AntiDDos.Service
Element Description
The AntiDDos.Service element is a traffic cleaning service that can prevent DDoS attacks against Elastic IP Address (EIP).
Element Properties
|
Property |
Required |
Descripiton |
|---|---|---|
|
cleaningAccessPos |
Yes |
ID of the access restriction segment during cleaning Type: integer Value Description: Supports an integer ranging from 1 to 8. A larger value indicates a larger number of new connections of a single source IP address and a larger total number of connections of a single source IP address during cleaning. Default: 8 Suggestion: Set the value based on specifications and requirements. |
|
trafficPos |
Yes |
Traffic segment ID Type: integer Value Description: Supports an integer ranging from 1 to 9. A larger value indicates a larger threshold for the traffic volume per second and a larger threshold for the number of packets per second. Default: 9 Suggestion: Set the value based on specifications and requirements. |
|
appType |
Yes |
Application type ID Type: integer Value Description: Supports 0 and 1. If the UDP protocol or a common application is used, the value is 0. If the TCP protocol or a web application is used, the value is 1. Default: 1 Suggestion: Set the value based on specifications and requirements. |
|
httpRequestPos |
Yes |
HTTP request quantity segment ID Type: integer Value Description: Supports an integer ranging from 1 to 15. A larger value indicates a larger threshold for the number of HTTP requests per second. Default: 1 Suggestion: Set the value based on specifications and requirements. |
|
floatingIpId |
Yes |
User EIP ID Type: string Value Description: Supports the ID of an existing or new public elastic IP address. To use the ID of a new public elastic IP address, you need to add the publicIP field to the ECS.CloudServer or CCE.NodePool element in the template and establish the dependency relationship. Suggestion: 1. Use the get_attribute function to obtain the ID of the elastic public IP address created by the template. 2. On the public elastic IP address page (https://console.huaweicloud.com/vpc?&locale=en-us), obtain the ID of the created IP address. |
|
enableL7 |
Yes |
Whether to enable L7 protection Type: boolean Value Description: Supports true or false. If this parameter is set to true, L7 protection is enabled. Default: False Suggestion: Set the value based on specifications and requirements. |
Relationships Between Elements
None.
Return Value
None.
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
ecs-name:
default: "my-cloudserver"
label: ECS
description: "VM name"
ecs-image:
default: "327946b5-e954-42c3-949a-3312688c9269"
label: ECS
description: "VM image"
ecs-flavor:
default: "c1.medium"
label: ECS
description: "VM specifications"
ecs-volumetype:
default: SATA
label: ECS
description: "VM disk type"
ecs-count:
default: 1
label: ECS
description: "Number of VMs"
az:
default: "cn-north-1a"
label: ECS
description: "Belonged AZ"
subnet-name:
default: "my-ecs-subnet2"
label: ECS
description: "Subnet name"
subnet-gateway:
default: "192.168.1.1"
label: ECS
description: "Subnet gateway"
vpc-name:
default: "my-ecs-vpkvc2"
label: ECS
description: "VPC name"
vpc-cidr:
default: "192.168.0.0/16"
label: ECS
description: "CIDR address of a VPC"
ads-enableL7:
type: boolean
default: true
label: AntiDDos
description: "Whether to enable Layer 7 protection"
ads-trafficPos:
type: integer
default: 9
label: AntiDDos
description: "Traffic segment ID"
ads-httpRequestPos:
type: integer
default: 1
label: AntiDDos
description: "HTTP request quantity segment ID"
ads-cleaningAccessPos:
type: integer
default: 8
label: AntiDDos
description: "ID of the access restriction segment during traffic cleaning"
ads-appType:
type: integer
default: 1
label: AntiDDos
description: "Application type ID"
node_templates:
my-ecs:
type: HuaweiCloud.ECS.CloudServer
properties:
name: {get_input: ecs-name}
instances: {get_input: ecs-count}
imageId: {get_input: ecs-image}
flavor: {get_input: ecs-flavor}
vpcId: {get_attribute: [my-subnet, vpcId]}
availabilityZone: {get_input: az}
nics:
- subnetId: {get_attribute: [my-subnet, refID]}
rootVolume:
volumeType: {get_input: ecs-volumetype}
dataVolumes:
- volumeType: SATA
size: 100
publicIP:
eip:
ipType: 5_bgp
bandwidth:
size: 100
shareType: PER
requirements:
- nics.subnetId:
node: my-subnet
my-subnet:
type: HuaweiCloud.VPC.Subnet
properties:
name: {get_input: subnet-name}
cidr: {get_input: vpc-cidr}
gateway: {get_input: subnet-gateway}
dnsList: [114.114.114.115, 114.114.114.114]
vpcId: {get_attribute: [my-vpc,refID]}
availabilityZone: {get_input: az}
requirements:
- vpcId:
node: my-vpc
my-vpc:
type: HuaweiCloud.VPC.VPC
properties:
name: {get_input: vpc-name}
cidr: {get_input: vpc-cidr}
policies:
my-antiddos:
type: HuaweiCloud.AntiDDos.Service # Enable anti-DDoS protection for EIP.
properties:
enableL7: {get_input: ads-enableL7}
trafficPos: {get_input: ads-trafficPos}
httpRequestPos : {get_input: ads-httpRequestPos}
cleaningAccessPos: {get_input: ads-cleaningAccessPos}
appType: {get_input: ads-appType}
floatingIpId: {get_attribute: [my-ecs, floatingIpId]}
targets: [my-ecs]
outputs:
ecs-id:
value: {get_attribute: [my-ecs, refID]}
description: "ECS ID"
vpc-id:
value: {get_attribute: [my-vpc, refID]}
description: "VPC ID"
subnet-id:
value: {get_attribute: [my-subnet, refID]}
description: "SUBNET ID"
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
