Manual Chapter :
Mitigate Device Issues During DDoS Attacks
Applies To:
Show Versions
BIG-IQ Centralized Management
- 7.1.0
Mitigate Device Issues During DDoS Attacks
Detecting health issues in BIG-IP devices reporting DDoS attacks
BIG-IP services secure your protected objects from DDoS attacks, based
on your security configuration and your DoS profile. It is important to ensure that the
BIG-IP devices hosting these protection services have enough resources to withstand these
attacks.
BIG-IP devices, or service scaling groups (SSG), receive a health score
based on a configurable resource usage threshold (CPU, memory, throughput etc.). You can
identify devices with low health that provide security services, to mitigate or monitor
these resources to prevent issues with your system's performance.
Identify devices with low health managing DDoS attacks
Before you can display statistics and protected objects
in the Devices screen, you must have:
- A BIG-IQ data collection device configured for the BIG-IQ device
- The BIG-IP device located in your network and running a compatible software version
- Statistics collection enabled for managed BIG-IP devices
- AVR provisioned on your BIG-IP devices
You can identify the BIG-IP device(s) that
are experiencing performance issues during a DDoS attack. This information allows you to
understand whether the health of your device can sustain DoS security services, and to
identify necessary mitigation measures for your devices.
- Go to .
- Click the DEVICES area in the summary bar at the top of the screen to display the list of devices with ongoing DoS attacks.
- To filter devices by their current health status, clickCritical,Moderate, orGood.
- To sort the displayed devices by CPU usage, in descending order, click TOP CPU USAGE/STRESS in the DEVICES area.The screen displays the resource usage and performance details for all devices that reported an attack.
- Note both the BIG-IP Hostname and device address so you can adjust the BIG-IP resources, as required.
You can monitor your device's health using
the charts and data found in the Device Health screen ().
Device health alerts
The device health alert notifies you of changes in device resource and throughput metric thresholds for your BIG-IP devices. To view your device health thresholds, go to the Alert Rules screen and select the default device rules (.
Alert | Description | Indication | Default Thresholds | Action (if applicable) |
|---|---|---|---|---|
Device Health | There has been a change in one or more of the of BIG-IP device health rule metrics. | One or more of the device resources and/or throughput measurements crossed a defined threshold, which may impact your BIG-IP device's performance. | For SSG devices: Customized rules per service scaling group. For stand-alone BIG-IP devices: The default-active-device-health rules. | For SSG devices: A critical health status of your BIG-IP device might trigger a scale-out event. Investigate the active alerts for device metrics. For stand-alone BIG-IP devices: Investigate BIG-IP devices with critical or moderate health to adjust or add resources. |
