All Products
Search

This Product

    Anti-DDoS:Configure traffic scrubbing thresholds

    Document Center

    Anti-DDoS:Configure traffic scrubbing thresholds

    Last Updated:Dec 31, 2024

    When the traffic of your cloud service reaches the scrubbing threshold, Anti-DDoS Origin initiates traffic scrubbing to maximize the availability of your services. This topic explains how to set a traffic scrubbing threshold.

    What is traffic scrubbing?

    Traffic scrubbing is the process of real-time monitoring, analysis, and filtering of network traffic during a DDoS attack. Anti-DDoS Origin distinguishes between malicious and normal traffic, blocking or discarding the former to ensure the normal operation of the server and the availability of network services.

    Beyond the configured Traffic Scrubbing Thresholds in packets per second (PPS) and bits per second (BPS), Anti-DDoS Origin also uses AI-based intelligent analysis. By leveraging the big data capabilities of Alibaba Cloud, Anti-DDoS Origin learns the baseline of your business traffic and uses algorithms to identify abnormal attacks. Traffic scrubbing activates only when AI analysis detects a DDoS attack and traffic reaches the set BPS or PPS thresholds, thereby preventing false positives from normal traffic fluctuations.

    Configuration types

    Anti-DDoS Origin offers both default and customizable scrubbing thresholds.

    Default scrubbing thresholds

    Alibaba Cloud dynamically adjusts the default scrubbing thresholds for various cloud services based on traffic loads, considering the following factors:

    • Instance specifications and public bandwidth: For services like Elastic Compute Service (ECS) and NAT Gateway, Alibaba Cloud calculates the default thresholds by evaluating the cloud service specifications and purchased public bandwidth. For more information, see Cloud service specifications and scrubbing thresholds.

    • Platform stability and resource allocation: To ensure the stable operation of the entire platform and prevent attacks on one service from affecting others, Alibaba Cloud calculates the default thresholds by considering the total platform resources, current load conditions, and historical attack data. This approach aims to maintain reasonable resource allocation and platform stability during attacks.

    Note

    The default thresholds are typically the maximum you can set. You may lower them based on your business needs.

    Custom scrubbing thresholds

    Custom thresholds allow you to define the conditions for initiating traffic scrubbing based on your specific business requirements, network environment, and security policies.

    Configuration notes

    Recommendations

    Set scrubbing thresholds slightly above your actual traffic levels. If the thresholds are too high, traffic scrubbing might not activate effectively to protect against attacks. If set too low, unnecessary scrubbing may trigger, disrupting normal access.

    For financial services with high security needs, critical government systems, or small websites that have faced infrequent yet intense attacks, consider lowering thresholds during stable traffic periods to remain vigilant against small volumes of malicious traffic. Conversely, during events such as limited-time sales, gaming tournaments, or peak streaming times, increase the thresholds to avoid false positives due to traffic spikes.

    Precautions

    After customizing scrubbing thresholds, these thresholds may either change or remain unchanged when you upgrade or downgrade cloud services.

    • Upgrades: Custom thresholds take precedence, while the scrubbing thresholds remain unchanged.

    • Downgrades:

      • If the default threshold post-downgrade is lower than the custom threshold, the default applies, and the custom setting becomes invalid. Future changes will follow the default.

      • If the default threshold post-downgrade is higher than the custom threshold, the custom setting prevails, and the threshold remains unchanged.

    Configure the scrubbing threshold for a single asset

    1. Go to the Assets page of the Traffic Security console. In the top navigation bar, select the region of your asset.

    2. Navigate to the cloud service you want to manage, such as ECS.

      Note

      The CIDR Block of Data Center and Private Addresses tabs are not configurable for traffic scrubbing.

    3. In the asset list, select the desired IP. Then, in the IP Address Details panel, click Traffic Scrubbing Settings.

    4. In the Traffic Scrubbing Settings panel, set the Traffic Scrubbing Threshold for the target instance and click OK.

      • Default: The system automatically adjusts the scrubbing thresholds in response to the traffic load of the cloud service.

      • Manual:

        • BPS threshold: Must not exceed 1.5 times the current public bandwidth of the instance and be at least 60 Mbit/s.

        • PPS threshold: Must not exceed 1.5 times the current PPS specification of the instance and be at least 12,000 packets/s.

    Batch configure scrubbing thresholds for assets

    1. Go to the Protected Objects page of the Traffic Security console.

    2. In the top navigation bar, select the resource group to which the instances belong and the region in which the instances reside.

      • Anti-DDoS Origin 1.0 (Subscription) instances: Select the region in which the instance resides.

      • Anti-DDoS Origin 2.0 (Subscription) and Anti-DDoS Origin 2.0 (Pay-as-you-go) instances: Select All Regions.

    3. In the top navigation bar, select the Anti-DDoS Origin instance and click Batch Adjust Traffic Scrubbing Thresholds.image

    4. On the Traffic Scrubbing Threshold tab, select IPs and batch configure the BPS and PPS traffic scrubbing thresholds.

      1. BPS threshold: Must be no more than 1.5 times the public bandwidth of the instance, and no less than 60 Mbit/s.

      2. PPS threshold: Must be no more than 1.5 times the current PPS specification of the instance, and no less than 60 packets/s.

      Important

      • You cannot adjust the scrubbing thresholds for multiple elastic IP addresses (EIPs) with Anti-DDoS Proxy Enabled. You can only modify the scrubbing threshold for an EIP on the Assets page.

      • You can adjust the traffic scrubbing thresholds for up to 500 IP addresses at a time.

      • We recommend you select assets that are under the same cloud service and have the same scrubbing threshold in a single operation.

      • After completing the configuration, you can view the results. If the threshold for any cloud asset or IP address fails to adjust, you will receive guidance explaining the reason for the configuration failure.