Updated on 2024-09-26 GMT+08:00

Configuring Tiered Scheduling Policies

If you enabled auto AAD when purchasing CNAD Unlimited Protection Basic, you can configure a tiered scheduling policy to automatically engage AAD for cloud resources protected by CNAD Unlimited Protection Basic.

Working Principles

Figure 1 shows how does CNAD Advanced automatically start AAD.

Figure 1 How auto AAD is started

Prerequisites

The protected object has been connected to AAD.

Constraints

  • Auto AAD protects only the cloud resources protected by CNAD.
  • You need to configure different origin server IP addresses for CNAD Advanced and AAD.
  • Currently, the Anti-DDoS scheduling center does not support IPv6 addresses.

For details about how to configure the origin server IP address, see Step 1: Configuring a Protected Domain Name (Website Services).

Procedure

  1. Log in to the management console.
  2. Hover the mouse over the Service List icon, choose Security & Compliance > Anti-DDoS, and click Advanced Anti-DDoS.
  3. In the displayed DDoS Migration Center page, choose DDoS Scheduling Center > Tiered Scheduling.
  4. In the upper left corner of the tiered scheduling list, click Create Rule.
  5. In the dialog box that is displayed, set scheduling rule parameters. Parameters are listed in Table 1.

    Figure 2 Creating a scheduling rule
    Table 1 Scheduling rule parameters

    Parameter

    Description

    Name

    Name of the scheduling rule.

    NOTE:

    A maximum of 10 cloud resource IP addresses can be added to a rule. If you purchased N rules, a maximum of N x 10 cloud resource IP addresses can be added.

    Scheduling Group

    Site, IP address, and scheduling group where the rule belongs to. IP address resolution starts from the group 1 and is performed by group. IP addresses in the same group will be resolved at the same time.

    Default group: 1

    NOTE:
    • A blocked IP address in a group will be skipped.
    • If all IP addresses in a group are blocked, the system will automatically start resolution for the next group. If no IP address in any group is available, the system starts AAD.
    • Only resources (such as ECS, EIP, ELB, and WAF) of cloud native anti-DDoS objects can be added.

    Auto AAD

    • CNAD only: AAD will not be started to defend your servers against large volumetric DDoS traffic.
    • CNAD and AAD: If you have purchased AAD, it will be started for large volumetric DDoS traffic.
      CAUTION:

      The origin server IP address configured in AAD cannot be the same as the IP address in the tiered scheduling group. Otherwise, when the IP address in the tiered scheduling group is blocked, the back-to-origin IP address is also blocked and services cannot be recovered.

  6. Click OK.

Related Operations

  • To delete a rule, click Delete in the Operation column of the row containing the target scheduling rule.
  • To view the details of a rule, click View Details in the Operation column of the row containing the target scheduling rule.
    • In the Basic Information area, click to modify the scheduling rule name and whether to enable joint scheduling.
    • Click Add Resource. In the displayed dialog box, you can modify, add, or delete the cloud resource IP address.
    • In the row containing the target resource, click Delete in the Operation column. You can also select the cloud resource to be deleted and click Delete in the upper left corner of the list to delete cloud resources in batches.