Dynamic Blackhole Policy

The blackhole policy is dynamically triggered based on real-time statistics about traffic destined to a specific IP address.

Context

The dynamic blackhole policy is triggered based on the alarm severity of the blackhole and whether the second-level blackhole is enabled.

When the dynamic blackhole policy is automatically decapsulated and the value of Scheduled unblocking time defined in the blackhole API is reached, the blackhole policy is disabled and the blackhole task is deleted.

Procedure

Set the blackhole mode of the Zone.

In this case, the blackhole mode must be set to Automatic.
1. Choose Defense > Policy Settings > Zone.
2. Click of the Zone.
3. In the Defense Policy dialog box, configure a blackhole policy. Table 1 lists related parameters.
  
  Table 1 Blackhole parameter configuration
  Parameter
  
  Description
  
  Black hole mode
  
  Select Automatic.
4. Click OK.

**Table 1** Blackhole parameter configuration
Parameter	Description
Black hole mode	Select Automatic.

Configuring a Blackhole Policy Based on the Alarm Severity
Enabling the Second-Level Blackhole
Real-time statistics about traffic destined to a specified IP address is collected for comparison with the threshold every second. When the traffic of a specified IP address exceeds the blackhole threshold, the corresponding blackhole action is triggered.

Parent topic: Executing a Blackhole Policy on the DamDDoS