Configuring a Blackhole Policy Based on the Alarm Severity

Context

The ATIC alarm policy is implemented based on the traffic log statistics about an anti-DDoS device within the interval of 64 seconds. When the statistics on traffic destined to a Zone reaches the Critical level, the corresponding action is triggered. The delay for automatically executing the blackhole policy is 70 seconds.

Procedure

  1. Configure a blackhole API.
  2. Configure the notification mode of second-level blackhole event.
  3. Set the blackhole mode of the Zone.
  4. Configure the alarm action.
    1. Choose Defense > Policy Settings > Zone.
    2. Click .
    3. In the Alarm Policy dialog box, set parameters in the Critical area, and select Enable blackhole API from the shortcut menu for Action. Table 1 lists related parameters.
      Table 1 Action

      Parameter

      Description

      Enable blackhole API

      If Enable blackhole API is selected in the Critical area and the value of a parameter exceeds the threshold, this function is enabled.

      NOTE:

      The blackhole API is the DamDDoS API. To implement the blackhole function using the blocking service provided by the DamDDoS, set Action to Enable blackhole API.
    4. Click OK. The message "Succeeded in configuring the alarm severity rule" is displayed.
Parent topic: Dynamic Blackhole Policy
Copyright © Huawei Technologies Co., Ltd.