spikearrest: how to report the number of rejected calls?

Hello,

In EMG, does spike-arrest count the number of rejected calls? If yes, is this number reported to the analytics or is there a hook/property to retrieve this number of rejected calls? The objective of this question is to understand whether EMG can help notifying that a DDoS type of attack is going on (or happened in the past).

Thanks

--FiX

Solved Solved
2 9 420
1 ACCEPTED SOLUTION

Former Community Member
Not applicable

@Francois-Xavier KOWALSKI, I don't think the SpikeArrest plugin in MG counts rejected calls today.

If you had asked about Edge, I would've suggested to use a Stats Collector policy and send the information to analytics when SpikeArrest is triggered. However, we do not have the equivalent of a Stats Collector in MG.

Also in Edge, Apigee Sense can help detecting some of the DoS type attacks. Again, we currently don't have support for Apigee Sense with MG.

View solution in original post

9 REPLIES 9

@Francois-Xavier KOWALSKI , Great Question !

If you would like get notified real time, Fault Rules with a service callout to Email API will send out notifications. You might need to add an additional condition to prevent multiple emails.

    <FaultRules>
        <FaultRule name="Spike Arrest Errors">
            <Step>
                <Name>ServiceCalloutPolicy-Email-Alert</Name>
                <Condition>(fault.name Matches "SpikeArrestViolation") </Condition>
            </Step>
            <Condition>ratelimit.Spike-Arrest-1.failed=true</Condition>
        </FaultRule>
    </FaultRules>

If you would like to see the past, You can use Apigee Analytics by creating the custom reports in analytics. I have just verified same & it works as expected. See screenshot below for details.

4447-spikeerrors.png

Hope it helps. Keep us posted if any.

Former Community Member
Not applicable

@Anil Sagar, i think the question was about microgateway (EMG = Edge Microgateway), not Edge.

Ahhhh missed it, Thank you @Srinandan Sridhar for highlighting it !

Former Community Member
Not applicable

@Francois-Xavier KOWALSKI, I don't think the SpikeArrest plugin in MG counts rejected calls today.

If you had asked about Edge, I would've suggested to use a Stats Collector policy and send the information to analytics when SpikeArrest is triggered. However, we do not have the equivalent of a Stats Collector in MG.

Also in Edge, Apigee Sense can help detecting some of the DoS type attacks. Again, we currently don't have support for Apigee Sense with MG.

Thanks you @Srinandan Sridhar,

Ok, this is what I suspected. Should I want to account those rejected calls, I guess that I then need to insert my own custom filter beforehand, consolidate rejection data & report to my own analytics system.... unless I have a way to provide that data in some custom property to the Edge analytics (in which case I would be glad to know how to hook this to a the above-mentioned custom report).

--FiX

Former Community Member
Not applicable

I have another idea (probably not a great one). In the spike arrest plugin, make a http call to a proxy hosted on Apigee Edge. In that proxy use a stats collector to store whatever you need (assuming most of the data you need like proxy name, consumer details etc. come in the payload).

Hmmm... there would be a need to either fork spikearrest for my purpose or make a PR to the built-in EMG spikearest plugin, and hook that modified plugin to a (new & dedicated) Edge proxy feeding the stats... in my org. I probably need to look further in stats collector to understand the implied scope on Edge.

Not applicable

You can use faultRules for triggerEmailNotification

@shubham singh , Above question is talking about Edge Micro gateway, It's more about how to access the number of reject calls in spike arrest.