anti-ddos auto-defend none-session enable

Function

The anti-ddos auto-defend none-session enable command enables dynamic traffic limiting for packet loss-based traffic attack defense.

The undo anti-ddos auto-defend none-session enable command disables dynamic traffic limiting for packet loss-based traffic attack defense.

Format

anti-ddos auto-defend none-session enable

undo anti-ddos auto-defend none-session enable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

By default, dynamic traffic limiting for packet loss-based traffic attack defense is disabled.

Traffic attacks against which dynamic traffic limiting defends are classified into session type and packet loss type. Traffic attacks of packet loss type are further classified as follows:

Session type: Sessions are established for the attack flows. There are few attack flows, but the rate of each flow is high.
Packet loss type: Attack traffic is discarded by the FW. There are few attack flows, but the number of packets discarded per second calculated by the system is large.
Packet loss type: Attack traffic is discarded by the FW. The attack flows have the same 3-tuple and a low rate. The total number of discarded packets calculated by the system is large.

If dynamic traffic limiting for packet loss-based traffic attack defense is enabled and the traffic rate reaches the specified threshold, traffic limiting is performed on the attack traffic based on the CAR value configured with the anti-ddos auto-defend car car-value command to reduce the MPU CPU usage.

Example

# Enable dynamic traffic limiting for packet loss-based traffic attack defense.

<sysname> system-view
[sysname] anti-ddos auto-defend none-session enable