anti-ddos server-flow-statistic enable

Function

Using the anti-ddos server-flow-statistic enable command, you can enable the interface-based server traffic statistics function.

Using the undo anti-ddos server-flow-statistic enable command, you can disable the interface-based server traffic statistics function.

Format

anti-ddos server-flow-statistic enable

undo anti-ddos server-flow-statistic enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

By default, the function is disabled.

DNS cache server defense is applicable to the in-line/off-line bidirectional traffic diversion scenario where both upstream and downstream traffic passes through the AntiDDoS. During the defense, if certain functions provided by the AntiDDoS need to be used, with this command configured on the interface of the detecting/cleaning device, the system identifies that the traffic comes from the protected server, securing DNS defense. Functions are as follows:

  • DNS unknown domain name packets ratio check
  • DNS cache poisoning attack defense
  • DNS reflection attack defense
  • Dynamic DNS cache
  • Statistics on DNS reply packet attacks upon the DNS cache server

The interface enabled with this command is the inbound interface on the detecting/cleaning device where the traffic sent from the protected DNS cache server destines.

Example

# Enable the interface-based server traffic statistics function.

<sysname> system-view
[sysname] interface GigabitEthernet 1/0/0
[sysname-GigabitEthernet1/0/0] anti-ddos server-flow-statistic enable
Copyright © Huawei Technologies Co., Ltd.