< Home

Configuring Threshold Learning

Threshold learning provides a reference for the setting of the DDoS attack defense threshold.

Context

You can choose to automatically apply the learned threshold or manually configure the threshold based on the learned threshold.

The automatically learned attack defense threshold applies only to global DDoS attack defense and not to interface-based DDoS attack defense.

If the live network traffic is unknown, use the default values of attack defense parameters and then adjust them by using the threshold learning function as required.

Procedure

  1. In the user view, access the system view. 

    system-view

  2. Enable the threshold learning function. 

    anti-ddos baseline-learn start

    You are advised to enable the threshold learning for the global DDoS attack defense function so that you can configure a proper threshold.

  3. Configure threshold learning parameters.
    1. Configure the threshold learning duration. 

      anti-ddos baseline-learn learn-duration learn-duration

      learn-duration is an integer ranging from 1 to 1200000, in minutes. The default value is 1440 (24 hours).

    2. Configure the threshold learning cycle. 

      anti-ddos baseline-learn learn-interval learn-interval

      learn-interval is an integer ranging from 0 to 1200000, in minutes. The default value is 8640 (6 days).

    3. Configure the threshold learning mode as periodic learning. 

      anti-ddos baseline-learn mode loop

      By default, the threshold learning mode is one-off learning, that is, threshold learning is performed only once. If the threshold learning mode is configured as periodic learning, threshold learning will automatically go to the next cycle if one cycle is complete.

    4. Configure the threshold learning tolerance. 

      anti-ddos baseline-learn tolerance-value tolerance-value

      tolerance-value is an integer ranging from 0 to 4000, in percentage. The default value is 50.

      Actual threshold = Learned threshold x (1 + tolerance)

    5. Optional: Configure the learned threshold traffic as the total traffic. 

      anti-ddos baseline-learn type total

      After the anti-ddos baseline-learn type total command is run, the device learns the thresholds of all incoming traffic types and does not implement threshold learning when attacks occur.

      By default, the device learns traffic thresholds whether an attack occurs or not. When an attack occurs, the device learns only the threshold of normal traffic.

  4. Enable automatic application of the learned threshold. 

    anti-ddos baseline-learn apply

    By default, automatic application of the learned threshold is disabled. If automatic application of the learned threshold is disabled, the defense threshold must be manually configured.

  5. Optional: Apply the previous learned threshold. 

    anti-ddos baseline-learn apply-result

Parent Topic: Configuring DDoS Attack Defense
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic