Resilience of nBalance Against HTTP/2 Rapid ResetĀ Attack
Recent developments surrounding CVE-2023-44487, a vulnerability detected within the HTTP/2 protocol, have raised concerns about potential denial-of-service attacks targeting web servers, reverse proxies, and similar HTTP/2 traffic-handling software. However, nBalance emerges unscathed from these threats, thanks to its robust architecture and proactive measures.
Why nBalance unaffected
nBalance remains impervious to CVE-2023-44487 due to its robust design. This vulnerability exploits the HTTP/2 protocol's stream multiplexing to manipulate the request cancellation function, enabling attackers to inundate servers with minimal resource cost. While HTTP/2 implements a request concurrency limit, nBalance, configurable to default 100 active streams per connection, automatically rejects attempts to exceed this limit using RST_STREAM frames, safeguarding against excessive stream openings.
The crux of the vulnerability lies in clients abusing the request cancellation feature to rapidly reset streams. As HTTP/2 only considers open streams at the connection level, reset streams transitioning to a "closed" state evade the limit count, resulting in no increase in total streams. However, servers, unaware of these resets and their parent connections, may amass process backlogs, leading to resource exhaustion and service interruptions, particularly under DoS attacks. Moreover, the minimal message size required to create and reset a stream renders this method appealing to attackers, as taking down an unprotected server demands negligible bandwidth.
nBalance's immunity to such exploits stems from its meticulous resource tracking and efficient stream management, ensuring that even amidst rapid stream resets, server performance remains uncompromised. By thwarting attack vectors like the HTTP/2 Rapid Reset, nBalance upholds its commitment to providing resilient and high-performance traffic management solutions, safeguarding against emerging cybersecurity threats.
nBalance: Safeguarded by Design
nBalance is inherently safeguarded by its design against vulnerabilities such as those posed by malicious client behavior. Recognizing the potential impact of such issues on load balancers, nBalance prioritizes resilience. Versions 1.9 and beyond have fortified nBalance's defenses by enhancing its handling of HTTP/2 protocol stream multiplexing.
In contrast to merely tallying established streams at the protocol level, nBalance meticulously tracks allocated resources. A stream remains accounted for until its resources are fully released, thereby effectively enforcing the streaming limit. Consequently, new stream creation is deferred until nBalance falls below the configured stream limit again. In cases where resolution does not occur, regular timeouts come into effect, leading to stream termination. These proactive measures ensure that the impact of events like Rapid Reset on nBalance and the servers it fronts remains minimal, akin to legitimate traffic.
Moreover, the foundational principles established in the nBalance 1.9 code commit persist throughout subsequent iterations, including nBalance Enterprise, nBalance Enterprise Kubernetes Ingress Controller, and nBalance ALOHA. As a result, our suite of products has consistently maintained proactive immunity against attacks like the HTTP/2 Rapid Reset for the past five years, demonstrating resilience without exhibiting vulnerability.
Ensuring Unaffected Status
In response to CVE-2023-44487, we have conducted thorough internal testing employing diverse test cases and simulated attacks.
We tested client requests on an AMD EPYC 74F3 server, equipped with 24 cores at 3GHz, the same server utilized for demonstrations at HAProxyConf. Achieving 800,000 requests per second at saturation, performance remained commendable.
Furthermore, we executed a comparative analysis between the number of calls to various functions within the process during attack simulations and under h2load. With 24 clients for each simulation, and an approximate cap of 2.2 million requests enforced, any successful simulated attack would manifest notable discrepancies in these calls. However, in HAProxy, the numbers remained practically identical, indicating unsuccessful attack penetration. Although architectural nuances may slightly vary, they are not significant enough to warrant concern.
nBalance Continues to Withstand HTTP/2 Rapid Reset
Drawing from previous advancements and recent evaluations, nBalance stands resilient against the HTTP/2 Rapid Reset Attack. Our performance remains unaffected by DoS attacks exploiting stream multiplexing, ensuring that the servers supported by nBalance do not experience anomalous traffic surges. The substantial resources required to orchestrate such an attack serve as a testament to nBalance's robust defenses.
Our clientele can have confidence in our commitment to crafting products with resource optimization at the forefront. This dedication accounts for nBalance's immunity to CPU, memory, and overall resource-related vulnerabilities.