E-Commerce Mega Sale DDOS Defense

How a global retailer protected 200M+ users during Black Friday 2024

Scenario Overview

The world's #3 e-commerce platform faced an organized DDoS campaign during peak Black Friday traffic. This case study examines how they maintained 99.99% uptime for 72 consecutive hours during the event.

Challenges Faced

  • 680Gbps volumetric attack during critical checkout window
  • HTTP flood (Slowloris variant) targeting cart checkout endpoints
  • Need to maintain 0.25s average transaction latency
  • Protect 2.4 million concurrent active users

Defense Architecture

Cloudflare WAF + Rate Limiting AWS Shield Advanced
  • Anycast CDN: Distributed 200+ edge locations
  • Auto-scaling: Dynamic backend scaling at 500% baseline capacity
  • Rate limiting: Session-based with sliding window
  • Behavioral analysis: AI-based traffic classification

Performance Metrics

95.7%

Mitigated traffic

97.2%

User retention

0.21s

Latency achieved

Lessons Learned

Pre-deployment

  • Conducted 6-phase stress testing with 1.2Tbps throughput
  • Created baseline profiles for 12 major regional traffic patterns
  • Redundancy across 3 AWS availability zones

Incident Response

  • Real-time traffic analysis via Prometheus metrics dashboard
  • Automated failover in 180ms using BGP routing
  • On-site SOC team with 95% alert accuracy rate