Updated on 2023-08-11 GMT+08:00

AntiDDos.Service

Element Description

The AntiDDos.Service element is a traffic cleaning service that can prevent DDoS attacks against Elastic IP Address (EIP).

Element Properties

Table 1 Property Description

Property

Required

Descripiton

cleaningAccessPos

Yes

ID of the access restriction segment during cleaning

Type: integer

Value Description: Supports an integer ranging from 1 to 8. A larger value indicates a larger number of new connections of a single source IP address and a larger total number of connections of a single source IP address during cleaning.

Default: 8

Suggestion: Set the value based on specifications and requirements.

trafficPos

Yes

Traffic segment ID

Type: integer

Value Description: Supports an integer ranging from 1 to 9. A larger value indicates a larger threshold for the traffic volume per second and a larger threshold for the number of packets per second.

Default: 9

Suggestion: Set the value based on specifications and requirements.

appType

Yes

Application type ID

Type: integer

Value Description: Supports 0 and 1. If the UDP protocol or a common application is used, the value is 0. If the TCP protocol or a web application is used, the value is 1.

Default: 1

Suggestion: Set the value based on specifications and requirements.

httpRequestPos

Yes

HTTP request quantity segment ID

Type: integer

Value Description: Supports an integer ranging from 1 to 15. A larger value indicates a larger threshold for the number of HTTP requests per second.

Default: 1

Suggestion: Set the value based on specifications and requirements.

floatingIpId

Yes

User EIP ID

Type: string

Value Description: Supports the ID of an existing or new public elastic IP address. To use the ID of a new public elastic IP address, you need to add the publicIP field to the ECS.CloudServer or CCE.NodePool element in the template and establish the dependency relationship.

Suggestion: 1. Use the get_attribute function to obtain the ID of the elastic public IP address created by the template. 2. On the public elastic IP address page (https://console.huaweicloud.com/vpc?&locale=en-us), obtain the ID of the created IP address.

enableL7

Yes

Whether to enable L7 protection

Type: boolean

Value Description: Supports true or false. If this parameter is set to true, L7 protection is enabled.

Default: False

Suggestion: Set the value based on specifications and requirements.

Relationships Between Elements

None.

Return Value

None.

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  ecs-name:
    default: "my-cloudserver"
    label: ECS
    description: "VM name"
  ecs-image:
    default: "327946b5-e954-42c3-949a-3312688c9269"
    label: ECS
    description: "VM image"
  ecs-flavor:
    default: "c1.medium"
    label: ECS
    description: "VM specifications"
  ecs-volumetype:
    default: SATA
    label: ECS
    description: "VM disk type"
  ecs-count:
    default: 1
    label: ECS
    description: "Number of VMs"
  az:
    default: "cn-north-1a"
    label: ECS
    description: "Belonged AZ"
  subnet-name:
    default: "my-ecs-subnet2"
    label: ECS
    description: "Subnet name"
  subnet-gateway:
    default: "192.168.1.1"
    label: ECS
    description: "Subnet gateway"
  vpc-name:
    default: "my-ecs-vpkvc2"
    label: ECS
    description: "VPC name"
  vpc-cidr:
    default: "192.168.0.0/16"
    label: ECS
    description: "CIDR address of a VPC"
  ads-enableL7:  
    type: boolean
    default: true
    label: AntiDDos
    description: "Whether to enable Layer 7 protection"
  ads-trafficPos:
    type: integer
    default: 9
    label: AntiDDos
    description: "Traffic segment ID"
  ads-httpRequestPos:
    type: integer
    default: 1
    label: AntiDDos
    description: "HTTP request quantity segment ID"
  ads-cleaningAccessPos:
    type: integer
    default: 8
    label: AntiDDos
    description: "ID of the access restriction segment during traffic cleaning"
  ads-appType:
    type: integer
    default: 1
    label: AntiDDos
    description: "Application type ID"
node_templates:
  my-ecs:
    type: HuaweiCloud.ECS.CloudServer
    properties:
      name: {get_input: ecs-name}
      instances: {get_input: ecs-count}
      imageId: {get_input: ecs-image}
      flavor: {get_input: ecs-flavor}
      vpcId: {get_attribute: [my-subnet, vpcId]}
      availabilityZone: {get_input: az}
      nics:
        - subnetId: {get_attribute: [my-subnet, refID]}
      rootVolume: 
        volumeType: {get_input: ecs-volumetype}
      dataVolumes:
        - volumeType: SATA
          size: 100
      publicIP:
        eip:
          ipType: 5_bgp
          bandwidth:
            size: 100
            shareType: PER
    requirements:
      - nics.subnetId:
          node: my-subnet
  my-subnet:   
    type: HuaweiCloud.VPC.Subnet
    properties:
      name: {get_input: subnet-name}
      cidr: {get_input: vpc-cidr}
      gateway: {get_input: subnet-gateway}
      dnsList: [114.114.114.115, 114.114.114.114]
      vpcId: {get_attribute: [my-vpc,refID]}
      availabilityZone: {get_input: az}
    requirements:
      - vpcId:
          node: my-vpc
  my-vpc:      
    type: HuaweiCloud.VPC.VPC
    properties:
      name: {get_input: vpc-name}
      cidr: {get_input: vpc-cidr}
policies: 
  my-antiddos:
    type: HuaweiCloud.AntiDDos.Service   # Enable anti-DDoS protection for EIP.
    properties:
      enableL7: {get_input: ads-enableL7}
      trafficPos: {get_input: ads-trafficPos}
      httpRequestPos : {get_input: ads-httpRequestPos}
      cleaningAccessPos: {get_input: ads-cleaningAccessPos}
      appType: {get_input: ads-appType}
      floatingIpId: {get_attribute: [my-ecs, floatingIpId]}
    targets: [my-ecs]
outputs:
  ecs-id: 
    value: {get_attribute: [my-ecs, refID]}
    description: "ECS ID"
  vpc-id: 
    value: {get_attribute: [my-vpc, refID]}
    description: "VPC ID"
  subnet-id: 
    value: {get_attribute: [my-subnet, refID]}
    description: "SUBNET ID"