Ask Your Question

Revision history [back]

Maybe it's me, but wouldn't you not want your OS to filter those requests? The benefit to what Radware has developed is that it's a small module that punts flows to a central or cluster location for scrubbing. It uses information based on a current baseline of the incoming/outgoing requests at different intervals of the day to determine malicious or anomalous traffic. This eases any additional load that your Openstack environment would have to undertake.

You could filter keystone requests via a firewall but you are still susceptible to resource exhaustion. You're better off having an API gateway that's validating your requests.