Help & DocumentationAnti-DDoS AdvancedOperation GuideProtection ConfigurationConfiguring Cleansing Threshold and Protection Level

Configuring Cleansing Threshold and Protection Level

Last updated: 2020-02-17 10:59:48

PDF

Use Cases

DDoS High Defense IP service provides defense policy adjustment feature, and provides three protection levels for you to choose from against DDoS attacks. The specific protection operations for each protection level are as follows:

If the business needs to use UDP, it is recommended to contact Tencent Cloud's technical support Policy customization to prevent strict patterns from affecting the business.

Protection gradeProtective operationDescription
Loose
  • Filter SYN and ACK packets with clear attack characteristics.
  • Filter TCP, UDP and ICMP packets that do not conform to Protocol specifications.
  • Filter UDP packets with clear attack characteristics.
The cleaning strategy is relatively loose and only protects the attack packets with clear attack characteristics.
It is recommended to use it when manslaughter is suspected, and pass through may be attacked when there is a complex attack.
Normal
  • Filter SYN and ACK packets with clear attack characteristics.
  • Filter TCP, UDP and ICMP packets that do not conform to Protocol specifications.
  • Filter UDP packets with clear attack characteristics.
  • Filter common UDP-based attack packets.
  • Carry on the active verification to part of Access source IP.
The cleaning strategy adapts to the vast majority of businesses and can effectively protect against common attacks.
The default is normal mode.
Strict
  • Filter SYN and ACK packets with clear attack characteristics.
  • Filter TCP, UDP and ICMP packets that do not conform to Protocol specifications.
  • Filter UDP packets with clear attack characteristics.
  • Filter common UDP-based attack packets.
  • Carry on the active verification to part of Access source IP.
  • Filter ICMP attack packets.
  • Filter common UDP attack packets.
  • UDP packets are strictly checked.
The cleaning strategy is relatively strict, so it is recommended to use it when attacking pass through in normal mode.
By default, the DDoS high defense IP instance you purchased adopts the normal protection level, and you can adjust the DDoS protection level freely according to the actual business situation. At the same time, you can also customize the cleaning threshold, when the attack Traffic exceeds the set threshold, Launch cleaning policy.

Configuration exampl

The following is an example of configuring "bgpip-000002ai" in South China (Guangzhou) to illustrate the configuration:

  1. Login DDoS Protection Management console In Left sidebar, select * * DDoS High Defense IP * *-> * * Asset list * *, and in the region selection box, click * * South China (Guangzhou) * *.
  2. In the list of instances below, find the high defense IP instance whose target ID is "bgpip-000002ai". In the operation item on the right, click "Defense configuration" to configure it.
  1. In the pop-up page of DDoS protection configuration, turn on "Protection status", and set the cleaning threshold and protection level.

Only if [protective status] is The configuration item is visible only when the status is. If the protection status is turned off manually, the configuration item is hidden and the configuration does not take effect. After reopening, the configuration item is visible and the original configuration data is maintained.

Configuration parameters description:

  • Protection Status
    It is enabled by default, and you can enable or disable protection according to the actual business needs. When you disable defense, you can set the duration for which the defense can only be temporarily disabled for 1-6 hours, exceeding the set duration or when the attack on Traffic exceeds 100wpps or 2Gbps, the DDoS high defense package will automatically enable the defense.
  • Cleaning threshold
    -the cleaning threshold is the threshold of Launch's cleaning action for high-defense products. When Traffic is less than the threshold, the cleaning operation will not be carried out even if an attack is detected.
    -when "Defense status" is enabled by default, the cleaning threshold of the DDoS High Defense IP instance just connected to the service adopts the default value, and with the change of Traffic of the access business, the system automatically learns to form a baseline value. You can set the cleaning threshold freely according to the actual business situation.

If the cleaning threshold is clear, custom settings can be made. If the cleaning threshold is not clear, the DDoS protection system will automatically learn and generate a set of default thresholds according to the AI algorithm.

  • Protection grade
    When "Protection status" is enabled by default, the DDoS high defense IP instance just connected to the business adopts the normal protection level. You can freely adjust the DDoS protection level according to the actual business protection needs.
  • Other configuration items
  • Use cases
    You can select a matching business scenario from the business scenario you have created according to your actual business needs, and you can modify it. When a business scenario is selected, the corresponding "advanced policy" automatically matches the policy generated by that business scenario. For more information, please see Configuring Scenarios To create a business scenario
  • Advanced strategy
    Based on the business protection features, you can select a matching advanced policy from the high-level policies you have created, and you can modify them. For more information, please refer to the tube. Advanced Protection Strategy of DDoS To create an advanced protection policy
  • DDoS attack alarm threshold
    DDoS attack alarm threshold configuration feature. If the detected Metric exceeds the threshold set by you, an alarm will be triggered and the attack alarm message will be pushed to you. For more information, please see Configure attack alarm threshold Set the alarm to Metric.
  • TCP service AI enhanced protection
    For Layer-4 's TCP business, DDoS High Defense IP provides TCP service AI enhanced protection. After the function is enabled, through the self-learning of the daily business characteristics of the AI model, you can automatically identify business Traffic and attack Traffic, and effectively defend against Layer-4 CC attacks on the line.
    Currently, the enhanced protection feature of TCP service AI is only available to whitelist.