Manual Chapter : Mitigate Device Issues During DDoS Attacks

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Mitigate Device Issues During DDoS Attacks

Detecting health issues in BIG-IP devices reporting DDoS attacks

BIG-IP services secure your protected objects from DDoS attacks, based on your security configuration and your DoS profile. It is important to ensure that the BIG-IP devices hosting these protection services have enough resources to withstand these attacks.
BIG-IP devices, or service scaling groups (SSG), receive a health score based on a configurable resource usage threshold (CPU, memory, throughput etc.). You can identify devices with low health that provide security services, to mitigate or monitor these resources to prevent issues with your system's performance.

Identify devices with low health managing DDoS attacks

Before you can display statistics and protected objects in the Devices screen, you must have:
  • A BIG-IQ data collection device configured for the BIG-IQ device
  • The BIG-IP device located in your network and running a compatible software version
  • Statistics collection enabled for managed BIG-IP devices
  • AVR provisioned on your BIG-IP devices
You can identify the BIG-IP device(s) that are experiencing performance issues during a DDoS attack. This information allows you to understand whether the health of your device can sustain DoS security services, and to identify necessary mitigation measures for your devices.
  1. Go to
    Protection Summary
  2. Click the DEVICES area in the summary bar at the top of the screen to display the list of devices with ongoing DoS attacks.
  3. To filter devices by their current health status, click
    , or
  4. To sort the displayed devices by CPU usage, in descending order, click TOP CPU USAGE/STRESS in the DEVICES area.
    The screen displays the resource usage and performance details for all devices that reported an attack.
  5. Note both the BIG-IP Hostname and device address so you can adjust the BIG-IP resources, as required.
You can monitor your device's health using the charts and data found in the Device Health screen (

Device health alerts

The device health alert notifies you of changes in device resource and throughput metric thresholds for your BIG-IP devices. To view your device health thresholds, go to the Alert Rules screen and select the default device rules (
Alert Rules
Default Thresholds
Action (if applicable)
Device Health
There has been a change in one or more of the of BIG-IP device health rule metrics.
One or more of the device resources and/or throughput measurements crossed a defined threshold, which may impact your BIG-IP device's performance.
For SSG devices: Customized rules per service scaling group.
For stand-alone BIG-IP devices: The default-active-device-health rules.
For SSG devices: A critical health status of your BIG-IP device might trigger a scale-out event. Investigate the active alerts for device metrics.
For stand-alone BIG-IP devices: Investigate BIG-IP devices with critical or moderate health to adjust or add resources.