All Products
Search

This Product

    Anti-DDoS:Configure a traffic scrubbing threshold

    Document Center

    Anti-DDoS:Configure a traffic scrubbing threshold

    Last Updated:Oct 16, 2024

    If the service traffic of an asset that is assigned with a public IP address exceeds the normal service traffic, Anti-DDoS Origin scrubs the attack traffic to ensure service availability. This topic describes how to configure a traffic scrubbing threshold.

    Background information

    Anti-DDoS Origin uses artificial intelligence (AI) to analyze and scrub attack traffic. You can configure a traffic scrubbing threshold based on your normal service traffic. Then, Anti-DDoS Origin uses the big data capabilities provided by Alibaba Cloud to learn the normal service traffic and uses algorithms to identify DDoS attacks.

    Anti-DDoS Origin scrubs attack traffic only when Anti-DDoS Origin identifies DDoS attacks and the attack traffic reaches the traffic scrubbing threshold that you configure. This prevents traffic scrubbing by mistake due to a fixed traffic scrubbing threshold. For example, if your normal service traffic fluctuates and exceeds the fixed traffic scrubbing threshold, traffic scrubbing may be triggered by mistake.

    Important

    After configuring the traffic scrubbing threshold, if your cloud services experience a downgrade and the new default threshold is lower than your configured threshold, the default threshold will be adopted.

    Configure a traffic scrubbing threshold for one asset

    1. Log on to the Traffic Security console.

    2. In the left-side navigation pane, click Assets.

    3. In the top navigation bar, select the region in which your asset resides.

    4. Click the tab based on the type of assets that you want to manage. For example, you can click ECS.

      Note

      On the Others tab, you can configure anti-DDoS diversion instances. You cannot configure traffic scrubbing on this tab. For more information, see Enable traffic rerouting to an anti-DDoS diversion instance.

    5. In the IP address asset list, click the IP address that you want to manage. In the IP Address Details panel, click Traffic Scrubbing Settings.

    6. In the Traffic Scrubbing Settings dialog box, specify Scrubbing Threshold for the IP address and click OK.

      You can set the Scrubbing Threshold parameter to one of the following values to configure a traffic scrubbing threshold:

      • Default: Anti-DDoS Origin adjusts the traffic scrubbing threshold based on the throughput of your Elastic Compute Service (ECS) instance.

      • Manual: You can select specific thresholds based on bits per second (bps) and packets per second (pps).

        Note

        If DDoS attacks are detected and the bps or the pps reaches the selected thresholds, traffic scrubbing is triggered.

        If you select Manual, take note of the following items:

        • Configure a traffic scrubbing threshold that is slightly greater than the actual bps and pps. If the threshold is significantly greater than the actual bps or pps, the protection effect is compromised. If the threshold is significantly less than the actual bps or pps, normal traffic may be scrubbed.

        • If service traffic is scrubbed, we recommend that you increase the traffic scrubbing threshold.

        • During large promotions or activities for a website, we recommend that you increase the traffic scrubbing threshold.

    Configure a traffic scrubbing threshold for multiple assets

    1. Log on to the Traffic Security console.

    2. In the top navigation bar, select the resource group to which the instance belongs and the region in which the instance resides.

      • Anti-DDoS Origin 1.0 (Subscription) instance: Select the region in which the instance resides.

      • Anti-DDoS Origin 2.0 (Subscription) instance and Anti-DDoS Origin 2.0 (Pay-as-you-go) instance: Select All Regions.

    3. In the left-side navigation pane, choose Network Security > Anti-DDoS Origin > Protected Objects.

    4. In the top navigation bar, select an Anti-DDoS Origin instance and click Scrubbing Threshold Adjustment.

      image

    5. On the Scrubbing Threshold page, select the IP addresses of the assets, then set bps-based and pps-based thresholds.

      1. BPS-based threshold: The threshold must be no more than 1.5 times the bits per second of the instance's public bandwidth, and no less than 60 Mbit/s.

      2. PPS-based threshold: The threshold must be no more than 1.5 times the packets per second (pps) of the instance's public bandwidth, and no less than 60 packets per second (pps).

      Important

      • You cannot adjust the scrubbing thresholds for multiple elastic IP addresses (EIPs) with Anti-DDoS Proxy Enabled. You can only modify the scrubbing threshold for an EIP on the Assets page.

      • You can adjust the traffic scrubbing thresholds for up to 500 IP addresses at a time.

      • We recommend you to select assets that are under the same cloud service and have the same scrubbing threshold in a single operation.

      • After completing the configuration, you can view the results. If the threshold for any cloud asset or IP address fails to adjust, you will receive guidance explaining the reason for the configuration failure.