DocsICP FilingConsole
官方文档
首页

Anti-DDoS EIP

更新时间:
复制 MD 格式
产品详情
我的收藏

By default, an EIP includes Anti-DDoS Basic, which provides up to 5 Gbps of protection. When attack traffic exceeds this limit, blackhole routing drops all inbound traffic, which can cause a complete service outage. Use an Anti-DDoS (Enhanced) EIP for terabit-level protection and business continuity.

How it works

An Anti-DDoS (Enhanced) EIP uses Anti-DDoS Native to provide terabit-level DDoS protection. This makes it ideal for latency-sensitive applications that require a high level of security, such as large-scale online games and major live streaming events.

  • Inbound: Traffic is first sent to Anti-DDoS Native for detection and scrubbing. After the service filters malicious traffic, it forwards the clean traffic to your instance.

  • Outbound: The EIP sends outbound traffic directly to the internet.

image

Usage notes

  • Line type: BGP (Multi-ISP).

  • Billing method: pay-as-you-go.

  • When you create an Anti-DDoS (Enhanced) EIP from an IP address pool, the IP address pool must also be an Anti-DDoS (Enhanced) pool.

  • Supported regions:

    EIP

    • Asia Pacific - China: China (Beijing), China (Hangzhou), China (Shanghai), China (Hong Kong)

    • Asia Pacific - Other: Philippines (Manila), Japan (Tokyo), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), South Korea (Seoul), Thailand (Bangkok)

    • Other: US (Virginia), US (Silicon Valley), Germany (Frankfurt), UK (London), Mexico

    IP address pool

    • Asia Pacific - China: China (Hong Kong)

    • Asia Pacific - Other: Philippines (Manila), Japan (Tokyo), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), South Korea (Seoul), Thailand (Bangkok)

    • Other: US (Virginia), US (Silicon Valley), Germany (Frankfurt), UK (London), Mexico

Enable Anti-DDoS (Enhanced)

Before you begin, make sure that you have activated Anti-DDoS Origin (pay-as-you-go). After activating the service and adding a protected asset, Alibaba Cloud considers the service in use and starts billing. The service requires a minimum 30-day commitment and cannot be deactivated within this period.

Console

Go to the EIP buy page. For information about other settings, see EIP.

  • Billing Method: Pay-as-you-go.

  • Line Type: BGP (Multi-ISP).

  • Security protection: Anti-DDoS Pro/Premium.

  • IP Address Pool:

    • Default: Allocates an Anti-DDoS (Enhanced) EIP from Alibaba Cloud's public IP address pool.

    • Specify IP address pool: Allocates an EIP from a specified Anti-DDoS (Enhanced) IP address pool.

After the EIP is created, go to the EIP console. In the Protection column, click the image icon for the target EIP to view its scrubbing and blackhole thresholds.

On the day after creation (T+1), you can go to the Traffic Security console and navigate to Traffic Security > Network Security > Anti-DDoS Native > Billing Management to view usage details. Click Details to request an adjustment to your peak bandwidth.

API

Call the AllocateEipAddress operation and set the SecurityProtectionTypes parameter to AntiDDoS_Enhanced to create an Anti-DDoS (Enhanced) EIP.

Billing

Only pay-as-you-go EIPs support the Anti-DDoS (Enhanced) security level. The billable items include:

  • Public IP instance fee and public network fee: EIP billing includes these fees.

  • Anti-DDoS Origin 2.0 fee: This fee is charged by the Anti-DDoS service.

More information

Anti-DDoS Basic

By default, EIPs include Anti-DDoS Basic, which provides up to 5 Gbps of DDoS protection. Inbound internet traffic first passes through Alibaba Cloud Anti-DDoS Basic. When Anti-DDoS Basic detects traffic that matches a DDoS attack profile and exceeds the scrubbing threshold, Anti-DDoS Basic starts scrubbing, filters malicious packets, and forwards clean traffic to the EIP.

  • Scrubbing:

    • Scrubbing methods: filter attack packets, rate-limit traffic, and rate-limit packets.

    • Scrubbing trigger: Scrubbing begins when traffic matches the characteristics of a DDoS attack and its volume reaches the bits per second (BPS) or packets per second (PPS) scrubbing threshold. Anti-DDoS Basic automatically sets scrubbing thresholds based on the EIP's bandwidth.

      • BPS scrubbing threshold: If the EIP bandwidth is ≤ 300 Mbps, the threshold is 450 Mbps. If the EIP bandwidth is > 300 Mbps, the threshold is EIP bandwidth value × 1.5 Mbps.

      • PPS scrubbing threshold: 100,000 pps for EIP bandwidths up to 100 Mbps. For bandwidths over 100 Mbps, the threshold is EIP bandwidth value × 1000 pps.

  • Blackhole routing: When DDoS attack traffic exceeds the EIP's blackhole threshold (the 5 Gbps capacity of Anti-DDoS Basic, specifically 5,200 Mbps), Alibaba Cloud applies blackhole routing to protect the cloud resource from further impact. This policy blocks all inbound traffic to the EIP, which can cause a complete service interruption. By default, the blackhole is automatically lifted after 2.5 hours. The actual duration may vary depending on the frequency of attacks on the EIP.

Previous:BGP (Multi-ISP) Pro EIPNext:Convert a static public IP to an EIP