Anti-DDoS:Enable the Automatic (NetFlow) mode

Procedure

1. Log on to the Traffic Security console.

2. In the left-side navigation pane, click Assets.

3. In the top navigation bar, select the region in which your asset resides.

4. On the Assets page, click the CIDR Block of Data Center tab.

   The CIDR Block of Data Center tab displays the IP addresses of anti-DDoS diversion instances you purchased in the current region. If you have not purchased an anti-DDoS diversion instance or the anti-DDoS diversion instance that you purchased is not in the current region, no data is displayed.

5. Find the instance that you want to manage and click Start Traffic Rerouting in the Actions column. In the Start Traffic Rerouting dialog box, click OK.

6. In the Diversion Mode column, click the icon to the right of Automatic and configure the parameters.

   • Automatic:

     If the inbound bandwidth or packets consecutively exceed the threshold for the specified number of times, the system automatically reroutes traffic to the instance.

     If you select this option, you must configure other parameters, including Stop Mode.

     Important

     Before you enable the Automatic (NetFlow) mode, make sure that you have provided the NetFlow information about your server for Alibaba Cloud.

     Parameter	Description
     Traffic Rate	The threshold of inbound bandwidth. Unit: Mbit/s. Minimum value: 100.
     Packet Rate (pps)	The threshold of inbound packets. Unit: kilo packets per second (Kpps). Minimum value: 10.
     Consecutive	If the inbound bandwidth or packets consecutively exceed the threshold for the specified number of times, the system automatically reroutes traffic to the instance. The specified number of times is the value of this parameter.
     Stop Mode	The mode used to stop traffic rerouting to the instance. Valid values: Manually Stop: If the DDoS attacks stop, you must manually disable traffic rerouting to the instance. This is the default value. Automatic Stop: If the DDoS attacks stop, the system no longer reroutes traffic to the instance from the time you specified. If you select this option, you must configure the following parameters: Time Zone: the time zone of your server. The time zone must be in the GMT-hh:mm format. For example, the value GMT-08:00 indicates that the time zone is UTC+8. Stop Time: the time from which the system no longer reroutes traffic to the instance. The time must be in the 24-hour clock and in the hh:mm format. We recommend that you set this parameter to a value that is defined as off-peak hours. If the system detects that DDoS attacks stop, the system no longer reroutes traffic to the instance from the time you specified.

   • Manual: If DDoS attacks are detected on your server in a data center, you must manually enable traffic rerouting to the instance. After the DDoS attacks stop, you must manually disable traffic rerouting to the instance.

7. Click OK.

   After the Automatic (NetFlow) mode is enabled, if the inbound bandwidth or packets consecutively exceed the threshold for the specified number of times, the system automatically reroutes traffic to the instance. You can view the protection status of the instance on the CIDR Block of Data Center tab of the Assets page. For more information, see Enable traffic rerouting to an anti-DDoS diversion instance.

Related API operations

• SetInstanceModeOnDemand

• CreateSchedruleOnDemand

• QuerySchedruleOnDemand

• ConfigSchedruleOnDemand

• DeleteSchedruleOnDemand