If the service traffic of an asset that is assigned with a public IP address exceeds the normal service traffic, Anti-DDoS Origin scrubs the attack traffic to ensure service availability. This topic describes how to configure a traffic scrubbing threshold.

Background information

Anti-DDoS Origin uses artificial intelligence (AI) to analyze and scrub attack traffic. You can configure a traffic scrubbing threshold based on your normal service traffic. Then, Anti-DDoS Origin uses the big data capabilities provided by Alibaba Cloud to learn the normal service traffic and uses algorithms to identify DDoS attacks.

Anti-DDoS Origin scrubs attack traffic only when Anti-DDoS Origin identifies DDoS attacks and the attack traffic reaches the traffic scrubbing threshold that you configure. This prevents traffic scrubbing by mistake due to a fixed traffic scrubbing threshold. For example, if your normal service traffic fluctuates and exceeds the fixed traffic scrubbing threshold, traffic scrubbing may be triggered by mistake.

Procedure

  1. Log on to the Traffic Security console.
  2. In the left-side navigation pane, click Assets.
  3. In the top navigation bar, select the region of your asset.
  4. In the IP address asset list, click the IP address for which you want to configure a traffic scrubbing threshold.
  5. In the IP Address Details panel, click Cleaning Settings.
  6. In the Cleaning Settings dialog box, specify Cleaning threshold for the IP address and click OK.
    You can set Cleaning threshold to one of the following values to configure a traffic scrubbing threshold:
    • Default: Anti-DDoS Origin adjusts the traffic scrubbing threshold based on the throughput of your ECS instance.
    • Manual setting: You can select a specific threshold that includes Traffic and Packets per Second.
      Note If DDoS attacks are detected and the throughput or the packets per second (pps) reaches the selected value, traffic scrubbing is triggered.
      If you select Manual setting, take note of the following items:
      • Configure a traffic scrubbing threshold that is slightly greater than the actual throughput and pps. If the threshold is significantly greater than the actual throughput or pps, the protection effect is compromised. If the threshold is significantly less than the actual throughput or pps, normal traffic may be scrubbed.
      • If normal traffic is scrubbed, we recommend that you increase the traffic scrubbing threshold.
      • During large promotions or activities for a website, we recommend that you increase the traffic scrubbing threshold.