Protection Level and Cleansing Threshold

Last updated: 2021-07-12 22:58:00

This document introduces the use cases of different protection levels and the actions Anti-DDoS Advanced (Global Enterprise Edition) takes to defend against DDoS attacks. You can follow this guide to set the DDoS protection levels in the console.

Use Cases

Anti-DDoS Advanced provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:

Protection LevelProtection ActionDescription
Loose
  • Filters SYN and ACK data packets with explicit attack attributes.
  • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
  • Filters UDP data packets with explicit attack attributes.
  • This cleansing policy is loose and only defends against explicit attack packets.
  • We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system.
  • Note:

    • If you need to use UDP in your business, please contact Tencent Cloud Technical Support to customize an ideal policy for not letting the level Strict affect normal business process.
    • The level Medium is chosen by default for your Anti-DDoS Advanced (Global Enterprise Edition) instance. You can set the DDoS protection level for your business needs and also the cleansing threshold. Attack traffic will be cleansed when it is detected higher than the threshold you set.

    Prerequisites

    You have purchased an [Anti-DDoS Advanced (Global Enterprise Edition)] instance and set your target to protect.

    Directions

    1. Log in to the Anti-DDoS Advanced (Global Enterprise Edition) Console and select Anti-DDoS Advanced -> Configurations on the left sidebar.

    2. Select an Anti-DDoS Advanced instance ID in the list on the left, such as "xxx.xx.xx.xx bgpip-000003n2".

    3. Set the "level" and "cleansing threshold" in the DDoS Protection block on the right.

      Note:

      If you have a clear concept about the threshold, set it as required. Otherwise leave it to the default value. Anti-DDoS will automatically learn through AI algorithms and calculate the default threshold for you.

    Parameter Description:
    - Level
    If the protection is enabled, the level Medium is chosen by default for your Anti-DDoS Advanced (Global Enterprise Edition) instance. You can adjust the DDoS protection level for your business needs.
    - Cleansing Threshold
    - This indicates a value to trigger cleansing. Cleansing will not be triggered by the traffic below the threshold you set even though it is found malicious.
    - If the protection is enabled, your Anti-DDoS Advanced instance will use the default cleansing threshold after your business is connected, and the system will generate a baseline based on historical patterns of your business traffic. You can also set the cleansing threshold for your business needs.