This section describes how to configure global and interface-based UDP flood attack defense.
system-view
anti-ddos udp-flood dynamic-fingerprint-learn [ alert-speed alert-speed ]
If the rate of UDP packets reaches alert-speed, the global UDP flood attack defense function is triggered. alert-speed is an integer ranging from 1 to 10240, in Mbit/s. The default value is 50.
The defense threshold can be automatically learned or manually configured. For details about the threshold learning configuration, see Configuring Threshold Learning.
anti-ddos udp-fingerprint-learn offset offset fingerprint-length fingerprint-length
offset is an integer ranging from 0 to 1500, in bytes. fingerprint-length is an integer ranging from 1 to 8.
By default, only the last eight bytes of a data segment are used for fingerprint learning.
anti-ddos udp-fingerprint-learn packet-length enable
The packet length learning function is enabled by default.
bandwidth-limit destination-ip type udp max-speed max-speed
max-speed is an integer ranging from 1 to 2000000, in Mbps.
After this function is configured, the FW collects the statistics on the UDP packets that arrive at each destination IP address. If the number of UDP packets that arrive at a destination IP address exceeds the maximum value, the FW discards excess packets.
firewall defend udp-flood base-session max-rate max-rate-number
max-rate-number is an integer ranging from 1 to 65535, in pps.
After this command is executed, the FW collects the statistics on the UDP packets over each session. If the rate of UDP packets over a session exceeds the maximum value, the FW discards excess packets.
system-view
interface interface-type interface-number
anti-ddos udp-flood relation-defend source-detect [ alert-speed alert-speed ]
If the rate of UDP packets reaches alert-speed, the interface-based UDP flood attack defense function is triggered. alert-speed is an integer ranging from 1 to 10240, in Mbit/s. The default value is 850.
The attack defense threshold learning applies only to global DDoS attack defense and not to interface-based DDoS attack defense. Therefore, the threshold for interface-based UDP flood attack defense must be configured using the anti-ddos udp-flood relation-defend source-detect command.
system-view
anti-ddos udp-frag-flood dynamic-fingerprint-learn [ alert-speed alert-speed ]
If the rate of UDP fragments reaches alert-speed, the global UDP fragment flood attack defense function is triggered. alert-speed is an integer ranging from 1 to 10240, in Mbit/s. The default value is 50.
The defense threshold can be automatically learned or manually configured. For details about the threshold learning configuration, see Configuring Threshold Learning.
system-view
interface interface-type interface-number
anti-ddos udp-frag-flood [ alert-speed alert-speed ]
If the rate of UDP fragment packets reaches alert-speed, the interface-based UDP fragment flood attack defense function is triggered. alert-speed is an integer ranging from 1 to 10240, in Mbit/s. The default value is 200.
The attack defense threshold learning applies only to global DDoS attack defense and not to interface-based DDoS attack defense. Therefore, the threshold for interface-based UDP fragment flood attack defense must be configured manually using the anti-ddos udp-frag-flood command.