Decapsulating a Blackhole Policy

Procedure

• Automatically decapsulating a blackhole policy
  

  After an action is performed on a specified IP address, the defense system cannot detect whether the attack is terminated because it cannot obtain traffic statistics about the IP address. In this method, the blackhole policy is automatically decapsulated based on the default encapsulation time.

  1. Configure the blackhole decapsulation time.
     1. Choose System > Data Maintenance > Service Data Maintenance.
     2. Click Modify and set Blackhole Duration(Minutes). Table 1 lists related parameters.

        

        Table 1 Blackhole parameter configuration

        Parameter	Description
        Blackhole Duration(Minutes)	By default, the decapsulation time is 30 minutes. The value is in the range from 2 to 600, in minutes.

     3. Click OK.

        The timing starts after the blackhole task is created. If the duration reaches the value of Blackhole Duration(Minutes), the ATIC automatically delivers the NP blocking policy to the anti-DDoS device to decapsulate the blackhole policy.

• Manually decapsulating a blackhole policy
  

  Dynamic and static blackhole policies (triggered based on the alarm severity and whether the second-level blackhole is enabled) can be manually decapsulated.

  1. Choose Defense > Policy Settings > Blackhole.
  2. Select the blackhole policy to be deleted and click Disable.

     

     

     1. You can click Enable to re-enable the disabled blackhole policy.
     2. You can also select the blackhole policy to be deleted and click Delete. The deleted blackhole policy cannot be re-enabled.