Last updated: 2020-02-17 11:01:06PDF
A Distributed Denial of Service (DDoS) attack is a malicious attempt to make service unavailable by blocking the network bandwidth or overwhelming the system of the target server with a flood of Internet traffic.
Network layer DDoS attack
A network layer DDoS attack attempts to make service unavailable by blocking the network bandwidth to exhaust system layer resources of the target server using a flood of Internet traffic.
Common attacks include SYN Flood, ACK Flood, UDP Flood, ICMP Flood, and DNS/NTP/SSDP/memcached attacks.
A CC attack is a malicious attempt to make service unavailable by occupying application layer resources and exhausting the processing performance of the target server.
Common attacks include GET/POST Flood, Layer-4 CC, and Connection Flood based on HTTP/HTTPS.
The protection bandwidth consists of the base protection bandwidth and elastic protection bandwidth.
- Base protection bandwidth: refers to the minimum protection bandwidth capability of high defense service instances, which is Prepaid on a monthly basis.
- Elastic protection bandwidth: refers to the maximum elastic protection bandwidth capacity of high defense service instance. The elastic part is Postpaid by day.
If elastic defense is not enabled, base protection bandwidth is the highest defense peak of the high defense service instance. If elastic defense is enabled, elastic protection bandwidth is the highest defense peak of the high defense service instance. Blocking is triggered when the attack on Traffic exceeds the maximum defense peak of the high defense service instance.
Elastic defense is turned off by default. If you need to enable elastic protection, please turn it on by yourself after knowing the relevant flexible charges. Users can adjust elastic protection bandwidth at any time according to their own business needs.
The role of elastic protection bandwidth
After elastic defense is enabled, when the peak attack of Traffic exceeds the purchased base protection bandwidth and falls within the scope of elastic protection bandwidth, Tencent Cloud DDoS High Defense IP can continue to provide protection for users and ensure the continuity of business Access.
How to charge for elastic protection
After elastic protection is enabled, the elastic protection will be triggered if the traffic exceeds the base protection bandwidth, and will incur cost according to the billing tier of the peak attack bandwidth. The related bill is generated on the following day.
For example, the bottom protection you purchased is 20Gbps, and the elastic protection is 50Gbps. If the actual attack peak on that day is 35 Gbps, you need to pay cost for elastic defense in the 30Gbps-40Gbps range.
When the public network of the target IP Traffic exceeds the set protection threshold, Tencent Cloud Dayu system will automatically clean the public network inbound of the IP to Traffic. Redirect Traffic from the original network path to the DDoS cleaning Device of Dayu system through BGP routing Protocol, identify the Traffic of the IP by cleaning Device, discard the attack Traffic, and send the normal Traffic repost to the target IP.
In general, cleansing does not influence regular access, except for special occasions or when the cleansing policy is incorrectly configured.
When the attack on the target IP Traffic exceeds its blocking threshold, Tencent Cloud will block all public network Access of the IP through ISP's service to protect other users of the cloud platform from being affected. In short, when one of your IP suffers more attacks than the high-defense package you have purchased, Traffic is the biggest. Defense peak Tencent Cloud will block all public networks of the IP, Access. When your protective IP is blocked, you can log in to the management console Unblock by users .
The blocking threshold of the defense IP of the high defense IP instance of DDoS is equal to the maximum actually purchased. Defense peak . DDoS High Defense IP comes in many different specifications.
The blocking period is 2 hours by default. The actual duration can be up to 24 hours, depending on the triggering times and peak attack bandwidth.
The duration of the blocking period is influenced by the following elements:
- Whether the attack continues. If the attack continues, the blocking time will be extended, and the blocking time will be recalculated from the extended time.
- Whether the attacks are frequent or not. Users who are attacked frequently have a higher probability of continuous attack, and the blocking time will be automatically extended.
- Attack the size of Traffic. For users attacked by super-large Traffic, the blocking time will be automatically extended.
For individual users who block too frequently, Tencent Cloud reserves the right to extend the blocking time and lower the blocking threshold.
Why is it plugged?
Tencent Cloud reduces cloud costs by sharing infrastructure, and all users share Tencent Cloud's public network, egress. When a big Traffic attack occurs, in addition to affecting the object to be attacked, Tencent Cloud's entire network may be affected. In order to prevent the attack from affecting other unattacked users and ensure the stability of the entire cloud platform network, it is necessary to block it.
Why not provide free unlimited anti-attack?
DDoS attacks not only affect the victims, but also have a serious impact on the entire cloud network, affecting other unattacked users in the cloud. The cost of DDoS defense is very high, one is bandwidth cost, the other is cleaning cost. The biggest cost is bandwidth cost. Bandwidth cost is calculated on the basis of total traffic and will not consider the differential charge for normal Traffic or attacking Traffic.
Therefore, although Tencent Cloud can afford limited free DDoS Basic service for all users, we have to block inbound public network traffic of the targeted servers when attack traffic exceeds the free quota.
For more information about blocking, see Blocking-related FAQs .