This section allows you to disable or enable DDoS support for CGN.
To configure DDoS Protection:
On the Edit DDoS Protection page, update the required details and click Update.
The confirmation message is displayed.
|
Field |
Description |
|---|---|
|
DDoS Protection for NAT Pool |
Specify whether to enable or disable DDoS protection for CGN. |
|
DDoS Protection Logging |
Select whether to enable logging for DDoS protection events in CGN. When selective filtering identifies 2-tuples that are being flooded and drop the packets, A10 Control can log the number of packets over the threshold that are dropped. |
|
Logging Action |
Select whether DDoS mitigation for logging action is local, remote, or both.
|
|
Rate Limit Action for IP |
|
|
Threshold |
The packets-per-second threshold per IP. The default value is set to 3000000. |
|
Action Type |
The type of action Drop, Log, or Redistribute route. |
| Route Map |
A route map name. This field is enabled only when you select the Action Type field as redistribute route. |
|
Action Expiration Timer |
Set time to revert the action after pps is decreased to below threshold. By default, the expiration time is set to 3600 seconds. |
|
Remove Wait Time |
Set time after which the IP will be removed from the blackhole. |
|
Max Timer Multipliers |
Set the maximum value of timer multiplier for attacks lasted long time. By default, the maximum value of timer multiplier is set to 6. |
|
Rate Limit Action for TCP |
|
|
Threshold |
The packets-per-second threshold per TCP port. By default, the value is set to 3000. |
|
Action Type |
The type of action Drop or Log. |
|
Action Expiration Timer |
Set time to revert the action after pps is decreased to below threshold. By default, the expiration time is set to 30 seconds. |
|
Rate Limit Action for UDP |
|
|
Threshold |
The packets-per-second threshold per UDP port. By default, value is set to 3000. |
|
Action Type |
The type of action Drop or Log. |
|
Action Expiration Timer |
Set time to revert the action after pps is decreased to below threshold. By default, the expiration time is set to 30 seconds. |
|
Rate Limit Action for Other L4 Protocols |
|
|
Threshold |
The configured packets-per-second threshold per L4 Protocols. By default, the value is set to 10000. |
|
Action Type |
The type of action Drop or Log. |
|
Action Expiration Timer |
Set time to revert the action after pps is decreased to below threshold. By default, the expiration time is set to 30 seconds. |
|
Additional Actions |
|
|
Including Existing Session |
The count of the traffic associated with the existing session in packets-per-second. By default, the value is set to disabled. |
|
Disable NAT by Zone |
The disabled NAT IP based on DDoS zone name set in BGP. |