When the traffic of your cloud service reaches the scrubbing threshold, Anti-DDoS Basic initiates traffic scrubbing to maximize the availability of your services. This topic explains how to set a traffic scrubbing threshold.
What is traffic scrubbing?
Traffic scrubbing is the process of real-time monitoring, analysis, and filtering of network traffic during a DDoS attack. Anti-DDoS Basic distinguishes between malicious and normal traffic, blocking or discarding the former to ensure the normal operation of the server and the availability of network services.
Beyond the configured Traffic Scrubbing Thresholds in packets per second (PPS) and bits per second (BPS), Anti-DDoS Basic also uses AI-based intelligent analysis. By leveraging the big data capabilities of Alibaba Cloud, Anti-DDoS Basic learns the baseline of your business traffic and uses algorithms to identify abnormal attacks. Traffic scrubbing activates only when AI analysis detects a DDoS attack and traffic reaches the set BPS or PPS thresholds, thereby preventing false positives from normal traffic fluctuations.
Configuration types
Anti-DDoS Basic offers both default and customizable scrubbing thresholds.
Default scrubbing thresholds
Alibaba Cloud dynamically adjusts the default scrubbing thresholds for various cloud services based on traffic loads, considering the following factors:
The default thresholds are typically the maximum you can set. You may lower them based on your business needs.
Custom scrubbing thresholds
Custom thresholds allow you to define the conditions for initiating traffic scrubbing based on your specific business requirements, network environment, and security policies.
Configuration notes
Recommendations
Set scrubbing thresholds slightly above your actual traffic levels. If the thresholds are too high, traffic scrubbing might not activate effectively to protect against attacks. If set too low, unnecessary scrubbing may trigger, disrupting normal access.
For financial services with high security needs, critical government systems, or small websites that have faced infrequent yet intense attacks, consider lowering thresholds during stable traffic periods to remain vigilant against small volumes of malicious traffic. Conversely, during events such as limited-time sales, gaming tournaments, or peak streaming times, increase the thresholds to avoid false positives due to traffic spikes.
Precautions
After customizing scrubbing thresholds, these thresholds may either change or remain unchanged when you upgrade or downgrade cloud services.
Upgrades: Custom thresholds take precedence, while the scrubbing thresholds remain unchanged despite the upgrade.
Downgrades:
If the default threshold post-downgrade is lower than the custom threshold, the default applies, and the custom setting becomes invalid. Future changes will follow the default.
If the default threshold post-downgrade is higher than the custom threshold, the custom setting prevails, and the threshold remains unchanged.
Procedure
Go to the Assets page of the Traffic Security console. In the top navigation bar, select the region of your asset.
Navigate to the cloud service you want to manage, such as ECS.
NoteThe CIDR Block of Data Center and Private Addresses tabs are not configurable for traffic scrubbing.
In the asset list, select the desired IP. Then, in the IP Address Details panel, click Traffic Scrubbing Settings.
In the Traffic Scrubbing Settings panel, set the Traffic Scrubbing Threshold for the target instance and click OK.
Default: The system automatically adjusts the scrubbing thresholds in response to the traffic load of the cloud service.
Manual:
BPS threshold: Must not exceed 1.5 times the current public bandwidth of the instance and be at least 60 Mbit/s.
PPS threshold: Must not exceed 1.5 times the current PPS specification of the instance and be at least 12,000 packets/s.