Razorpay's defensive architecture

Hey folks ,

today I stumbled upon a very interesting Amazon Web Services (AWS) blog, which outlines a multi-layered defense strategy to mitigate DDoS attacks against Razorpay 's microservice architecture.

DDoS (Distributed Denial of Service) attacks primarily use botnets which flood a server with illegitimate requests from distributed nodes, ultimately failing to serve the legitimate ones. As I was going through the blog, I discovered two major incidents the organization faced and how it led to this hybrid defensive architecture:

• Razorpay faced it's first major incident of chaos and panic on 12th Aug 2021 , whereby their systems were flooded with red alerts. After the recovery, they identified their weaker defense strategy and lack of a streamlined process.
• Subsequently , on 20th May 2022 , around $902,000 was stolen by tampering and manipulating the authorization process of Razorpay software, by 831 failed and unauthorized requests made "authorized" by the APT Hackers. This led to huge losses to the payment gateway company and was a hard blow for them to recover.

Since then , principal solutions architect Jasmine Maheshwari with senior engineers at Razorpay came up with an architecture that combines two of the advanced AWS security services : AWS WAF & AWS Shield.

Let's analyze it:

Primarily , Razorpay uses self-managed API called Edge, which contains an Application Load Balancer to manage the incoming client API invocation requests and routes to it's microservices.

It looks something like this:

The Application Load Balancer shown above is further configured with AWS WAF& Shield. Moreover , WAF blocks requests matching expected variables from IP Sets to routing parameters while Shield works on alarm system triggered when a DDoS attack is suspected.

However there is something more happening here, which helps in identifying attack patterns. That is to say, as Edge performs computations on each request, Razorpay generates insights for each requests to build intelligence and helps the system identify malicious patterns based on it.

Here is the architecture illustrating the same:

At every invocation, the ML model is incrementally trained to generate new insights which further strengthens the protection wall.

In conclusion, this blog was very informative which pictured the company's ingenious architecture to protect its underlying systems.

I encourage anyone reading this to check out AWS blogs here , you'll definitely learn something new , like me :)

Follow me for more such content ??.