feature:TSG-20222:Delete ddos_event config and add stat_policy_enforcer, policy_sketch, traffic_sketch configs.

2024-04-01 15:44:54 +08:00
parent 826cc23bbb
commit b0e33fff15
4 changed files with 32 additions and 26 deletions
--- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
@@ -1,8 +1,5 @@
 [platform]
 ./plug/stellar_on_sapp/start_loader.inf
-{{- if eq .Values.ddos_event.enable .Values.define_enable_val_yes }}
-./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf
-{{- end }}

 [protocol]
 {{- if eq .Values.decoders.SOCKS .Values.define_enable_val_yes }}
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -141,20 +141,6 @@ debug_swtich=30
 intput_max_packet=20
 qmdpi_engine_config=injection_mode=stream;nb_workers={{- include "traffic-engine.sapp.workerthread" . }};nb_flows=8000;basic_dpi_enable=1;classification_cache_enable=0;fm_flow_table_alloc_mode=0

-[TSG_DDOS_SKETCH]
-debug_swtich=30
-en_screen=1
-throughput=1
-mv_depth=4
-mv_width=13660
-timestemp=5
-max_report_num=5000
-min_report_num=0
-tcp_flood_thresh="{{ .Values.ddos_event.tcp_traffic_report_ratio }}"
-udp_flood_thresh="{{ .Values.ddos_event.udp_traffic_report_ratio }}"
-icmp_flood_thresh="{{ .Values.ddos_event.icmp_traffic_report_ratio }}"
-dns_flood_thresh="{{ .Values.ddos_event.dns_traffic_report_ratio }}"
-
 [TRAFFIC_MIRROR]
 {{- if eq .Values.traffic_mirror.enable_raw_traffic .Values.define_enable_val_yes }}
 TRAFFIC_MIRROR_ENABLE=1
@@ -183,7 +169,7 @@ POLICY_CYCLE_NUM_SUBMIT=4

 {{ if eq .Values.dos_protector.enable .Values.define_enable_val_yes -}}
 [DOS_PROTECTOR]
-SWARMKV_CLUSTER_NAME="tsg-dos-protector"
+SWARMKV_CLUSTER_NAME="tsg-ddos-vsys{{ .Values.vsys_id }}"
 SWARMKV_NODE_IP="0.0.0.0"
 SWARMKV_NODE_PORT=8551
 SWARMKV_CONSUL_IP="NODE_IP_LOCATION"
--- a/ansible/roles/traffic-engine/files/helm/conf/spec.toml
+++ b/ansible/roles/traffic-engine/files/helm/conf/spec.toml
@@ -44,4 +44,25 @@ exit = "context_based_detector_destroy"
 path = "./stellar_plugin/dos_protector.so"
 init = "dos_protector_init"
 exit = "dos_protector_deinit"
+{{- end }}
+
+{{ if eq .Values.stat_policy_enforcer.enable .Values.define_enable_val_yes -}}
+[[plugin]]
+path = "./stellar_plugin/stat_policy_enforcer.so"
+init = "STATISTICS_INIT"
+exit = "STATISTICS_EXIT"
+{{- end }}
+
+{{ if eq .Values.traffic_sketch.enable .Values.define_enable_val_yes -}}
+[[plugin]]
+path = "./stellar_plugin/traffic_sketch.so"
+init = "TRAFFIC_SKETCH_INIT"
+exit = "TRAFFIC_SKETCH_EXIT"
+{{- end }}
+
+{{ if eq .Values.policy_sketch.enable .Values.define_enable_val_yes -}}
+[[plugin]]
+path = "./stellar_plugin/policy_sketch.so"
+init = "POLICY_SKETCH_INIT"
+exit = "POLICY_SKETCH_EXIT"
 {{- end }}
--- a/ansible/roles/traffic-engine/files/helm/values.yaml
+++ b/ansible/roles/traffic-engine/files/helm/values.yaml
@@ -78,13 +78,6 @@ traffic_mirror:
  enable_raw_traffic: yes
  enable_decrypted_traffic: yes

-ddos_event:
-  enable: yes
-  tcp_traffic_report_ratio: 0.0008
-  udp_traffic_report_ratio: 0.0008
-  icmp_traffic_report_ratio: 0.0008
-  dns_traffic_report_ratio: 0.0008
-
 packet_capture:
  enable: yes

@@ -236,4 +229,13 @@ session_flags:
  enable: yes

 dos_protector:
-  enable: no
+  enable: no
+
+stat_policy_enforcer:
+  enable: yes
+
+traffic_sketch:
+  enable: yes
+
+policy_sketch:
+  enable: yes