Real-time statistics about traffic destined to a specified IP address is collected for comparison with the threshold every second. When the traffic of a specified IP address exceeds the blackhole threshold, the corresponding blackhole action is triggered.
Procedure
- Configure a RESTful server.
- Configure the notification mode of second-level blackhole event.
- Enable the RESTful API.
- Set the blackhole mode of the Zone.
- Enable the second-level blackhole.
- Choose Defense > Policy Settings > Zone.
- Click
of the Zone. - In the Defense Policy dialog box, configure a blackhole policy. Table 1 lists related parameters.
Table 1 Blackhole parameter configuration Parameter
Description
Second-Level Blackhole
Select Enabled.
Threshold (Mbit/s)
Set the blackhole threshold. When the traffic exceeds the value of Threshold, enable the corresponding blackhole type for defense.
Type
Set the blackhole type to LPU blackhole.
NOTE:- To implement the blackhole function through the third-party non-DamDDoS system, you are advised to enable the blackhole function locally and set the blackhole type to LPU blackhole. Upon receiving heavy traffic, the local cleaning device blocks the traffic at the fastest speed, alleviating the network bandwidth pressure to a certain extent.
- Click OK.
- Ensure that the function of sending second-level blackhole syslogs to the log center (such as the log buffer and log host) is disabled. If the function is enabled, disable it.
Run the following command to disable the function:
undo anti-ddos host-traffic-overflow syslog enable