Configuring Tiered Scheduling Policies
If you enabled auto AAD when purchasing CNAD Unlimited Protection Basic, you can configure a tiered scheduling policy to automatically engage AAD for cloud resources protected by CNAD Unlimited Protection Basic.
Working Principles
Figure 1 shows how does CNAD Advanced automatically start AAD.
Prerequisites
The protected object has been connected to AAD.
Constraints
- Auto AAD protects only the cloud resources protected by CNAD.
- You need to configure different origin server IP addresses for CNAD Advanced and AAD.
- Currently, the Anti-DDoS scheduling center does not support IPv6 addresses.
For details about how to configure the origin server IP address, see Step 1: Configuring a Protected Domain Name (Website Services).
Procedure
- Log in to the management console.
- Hover the mouse over the Service List icon, choose Security & Compliance > Anti-DDoS, and click Advanced Anti-DDoS.
- In the displayed DDoS Migration Center page, choose DDoS Scheduling Center > Tiered Scheduling.
- In the upper left corner of the tiered scheduling list, click Create Rule.
- In the dialog box that is displayed, set scheduling rule parameters. Parameters are listed in Table 1.
Figure 2 Creating a scheduling rule
Table 1 Scheduling rule parameters Parameter
Description
Name
Name of the scheduling rule.
NOTE:A maximum of 10 cloud resource IP addresses can be added to a rule. If you purchased N rules, a maximum of N x 10 cloud resource IP addresses can be added.
Scheduling Group
Site, IP address, and scheduling group where the rule belongs to. IP address resolution starts from the group 1 and is performed by group. IP addresses in the same group will be resolved at the same time.
Default group: 1
NOTE:- A blocked IP address in a group will be skipped.
- If all IP addresses in a group are blocked, the system will automatically start resolution for the next group. If no IP address in any group is available, the system starts AAD.
- Only resources (such as ECS, EIP, ELB, and WAF) of cloud native anti-DDoS objects can be added.
Auto AAD
- CNAD only: AAD will not be started to defend your servers against large volumetric DDoS traffic.
- CNAD and AAD: If you have purchased AAD, it will be started for large volumetric DDoS traffic.
CAUTION:
The origin server IP address configured in AAD cannot be the same as the IP address in the tiered scheduling group. Otherwise, when the IP address in the tiered scheduling group is blocked, the back-to-origin IP address is also blocked and services cannot be recovered.
- Click OK.
Related Operations
- To delete a rule, click Delete in the Operation column of the row containing the target scheduling rule.
- To view the details of a rule, click View Details in the Operation column of the row containing the target scheduling rule.
- In the Basic Information area, click
to modify the scheduling rule name and whether to enable joint scheduling. - Click Add Resource. In the displayed dialog box, you can modify, add, or delete the cloud resource IP address.
- In the row containing the target resource, click Delete in the Operation column. You can also select the cloud resource to be deleted and click Delete in the upper left corner of the list to delete cloud resources in batches.
- In the Basic Information area, click
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
