Configuring Cleansing Threshold and Protection Level
Last updated: 2020-02-17 10:59:48PDF
DDoS High Defense IP service provides defense policy adjustment feature, and provides three protection levels for you to choose from against DDoS attacks. The specific protection operations for each protection level are as follows:
If the business needs to use UDP, it is recommended to contact Tencent Cloud's technical support Policy customization to prevent strict patterns from affecting the business.
|Protection grade||Protective operation||Description|
|Loose||The cleaning strategy is relatively loose and only protects the attack packets with clear attack characteristics.|
It is recommended to use it when manslaughter is suspected, and pass through may be attacked when there is a complex attack.
|Normal||The cleaning strategy adapts to the vast majority of businesses and can effectively protect against common attacks.|
The default is normal mode.
|Strict||The cleaning strategy is relatively strict, so it is recommended to use it when attacking pass through in normal mode.|
The following is an example of configuring "bgpip-000002ai" in South China (Guangzhou) to illustrate the configuration:
- Login DDoS Protection Management console In Left sidebar, select * * DDoS High Defense IP * *-> * * Asset list * *, and in the region selection box, click * * South China (Guangzhou) * *.
- In the list of instances below, find the high defense IP instance whose target ID is "bgpip-000002ai". In the operation item on the right, click "Defense configuration" to configure it.
- In the pop-up page of DDoS protection configuration, turn on "Protection status", and set the cleaning threshold and protection level.
Only if [protective status] is The configuration item is visible only when the status is. If the protection status is turned off manually, the configuration item is hidden and the configuration does not take effect. After reopening, the configuration item is visible and the original configuration data is maintained.
Configuration parameters description:
- Protection Status
It is enabled by default, and you can enable or disable protection according to the actual business needs. When you disable defense, you can set the duration for which the defense can only be temporarily disabled for 1-6 hours, exceeding the set duration or when the attack on Traffic exceeds 100wpps or 2Gbps, the DDoS high defense package will automatically enable the defense.
- Cleaning threshold
-the cleaning threshold is the threshold of Launch's cleaning action for high-defense products. When Traffic is less than the threshold, the cleaning operation will not be carried out even if an attack is detected.
-when "Defense status" is enabled by default, the cleaning threshold of the DDoS High Defense IP instance just connected to the service adopts the default value, and with the change of Traffic of the access business, the system automatically learns to form a baseline value. You can set the cleaning threshold freely according to the actual business situation.
If the cleaning threshold is clear, custom settings can be made. If the cleaning threshold is not clear, the DDoS protection system will automatically learn and generate a set of default thresholds according to the AI algorithm.
- Protection grade
When "Protection status" is enabled by default, the DDoS high defense IP instance just connected to the business adopts the normal protection level. You can freely adjust the DDoS protection level according to the actual business protection needs.
- Other configuration items
- Use cases
You can select a matching business scenario from the business scenario you have created according to your actual business needs, and you can modify it. When a business scenario is selected, the corresponding "advanced policy" automatically matches the policy generated by that business scenario. For more information, please see Configuring Scenarios To create a business scenario
- Advanced strategy
Based on the business protection features, you can select a matching advanced policy from the high-level policies you have created, and you can modify them. For more information, please refer to the tube. Advanced Protection Strategy of DDoS To create an advanced protection policy
- DDoS attack alarm threshold
DDoS attack alarm threshold configuration feature. If the detected Metric exceeds the threshold set by you, an alarm will be triggered and the attack alarm message will be pushed to you. For more information, please see Configure attack alarm threshold Set the alarm to Metric.
- TCP service AI enhanced protection
For Layer-4 's TCP business, DDoS High Defense IP provides TCP service AI enhanced protection. After the function is enabled, through the self-learning of the daily business characteristics of the AI model, you can automatically identify business Traffic and attack Traffic, and effectively defend against Layer-4 CC attacks on the line.
Currently, the enhanced protection feature of TCP service AI is only available to whitelist.