> For the complete documentation index, see [llms.txt](https://docs.console.zenlayer.com/welcome/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.console.zenlayer.com/welcome/cn/elastic-compute/ddos-protection/05-traffic-metrics.md). # 流量指标 DDoS 防护和 EIP 拦截规则均监控四项关键流量指标。了解这些指标有助于您解读防护事件并配置合适的阈值。 ## BPS(每秒比特数) BPS 衡量进出您的 EIP 的流量总带宽。它是检测大规模 DDoS 攻击的主要指标。 **常见攻击场景:** * **放大攻击**(DNS、NTP、memcached):小型伪造请求触发第三方发出大量响应,全部指向您的 EIP。 * **大载荷洪泛:** 大量发送超大 UDP 或 HTTP 请求,使您的可用带宽饱和。 ## PPS(每秒数据包数) PPS 衡量到达您的 EIP 的单个数据包速率,与数据包大小无关。即使总带宽保持适中,高 PPS 攻击也能使网络接口和处理能力不堪重负。 **常见攻击场景:** * **小包洪泛:** 最小尺寸的 UDP 或 ICMP 数据包,旨在耗尽数据包处理能力而非带宽。 * **SYN 洪泛:** 每秒数百万个 TCP 连接发起数据包,使连接跟踪表不堪重负。 ## InCPS(每秒入站连接数) InCPS 衡量对您的 EIP 发起的新入站连接尝试速率。它对于检测通过快速建立新连接来耗尽服务器资源的应用层攻击至关重要。 **常见攻击场景:** * **HTTP 连接洪泛:** 僵尸网络向 Web 服务器建立数千个并发连接,耗尽连接池。 * **Slowloris 类型攻击:** 建立连接后无限期保持开放,消耗连接表资源而不完成请求。 ## OutCPS(每秒出站连接数) OutCPS 衡量从您的 EIP 发起的新出站连接速率。此指标是 EIP 拦截规则独有的,用于检测可能已被入侵的实例参与出站攻击或扫描。 **常见触发场景:** * **实例被入侵:** 僵尸网络客户端从您的实例发起出站 DDoS 攻击或网络扫描。 * **垃圾邮件攻击:** 被入侵主机快速发起出站 SMTP 连接,发送钓鱼邮件或垃圾邮件。 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.console.zenlayer.com/welcome/cn/elastic-compute/ddos-protection/05-traffic-metrics.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.