Configure traffic scrubbing thresholds
When inbound traffic to your cloud product meets specific conditions, Anti-DDoS Basic scrubs it to ensure your services remain available. This topic describes how to configure traffic scrubbing thresholds.
What is traffic scrubbing
During a DDoS attack, traffic scrubbing uses Anti-DDoS Basic to monitor, analyze, and filter your network traffic in real time. It separates malicious traffic from legitimate traffic, then blocks or drops the malicious traffic. This process allows only legitimate traffic to reach your server, which ensures that your network services remain available.
Anti-DDoS Basic uses two methods to determine when to trigger traffic scrubbing: the BPS/PPS scrubbing thresholds that you configure and an AI-powered intelligent analysis. By leveraging Alibaba Cloud's big data capabilities, the system learns your service's traffic baseline and uses algorithms to identify attack patterns. Traffic scrubbing is triggered only when the AI analysis detects a DDoS attack and the inbound traffic exceeds your configured BPS or PPS threshold. This dual-check mechanism helps prevent false positives, which can occur if a normal traffic spike exceeds a fixed threshold.
Scrubbing thresholds
Anti-DDoS Basic allows you to use the default scrubbing threshold or configure a custom one.
Default scrubbing threshold
Alibaba Cloud dynamically adjusts the scrubbing threshold for each cloud product based on its traffic load. This adjustment is typically based on the following factors:
The default scrubbing threshold is typically the maximum value you can set. You can lower the threshold based on your actual business needs.
Custom scrubbing threshold
A custom scrubbing threshold allows you to customize the trigger conditions for traffic scrubbing based on your specific business requirements, network environment, and security policies.
Threshold recommendations and considerations
Recommendations
The scrubbing threshold should be set slightly higher than your normal traffic baseline. A threshold that is too high may not provide effective protection, while a threshold that is too low can trigger traffic scrubbing on normal traffic and affect legitimate access.
For example, you can lower the scrubbing threshold for high-security services like financial transactions, critical government systems, or small websites that have previously experienced low-volume, high-intensity attacks. This helps prevent the system from overlooking small amounts of malicious traffic during periods of stable traffic. Conversely, you can raise the threshold during promotional events, major gaming tournaments, or peak hours on ApsaraVideo Live. This helps avoid false positives caused by legitimate traffic spikes.
Considerations
After you set a custom scrubbing threshold:
If you upgrade a cloud product: The custom scrubbing threshold takes precedence and remains unchanged.
If you downgrade a cloud product:
If the new default scrubbing threshold after the downgrade is lower than your custom threshold, the setting reverts to the default, and your custom configuration is discarded. The scrubbing threshold will remain the default for any subsequent upgrades or downgrades.
If the new default scrubbing threshold after the downgrade is higher than your custom threshold, your custom threshold takes precedence and remains unchanged.
Adjust scrubbing threshold for a single asset
Go to the Assets page of the Traffic Security console. In the top navigation bar, select the region of your asset.
Click the tab for the target cloud product, such as ECS.
NoteScrubbing settings are not supported for assets on the CIDR Block of Data Center and Private Addresses tabs.
In the IP asset list, click the target IP address. In the IP Address Details panel, click Traffic Scrubbing Settings.
In the Traffic Scrubbing Settings panel, configure the Scrubbing Threshold and click OK.
Default: The system automatically adjusts the scrubbing threshold based on the cloud product's traffic load.
Manual:
Scrubbing Threshold (BPS): The threshold cannot exceed 1.5 times the public bandwidth of the instance and must be at least 60 Mbps.
Scrubbing Threshold (PPS): The threshold cannot exceed 1.5 times the PPS specification of the instance and must be at least 12,000 pps.
Adjust scrubbing thresholds for multiple assets
This feature is available only for Anti-DDoS Native.
Go to the Protected Objects page of the Traffic Security console.
In the top navigation bar, select the resource group to which the instances belong and the region in which the instances reside.
Anti-DDoS Origin 1.0 (Subscription) instances: Select the region in which the instance resides.
Anti-DDoS Origin 2.0 (Subscription) and Anti-DDoS Origin 2.0 (Pay-as-you-go) instances: Select All Regions.
At the top of the page, select an Anti-DDoS Native instance and click Batch Adjust Traffic Scrubbing Thresholds.
On the Scrubbing Threshold tab, select the IP addresses of the assets and set the BPS and PPS thresholds for the selected assets.
Scrubbing Threshold (BPS): The threshold cannot exceed 1.5 times the public bandwidth of the instance and must be at least 60 Mbps.
Scrubbing Threshold (PPS): The threshold cannot exceed 1.5 times the PPS specification of the instance and must be at least 12,000 pps.
ImportantAnti-DDoS Pro EIPs do not support batch modification of scrubbing thresholds. You can modify the scrubbing threshold for a single Anti-DDoS Pro EIP only on the Assets page.
You can adjust thresholds for up to 500 IP addresses at a time.
For batch configuration, select assets that belong to the same cloud product and have the same scrubbing threshold.
If the configuration of some assets fails, follow the instructions in the message to proceed.