> For the complete documentation index, see [llms.txt](https://docs.console.zenlayer.com/welcome/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.console.zenlayer.com/welcome/elastic-compute/ddos-protection/05-traffic-metrics.md). # Traffic Metrics Both DDoS Protection and EIP Blocked Rules monitor four key traffic metrics. Understanding these metrics helps you interpret protection events and configure appropriate thresholds. ## BPS (Bits Per Second) BPS measures the total bandwidth of traffic flowing to or from your EIP. It is the primary metric for detecting volumetric DDoS attacks. **Common attack scenarios:** * **Amplification attacks** (DNS, NTP, memcached): small spoofed requests trigger large responses from third parties, all directed at your EIP. * **Large-payload floods:** oversized UDP or HTTP requests sent at volume to saturate your available bandwidth. ## PPS (Packets Per Second) PPS measures the rate of individual packets arriving at your EIP, regardless of packet size. High PPS attacks can overwhelm network interfaces and processing capacity even when total bandwidth remains moderate. **Common attack scenarios:** * **Small-packet floods:** minimal-size UDP or ICMP packets designed to exhaust packet processing capacity rather than bandwidth. * **SYN floods:** millions of TCP connection-initiation packets per second, overwhelming the connection tracking table. ## InCPS (Inbound Connections Per Second) InCPS measures the rate of new inbound connection attempts to your EIP. It is critical for detecting application-layer attacks that exhaust server resources by rapidly opening new connections. **Common attack scenarios:** * **HTTP connection floods:** botnets opening thousands of simultaneous connections to web servers, exhausting connection pools. * **Slowloris-style attacks:** connections established but kept open indefinitely, consuming connection table resources without completing requests. ## OutCPS (Outbound Connections Per Second) OutCPS measures the rate of new outbound connections initiated from your EIP. This metric is unique to EIP Blocked Rules and detects potentially compromised instances participating in outbound attacks or scanning. **Common trigger scenarios:** * **Compromised instance:** a botnet client initiating outbound DDoS attacks or network scans from your instance. * **Spam campaigns:** rapid outbound SMTP connections from a compromised host sending phishing or spam emails. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.console.zenlayer.com/welcome/elastic-compute/ddos-protection/05-traffic-metrics.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.