The most common deployment mode of the AntiDDoS is dynamic traffic diversion that involves the detecting and scrubbing devices. Once an issue occurs, confirm first whether the traffic is diverted to the scrubbing device.

In the ATIC report query function, check the attack IP address traffic diversion situation for whether a traffic diversion task exists and whether traffic diversion is enabled.

Traffic diversion falls into static and dynamic modes.

Static: The traffic diversion task manually created by the ATIC administrator has the highest priority and is not overwritten by the dynamic traffic diversion task.

Dynamic: The detecting and scrubbing devices are deployed, and the traffic diversion task is created, started, terminated, and deleted by the ATIC based on the anomaly status.

If no traffic diversion task exists:

1. Check the traffic volume of the detecting device to confirm that the attack traffic exceeds the detecting threshold. The generation of the traffic diversion task depends on the detecting device to report IP traffic anomalies.
2. Check whether traffic diversion tasks of other IP addresses exist within the same time range to ensure that the detecting device is reachable to the ATIC.
3. Confirm that the traffic mirroring path of the detecting device covers the protected IP address.
4. Log in to the device and check the table entry resource usage of the device. If the free column is 0, the defense effectiveness is compromised.