Configuring a Blackhole Policy Based on the Alarm Severity

Context

The ATIC alarm policy is implemented based on the traffic log statistics about an anti-DDoS device within the interval of 64 seconds. When the statistics on traffic destined to a Zone reaches the Critical level, the corresponding action is triggered. The delay for automatically executing the blackhole policy is 70 seconds.

Procedure

  1. Configure a RESTful server.
  2. Configure the notification mode of second-level blackhole event.
  3. Enable the RESTful API.
  4. Set the blackhole mode of the Zone.
  5. Configure the alarm action.
    1. Choose Defense > Policy Settings > Zone.
    2. Click .
    3. In the Alarm Policy dialog box, set parameters in the Critical area, and set the blackhole action. Table 1 lists related parameters.
      Table 1 Action

      Parameter

      Description

      Enable LPU blackhole

      If Enable LPU blackhole is selected in the Critical area and the value of a parameter exceeds the threshold, this function is enabled.

      NOTE:
      1. To implement the blackhole function through the third-party non-DamDDoS system, you are advised to enable the blackhole function locally and set the blackhole type to Enable LPU blackhole. Upon receiving heavy traffic, the local cleaning device blocks the traffic at the fastest speed, alleviating the network bandwidth pressure to a certain extent.
    4. Click OK. The message "Succeeded in configuring the alarm severity rule" is displayed.
Parent topic: Dynamic Blackhole
Copyright © Huawei Technologies Co., Ltd.