UNDER ATTACK? CALL US

Introduction to NTA Automatic Diversion

Por adminEm NTAPostou
Network management interface with policy settings displayed.

NTA supports configuring automatic diversion for Region/IP Group traffic alerts and Region/IP Group DDoS attack alerts. There are different diversion methods for various scenarios, including ADS Diversion, Flowspec Diversion, BGP Diversion, and Null-Route Diversion

For the Region/IP Group traffic alert, the following conditions must be met to perform automatic diversion after the alert is triggered:

  • Diversion is configured in the Traffic Diversion Rule -> Region/IP Group Diversion Policy.
Red circular no entry sign with a white horizontal bar.
  • The alert level matches the diversion level specified in the Region/IP Group Traffic Alert for the corresponding Alert Type. If the Divert Traffic of Medium-level Alert is configured in the Diversion Level, low-level alerts will not be automatically diverted.
Red circular no entry sign with a white horizontal bar.

For example, when the configuration is as follows:

  • Traffic Diversion Rule -> IP Group Diversion Policy -> Diversion Policy for Abnormal Inbound IP Group Traffic is configured for BGP diversion.
Red circular no entry sign with a white horizontal bar.

Ÿ   No Diversion is configured in IP Group Traffic Alert -> IP GROUP INBOUND TRAFFIC ABNORMAL -> Diversion Level.

Red circular no entry sign with a white horizontal bar.

Result: The traffic alert generated in the Inbound direction of this IP group will not be automatically diverted because the Diversion Level configuration is No Diversion, so any level of alert that triggers this IP group Inbound Traffic Alert will not be automatically diverted.

For the Region/IP Group DDoS Attack alert, the following conditions must be met to perform automatic diversion after the alert is triggered:

  • Diversion is configured in the Traffic Diversion Rule -> IP Diversion Policy. When there are multiple diversion policies in the IP Diversion Policy, the one on top has the highest priority. Policy priorities can be manually set. Once a policy is hit, the system quits matching against other policies.
Red circular no entry sign with a white horizontal bar.

  • The alert level matches the diversion level specified in the Region/IP Group DDoS Attack Alert for the corresponding Alert Type. If the Divert Traffic of Medium-level Alert is configured in the Diversion Level, low-level alerts will not be automatically diverted.
Red circular no entry sign with a white horizontal bar.

IP diversion policy priority and match order: IP Group > Region > Global (Configuration in Configuration -> Global Divert Settings -> Default Diversion Configuration). Once a policy is hit, the system quits matching against other policies.

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.