This section describes how to configure global and interface-based
SIP flood attack defense.
Procedure
- Configure global SIP flood attack defense.
- In the user view, access the system view.
system-view
- Configure global SIP flood attack defense.
anti-ddos sip-flood source-detect [ alert-rate alert-rate ]
If the rate of SIP
packets reaches alert-rate, the global SIP flood attack defense
is triggered. alert-rate is an integer ranging from 1 to 80000000,
in pps. The default value is 2000.
The defense threshold
can be automatically learned or manually configured. For details about
the threshold learning configuration, see Configuring Threshold Learning.
- Configure interface-based SIP flood attack defense.
- In the user view, access the system view.
system-view
- Access the interface view.
interface interface-type interface-number
- Configure interface-based SIP flood attack defense.
anti-ddos sip-flood source-detect [ alert-rate alert-rate ]
If the rate of SIP
packets reaches alert-rate, the interface-based SIP flood attack
defense is triggered. alert-rate is an integer ranging from
1 to 80000000, in pps. The default value is 500000.
The automatically learned attack defense
threshold applies only to global DDoS attack defense and not to interface-based
DDoS attack defense. Therefore, the threshold for interface-based
SIP flood attack defense must be manually configured using the anti-ddos sip-flood source-detect command.