Cloud Cleaning

Cloud cleaning ensures the availability of the entire network by connecting to the cloud cleaning service provider for upstream traffic cleaning based on alarm policy settings in case of network faults caused by massive attack traffic.

Before you configure cloud cleaning, ensure that you have contracted the service from the cloud cleaning service provider.

Configuring Cloud Cleaning Policies

  1. Choose Defense > Policy Settings > Cloud Clean

  2. Click and specify a cloud cleaning service provider in Configure.

    Operation Parameter Description
    Cloud Clean Configure Service provider
    • Cloud Mitigation Alliance
    • None
    Cleaning mode
    • Auto: When traffic exceeds the threshold, a cloud cleaning policy is automatically generated and implemented.
    • Manual: When traffic exceeds the threshold, a cloud cleaning policy is generated but not automatically implemented. You need to manually implement the cloud cleaning policy.
    IP state

    Top N traffic statistics are collected based on the status of IP addresses.

    • Exception/Attack: Top N traffic statistics are collected based on abnormal/attack IP addresses.
    • All: Top N traffic statistics are collected based on all IP addresses.
    Single IP incoming traffic threshold Top N traffic statistics are collected if the incoming traffic to the destination IP address reaches the threshold.
    Incoming traffic TOPN Set the top N value.
    IP white list Cloud cleaning is not implemented for whitelisted IP addresses.
    Single Device Threshold Device The cloud cleaning service is triggered when the incoming traffic reaches the configured threshold.
    Threshold
    Parameter Settings Defense action

    Supported only by Cloud Mitigation Alliance

    • Clean
    • Block
    Automatic releasing time Set the aging time of the cloud cleaning service.
    URL Set the cloud service address provided by the ISP.
    Auth Account

    Set the user name that the cloud service provider provides for users.

    Auth key Set the cloud service password.

    The passwords must meet the minimum complexity requirement. That is, the passwords must contain at least three of the following, including upper-case letters (A to Z), lower-case letters (a to z), digits (0 to 9), and special characters (such as !, #, $, and %). You must change the passwords periodically.
  3. Click OK.

  4. After the configuration is complete, if the incoming traffic exceeds the threshold, the cloud cleaning policy is automatically triggered.

    You can also manually implement the cloud cleaning policy by selecting the check box of the cloud cleaning policy in Cloud Clean Policy List and clicking above the list.

Adding Static Cloud Cleaning Policies

  1. You can click in Cloud Clean Policy List to manually add static cloud cleaning policies.

    Parameter Description
    Service provider

    Cloud Mitigation Alliance
    IP/Mask

    Set the destination IP address and subnet mask to which the cloud cleaning policy is applied.

    • If Defense action is set to Clean, you can enter an IP address segment with a 24-bit mask.
    • If Defense action is set to Block, you must enter a single IP address with a 32-bit mask.
    Defense action
    • Clean
    • Block

    Manually added cloud cleaning policies cannot be automatically cleared. You need to manually delete them from the Cloud Clean Policy List.

  2. Click OK.
Parent topic: Configuring the Zone-based Defense Policy
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.