If an AntiDDoS is deployed in off-line mode, traffic diversion can be implemented only after the detecting device and cleaning device are added to the same defense group. By default, all detecting and cleaning devices are added to the same defense group.
Defense Group Overview
The detecting device and cleaning device can be added to a defense group. In a defense group, the detecting device reports anomaly traffic to the ATIC Management center, and the ATIC Management center delivers a traffic diversion task to the cleaning device. Then the cleaning device performs traffic diversion and cleaning.
When two or more detecting devices exist on the network, add them into a defense group and select a working mode, load redundancy or load sharing.
NOTE: If a detecting device not in any defense group detects abnormal traffic, the device will divert the traffic to cleaning devices that do not belong to any defense group.
Management Operation
| Create | Click  to create a defense group.
For details, see Creating a Defense Group. |
| Modify | Click  of the defense group to
be modified to modify the defense group. |
| Delete |
|
| View |
|
Creating a Defense Group
Devices that serve as cleaning devices or detecting devices have been discovered and synchronized.
- Choose .
- On the Defense Group List page, click .
- Set the basic parameters of the defense group.
For details, see Table 1.
Table 1 Defense Group parameters Parameter Description Value Name Indicates the name of the defense group. The collector name contains a maximum of 64 characters.It can contain letters, digits and special characters "_","-","*","?","!","=","+","@". The value cannot be null (case insensitive).
Detecting Mode Indicates the detecting mode when two or more detecting devices work together. If two or more detecting devices are adopted for collaboration, you need to select the value of this parameter. In other cases, skip this item.
The following detecting modes are available:
Load Sharing
In load sharing mode, all detecting devices detect traffic collectively. This mode applies to heavy traffic scenarios and poses high requirements on device performance. Reports cover the total traffic of all detecting devices.
Load Redundancy
In load redundancy mode, detecting devices detect the same traffic (by mirroring or optical splitting), improving detection reliability. Reports cover the traffic of only one of the detecting devices.
Description Indicates remarks information for identifying a defense group. The value contains a maximum of 255 characters. - Select devices to be added
to the defense group.
- In the Select Device group box, click
. - On the Select Device page that is displayed,
select the check box of an device and click OK.
After successfully added, the device is displayed in the device list on the Create Defense Group page.
NOTE: - Each device can be added to only one defense group.
- In the device list, you can select an device and click
to delete the device; you
can select the check box on the title bar and click to delete all devices.
- In the Select Device group box, click
- On the Create Defense Group page, click OK.
Configuring Coordinated Traffic Diversion
When multiple layers of defense groups are deployed on various locations of the network, you can associate downstream defense groups with upstream ones for coordinated traffic diversion. After coordinated traffic diversion is enabled, once the downstream defense groups detect traffic anomalies, the ATIC can enable the upstream defense groups to perform traffic diversion and defense.
- Choose .
- Select the defense groups and click
. - Set related parameters on the Configure upstream coordination page.
- Upstream coordination: You can enable or disable upstream coordination.
- Coordinated upstream defense group: Choose a defense group from the drop-down list as the coordinated upstream device.
- Click OK.