Google firewall being saturated and not allowing valid requests through

Question

We've configured some Firewall rules to block some bad ips. This has been done in the VPC Network -> Firewall area. This is NOT done on the server via IPTables or anything.

Everything is fine until we have floods of traffic from these bad ips. I can see in the firewall log for this rule it was blocking them, but there is either a connection limit or bandwidth limit. For 40 minutes I have a solid wall hit counts of 24,000 for ever minute - no up or down just 24,000 constantly.

The server was getting no traffic, resource usage was way down. This was a problem because valid traffic was getting bottle necked somewhere.

The only thing I can see in the docs is a limit of 130,000 maximum stateful connections. https://cloud.google.com/vpc/docs/firewalls#specifications

Machine type is n1-standard-4

During this attack when I looked at the quotas page, nothing was maxed out.

Is anyone able to shed some light on this?

Answer 1

The answer is to resize the instance size and add more cores. Don't use instanced with shared cores.

I went for an n2 with 8 cores and this has now resolved it's self.