测以及向源站交付洁净流量。

architecture-beta
  group scrub(lucide:shield)[Scrubbing Center]
  group origin(carbon:cloud-services)[Origin DC]

  service edge(carbon:edge-node)[Edge Router] in scrub
  service filter(carbon:firewall)[Traffic Filter] in scrub
  service clean(carbon:load-balancer-global)[Clean Pipe] in scrub
  service lb(carbon:load-balancer-application)[Load Balancer] in origin
  service app(carbon:application)[Application] in origin
  service db(carbon:data-base)[Database] in origin

  edge:R --> L:filter
  filter:R --> L:clean
  clean:R --> L:lb
  lb:R --> L:app
  app:B --> T:db

F5 XC DDoS 与传输服务

F5 分布式云提供 DDoS 防护与传输服务，并集成 CDN 及应用安全能力。

architecture-beta
  group xc(lucide:cloud)[F5 Distributed Cloud]
  group cloud(carbon:cloud-services)[Cloud Infrastructure]

  service ddos(f5xc:ddos-and-transit-services)[DDoS Protection] in xc
  service cdn(f5xc:content-delivery-network)[CDN] in xc
  service waap(f5xc:web-app-and-api-protection)[WAAP] in xc
  service lb(carbon:load-balancer-application)[Load Balancer] in cloud
  service app(carbon:application)[App Cluster] in cloud
  service db(carbon:data-base)[Database] in cloud

  ddos:R --> L:cdn
  cdn:R --> L:waap
  waap:R --> L:lb
  lb:R --> L:app
  app:B --> T:db

大流量攻击流量路径

攻击流量路径图，展示大流量 DDoS 攻击如何在 F5 XC 边缘节点被吸收并缓解，从而避免到达源站基础设施。

flowchart LR
  attacker@{ icon: 'lucide:bug', label: 'Attack Traffic' }
  legit@{ icon: 'lucide:user', label: 'Legitimate Users' }
  edge@{ icon: 'f5xc:ddos-and-transit-services', label: 'XC Edge' }
  scrub@{ icon: 'carbon:firewall', label: 'Scrubbing' }
  drop@{ icon: 'lucide:shield', label: 'Drop Malicious' }
  origin@{ icon: 'carbon:application', label: 'Origin' }

  attacker --> edge
  legit --> edge
  edge --> scrub
  scrub --> drop
  scrub --> origin