Code Room
On-callHard
Question
Pager fires: edge ingress bandwidth jumps from a steady 4 Gbps to 90 Gbps in under two minutes, and p99 latency for legitimate users goes from 80ms to timeouts. Your CDN dashboard shows the bulk of traffic is UDP reflection (DNS and NTP source ports) aimed at a single /32 origin IP, plus a smaller layer-7 flood of GET requests to an expensive search endpoint. The attack started 6 minutes ago; no deploy, no marketing event. You're the on-call SRE for edge infra. Triage and mitigate.
What a strong answer looks like
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.