Anti-DDoS Basic is a security service that provides free protection for certain Alibaba Cloud assets to mitigate network-layer and transport-layer DDoS attacks. This topic provides an overview of Anti-DDoS Basic.
Introduction
Anti-DDoS Basic provides free protection for certain Alibaba Cloud assets to mitigate network-layer and transport-layer DDoS attacks.
Anti-DDoS Basic is integrated into the mitigated assets and enabled by default with mitigation thresholds ranging from 500 Mbit/s to 5 Gbit/s. This feature cannot be disabled. For details on the mitigation thresholds for each asset, see View the thresholds that trigger blackhole filtering in Anti-DDoS Basic.
In response to frequent attacks, Alibaba Cloud may adjust mitigation thresholds based on the customer attack history to ensure overall stability.
Normally, Anti-DDoS Basic does not disrupt access for users. However, certain attacks, such as HTTP Flood, SYN Flood, and ACK Flood attacks, attack techniques, such as snipe and sweep, as well as specific user scenarios that exceed Alibaba Cloud or product specification, may affect access. If Anti-DDoS Basic does not meet your needs, consider upgrading to more advanced protection services such as Anti-DDoS Origin or Anti-DDoS Proxy. For more information, see Scenario-specific anti-DDoS solutions.
How Anti-DDoS Basic works
Set thresholds for traffic scrubbing: Anti-DDoS Basic sets scrubbing thresholds by default. To manually configure these thresholds, see Configure traffic scrubbing thresholds. The traffic scrubbing thresholds for assets are contingent on the specifications of the instances. For more information, see Cloud service specifications and scrubbing thresholds.
Trigger traffic scrubbing: When the following two conditions are met, traffic scrubbing starts:
Incoming traffic exhibits unusual patterns.
The bits per second (BPS) and packets per second (PPS) of incoming traffic surpasses the predefined scrubbing threshold.
Traffic scrubbing: Anti-DDoS Basic filters and scrubs all the incoming traffic to block network-layer and transport-layer attacks such as UDP reflection attacks and SYN-ACK flood attacks. Anti-DDoS Basic cannot mitigate application-layer attacks such as HTTP Flood attacks and CC attacks.
Network-layer attack: These attacks include UDP reflection attacks, SYN-ACK flood attacks, and malformed packet attacks that violate IP protocols. These attacks aim at consuming server bandwidth, resulting in service disruption.
Transport-layer attack: These attacks include TCP SYN flood attacks and connection exhaustion attacks. These attacks aim at disrupting connections and sessions, overwhelming the server capacity to handle legitimate traffic.
Application-layer attack: These attacks include HTTP Flood attacks, CC attacks, and DNS Flood attacks. They are designed to exploit business-specific vulnerabilities, overwhelming server processing capacity and resulting in denial of service.
Blackhole filtering: When inbound traffic surpasses the protection capacity (referred to as the blackhole triggering threshold), blackhole filtering is activated to mitigate potential damage from DDoS attacks. This measure protects assets and ensures that the operation of other assets is not impacted by a single cloud service under attack. During this process, Alibaba Cloud temporarily blocks incoming Internet traffic to the affected cloud service. For more information, see Blackhole filtering policy of Alibaba Cloud.
Protected assets
The following list outlines the protected assets:
Elastic Compute Service (ECS) instances
Server Load Balancer (SLB) instances
Elastic IP addresses (EIPs)
EIPs associated with a NAT gateway
IPv6 gateways
Simple Application Server
Web Application Firewall (WAF) instances
Global Accelerator (GA) instances
Supported regions
The following table lists the regions where Anti-DDoS Basic is available.
Area | Region |
Asia Pacific | Thailand (Bangkok), Philippines (Manila), Japan (Tokyo), Indonesia (Jakarta), Malaysia (Kuala Lumpur), South Korea (Seoul), Singapore, China (Hong Kong), China (Chengdu), China (Guangzhou), China (Heyuan ), China (Shenzhen ), China (Ulanqab), China (Hohhot), China (Zhangjiakou), China (Beijing), China (Qingdao), China (Fuzhou), China (Nanjing), China (Shanghai), China (Hangzhou) |
Europe and America | UK (London), Germany (Frankfurt), US (Virginia), US (Silicon Valley) |
Middle East | SAU (Riyadh - Partner Region), UAE (Dubai) |