DDoS Protection Plans
The presented resiliency recommendations in this guidance include DDoS Protection Plans and associated resources and settings.
Summary of Recommendations
| Recommendation | Category | Impact | State | ARG Query Available |
|---|---|---|---|---|
| DDOS-1 - Monitor Azure DDoS Protection Plan metrics | Access & Security | Medium | Preview | No |
Definitions of states can be found here
Recommendations Details
DDOS-1 - Monitor Azure DDoS Protection Plan metrics
Category: Access & Security
Impact: Medium
Guidance
The metric names present different packet types, and bytes vs. packets, with a basic construct of tag names on each metric as follows:
- Dropped tag name (for example, Inbound Packets Dropped DDoS): The number of packets dropped/scrubbed by the DDoS protection system.
- Forwarded tag name (for example Inbound Packets Forwarded DDoS): The number of packets forwarded by the DDoS system to the destination VIP – traffic that wasn’t filtered.
- No tag name (for example Inbound Packets DDoS): The total number of packets that came into the scrubbing system – representing the sum of the packets dropped and forwarded.
Resources
Resource Graph Query
// under-development