AntiDDos.Service
Element Description
The AntiDDos.Service element is a traffic cleaning service that can prevent DDoS attacks against Elastic IP Address (EIP).
Element Properties
|
Property |
Required |
Descripiton |
|---|---|---|
|
cleaningAccessPos |
Yes |
ID of the access restriction segment during cleaning Type: integer Value Description: Supports an integer ranging from 1 to 8. A larger value indicates a larger number of new connections of a single source IP address and a larger total number of connections of a single source IP address during cleaning. Default: 8 Suggestion: Set the value based on specifications and requirements. |
|
trafficPos |
Yes |
Traffic segment ID Type: integer Value Description: Supports an integer ranging from 1 to 9. A larger value indicates a larger threshold for the traffic volume per second and a larger threshold for the number of packets per second. Default: 9 Suggestion: Set the value based on specifications and requirements. |
|
appType |
Yes |
Application type ID Type: integer Value Description: Supports 0 and 1. If the UDP protocol or a common application is used, the value is 0. If the TCP protocol or a web application is used, the value is 1. Default: 1 Suggestion: Set the value based on specifications and requirements. |
|
httpRequestPos |
Yes |
HTTP request quantity segment ID Type: integer Value Description: Supports an integer ranging from 1 to 15. A larger value indicates a larger threshold for the number of HTTP requests per second. Default: 1 Suggestion: Set the value based on specifications and requirements. |
|
floatingIpId |
Yes |
User EIP ID Type: string Value Description: Supports the ID of an existing or new public elastic IP address. To use the ID of a new public elastic IP address, you need to add the publicIP field to the ECS.CloudServer or CCE.NodePool element in the template and establish the dependency relationship. Suggestion: 1. Use the get_attribute function to obtain the ID of the elastic public IP address created by the template. 2. On the public elastic IP address page (https://console.huaweicloud.com/vpc?&locale=en-us), obtain the ID of the created IP address. |
|
enableL7 |
Yes |
Whether to enable L7 protection Type: boolean Value Description: Supports true or false. If this parameter is set to true, L7 protection is enabled. Default: False Suggestion: Set the value based on specifications and requirements. |
Relationships Between Elements
None.
Return Value
None.
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
ecs-name:
default: "my-cloudserver"
label: ECS
description: "VM name"
ecs-image:
default: "327946b5-e954-42c3-949a-3312688c9269"
label: ECS
description: "VM image"
ecs-flavor:
default: "c1.medium"
label: ECS
description: "VM specifications"
ecs-volumetype:
default: SATA
label: ECS
description: "VM disk type"
ecs-count:
default: 1
label: ECS
description: "Number of VMs"
az:
default: "cn-north-1a"
label: ECS
description: "Belonged AZ"
subnet-name:
default: "my-ecs-subnet2"
label: ECS
description: "Subnet name"
subnet-gateway:
default: "192.168.1.1"
label: ECS
description: "Subnet gateway"
vpc-name:
default: "my-ecs-vpkvc2"
label: ECS
description: "VPC name"
vpc-cidr:
default: "192.168.0.0/16"
label: ECS
description: "CIDR address of a VPC"
ads-enableL7:
type: boolean
default: true
label: AntiDDos
description: "Whether to enable Layer 7 protection"
ads-trafficPos:
type: integer
default: 9
label: AntiDDos
description: "Traffic segment ID"
ads-httpRequestPos:
type: integer
default: 1
label: AntiDDos
description: "HTTP request quantity segment ID"
ads-cleaningAccessPos:
type: integer
default: 8
label: AntiDDos
description: "ID of the access restriction segment during traffic cleaning"
ads-appType:
type: integer
default: 1
label: AntiDDos
description: "Application type ID"
node_templates:
my-ecs:
type: HuaweiCloud.ECS.CloudServer
properties:
name: {get_input: ecs-name}
instances: {get_input: ecs-count}
imageId: {get_input: ecs-image}
flavor: {get_input: ecs-flavor}
vpcId: {get_attribute: [my-subnet, vpcId]}
availabilityZone: {get_input: az}
nics:
- subnetId: {get_attribute: [my-subnet, refID]}
rootVolume:
volumeType: {get_input: ecs-volumetype}
dataVolumes:
- volumeType: SATA
size: 100
publicIP:
eip:
ipType: 5_bgp
bandwidth:
size: 100
shareType: PER
requirements:
- nics.subnetId:
node: my-subnet
my-subnet:
type: HuaweiCloud.VPC.Subnet
properties:
name: {get_input: subnet-name}
cidr: {get_input: vpc-cidr}
gateway: {get_input: subnet-gateway}
dnsList: [114.114.114.115, 114.114.114.114]
vpcId: {get_attribute: [my-vpc,refID]}
availabilityZone: {get_input: az}
requirements:
- vpcId:
node: my-vpc
my-vpc:
type: HuaweiCloud.VPC.VPC
properties:
name: {get_input: vpc-name}
cidr: {get_input: vpc-cidr}
policies:
my-antiddos:
type: HuaweiCloud.AntiDDos.Service # Enable anti-DDoS protection for EIP.
properties:
enableL7: {get_input: ads-enableL7}
trafficPos: {get_input: ads-trafficPos}
httpRequestPos : {get_input: ads-httpRequestPos}
cleaningAccessPos: {get_input: ads-cleaningAccessPos}
appType: {get_input: ads-appType}
floatingIpId: {get_attribute: [my-ecs, floatingIpId]}
targets: [my-ecs]
outputs:
ecs-id:
value: {get_attribute: [my-ecs, refID]}
description: "ECS ID"
vpc-id:
value: {get_attribute: [my-vpc, refID]}
description: "VPC ID"
subnet-id:
value: {get_attribute: [my-subnet, refID]}
description: "SUBNET ID"
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
