Skip to content

Alibaba Cloud DDoS New BGP High Defense

The display Metrics of Alibaba Cloud DDoS New BGP High Defense include attack protection capability, cleaning capability, response time, and reliability. These Metrics reflect the performance and credibility of the New BGP High Defense service when dealing with large-scale DDoS attacks.

Configuration

Install Func

It is recommended to activate Guance Integration - Extension - DataFlux Func (Automata): All prerequisites will be automatically installed. Please continue with the script installation.

If you deploy Func yourself, refer to Self-deployed Func

Install Func

It is recommended to activate Guance Integration - Extension - DataFlux Func (Automata)

If you deploy Func yourself, refer to Self-deployed Func

Enable Script

Note: Please prepare an Alibaba Cloud AK that meets the requirements in advance (for simplicity, you can directly grant global read-only permission ReadOnlyAccess).

Enable Script for Managed Version

  1. Log in to the Guance console.
  2. Click on the 【Integration】 menu and select 【Cloud Account Management】.
  3. Click 【Add Cloud Account】, choose 【Alibaba Cloud】, and fill in the required information on the interface. If you have already configured cloud account information, skip this step.
  4. Click 【Test】. After a successful test, click 【Save】. If the test fails, check whether the related configuration information is correct and retest.
  5. In the 【Cloud Account Management】 list, you can see the added cloud accounts. Click the corresponding cloud account to enter the details page.
  6. Click the 【Integration】 button on the cloud account details page. In the Not Installed list, find Alibaba Cloud DDoS New BGP High Defense, click the 【Install】 button, and follow the prompts to complete the installation.

Manual Enable Script

  1. Log in to the Func console, click 【Script Market】, enter the official script market, and search for: guance_aliyun_ddoscoo.

  2. After clicking 【Install】, input the corresponding parameters: Alibaba Cloud AK ID, AK Secret, and account name.

  3. Click 【Deploy Start Script】, and the system will automatically create a Startup Measurement and configure the corresponding start script automatically.

  4. After enabling, you can see the corresponding automatic trigger configuration in 「Management / Automatic Trigger Configuration」. Click 【Execute】 to run it immediately without waiting for the scheduled time. Wait a moment, and you can view the execution task records and corresponding logs.

We default collect some configurations, details see the Metrics section.

Configure Custom Cloud Object Metrics

Verification

  1. In 「Management / Automatic Trigger Configuration」, confirm whether the corresponding task has the corresponding automatic trigger configuration. You can also check the corresponding task records and logs for any anomalies.
  2. In Guance, under 「Infrastructure / Custom」, check if there is asset information.
  3. In Guance, under 「Metrics」, check if there are corresponding monitoring data.

Metrics

After configuring Alibaba Cloud - Cloud Monitoring, the default Measurement is as follows. You can collect more Metrics through configuration. Alibaba Cloud Cloud Monitoring Metrics Details

MetricName Description Unit Dimensions
Active_connection Number of active connections count userId,InstanceId,ip
AttackTraffic Attack traffic of high-defense IP bit/s userId,InstanceId,ip
Back_Traffic Backsource traffic of high-defense IP bit/s userId,InstanceId,ip
In_Traffic Incoming traffic of high-defense IP bit/s userId,InstanceId,ip
Inactive_connection Number of inactive connections count userId,InstanceId,ip
New_connection Number of new connections count userId,InstanceId,ip
Out_Traffic Outgoing traffic of high-defense IP bit/s userId,InstanceId,ip
qps QPS countS userId,InstanceId,ip
qps_ratio_down QPS ratio decrease rate % userId,InstanceId,ip
qps_ratio_up QPS ratio increase rate % userId,InstanceId,ip
resp2xx 2XX status code count userId,InstanceId,ip
resp2xx_ratio Percentage of 2XX status codes % userId,InstanceId,ip
resp3xx 3XX status code count userId,InstanceId,ip
resp3xx_ratio Percentage of 3XX status codes % userId,InstanceId,ip
resp404 404 status code count userId,InstanceId,ip
resp404_ratio Percentage of 404 status codes % userId,InstanceId,ip
resp4xx 4XX status code count userId,InstanceId,ip
resp4xx_ratio Percentage of 4XX status codes % userId,InstanceId,ip
resp502 502 status code count userId,InstanceId,ip
resp503 503 status code count userId,InstanceId,ip
resp504 504 status code count userId,InstanceId,ip
resp5xx 5XX status code count userId,InstanceId,ip
resp5xx_ratio Percentage of 5XX status codes % userId,InstanceId,ip
upstream_resp2xx 2XX backsource status code count userId,InstanceId,ip
upstream_resp2xx_ratio Percentage of 2XX backsource status codes % userId,InstanceId,ip
upstream_resp3xx 3XX backsource status code count userId,InstanceId,ip
upstream_resp3xx_ratio Percentage of 3XX backsource status codes % userId,InstanceId,ip
upstream_resp4xx 4XX backsource status code count userId,InstanceId,ip
upstream_resp4xx_ratio Percentage of 4XX backsource status codes % userId,InstanceId,ip
upstream_resp5xx 5XX backsource status code count userId,InstanceId,ip
upstream_resp5xx_ratio Percentage of 5XX backsource status codes % userId,InstanceId,ip
upstream_resp404 404 backsource status code count userId,InstanceId,ip
upstream_resp404_ratio Percentage of 404 backsource status codes % userId,InstanceId,ip

Objects

The collected Alibaba Cloud DDoS New BGP High Defense object data structure can be seen in 「Infrastructure - Custom」.

{
  "measurement": "aliyun_ddoscoo",
  "tags": {
    "name"      : "rg-acfm2pz25js****",
    "InstanceId": "rg-acfm2pz25js****",
    "RegionId"  : "cn-hangzhou",
    "Status"    : "1",
    "Edition"   : "9",
    "IpVersion" : "Ipv4",
    "Enabled"   : "1"
  },
  "fields": {
    "ExpireTime": "1637812279000",
    "CreateTime": "1637812279000",
    "message"   : "{Instance JSON data}"
  }
}

Feedback

Is this page helpful? ×