Alibaba Cloud provides Anti-DDoS Origin Basic for Simple Application Server instances free of charge by default. This service, also known as basic protection, helps prevent malicious attacks and improves the security of your Simple Application Server instances.
Background information
By default, Anti-DDoS Origin Basic provides up to 5 Gbps of free mitigation against DDoS attacks for Simple Application Server instances. You can log on to the Anti-DDoS console to view the actual mitigation threshold. For more information, see thresholds that trigger blackhole filtering in Anti-DDoS Basic.
Anti-DDoS Origin Basic meets basic security needs. If you have higher security requirements, you can subscribe to paid services such as Anti-DDoS Origin Enterprise and Anti-DDoS Pro and Anti-DDoS Premium, which provide best-effort protection. For more information, see Overview of Anti-DDoS.
For information about the billing of paid Anti-DDoS services, see Product Billing.
How Anti-DDoS Origin Basic works
Anti-DDoS Origin Basic improves the DDoS attack mitigation capabilities of Simple Application Server instances. When traffic exceeds the default scrubbing threshold of Anti-DDoS Origin Basic, traffic scrubbing is automatically triggered to mitigate DDoS attacks. For more information, see What is Anti-DDoS Origin.
If a Simple Application Server instance is under a high-volume DDoS attack and the attack traffic exceeds its DDoS mitigation bandwidth threshold (BPS), the public IP address of the Simple Application Server instance is blackholed to prevent further damage. The Alibaba Cloud blackhole filtering policy temporarily blocks all inbound internet traffic to the Simple Application Server instance. For more information, see Alibaba Cloud's blackhole filtering policy.
Anti-DDoS Origin basic uses artificial intelligence (AI) to analyze and scrub attack traffic. You can configure a traffic scrubbing threshold based on your normal service traffic. Then, Anti-DDoS Origin uses the big data capabilities provided by Alibaba Cloud to learn the normal service traffic and uses algorithms to identify DDoS attacks.
Anti-DDoS Origin Basic scrubs attack traffic only when Anti-DDoS Origin identifies DDoS attacks and the attack traffic reaches the traffic scrubbing threshold that you configure. This prevents traffic scrubbing by mistake due to a fixed traffic scrubbing threshold. For example, if your normal service traffic fluctuates and exceeds the fixed traffic scrubbing threshold, traffic scrubbing may be triggered by mistake.
Traffic scrubbing is triggered by the following conditions:
-
Traffic model features: Scrubbing is triggered if traffic matches the characteristics of a known attack.
-
Traffic volume: DDoS attacks typically involve very large amounts of traffic, usually measured in Gbps. When inbound traffic to a Simple Application Server instance reaches the set threshold, Anti-DDoS starts scrubbing, regardless of whether the traffic is legitimate.
Traffic scrubbing methods include filtering attack packets, limiting traffic speed, and limiting the packet rate. When you use Anti-DDoS Origin Basic, you can set the following thresholds:
-
Bandwidth threshold (BPS): When inbound traffic exceeds the BPS scrubbing threshold, traffic scrubbing is triggered.
-
Packet forwarding rate threshold (PPS): When the number of inbound packets exceeds the PPS scrubbing threshold, traffic scrubbing is triggered.
View anti-DDoS statistics
-
Go to the Servers page in the Simple Application Server console.
-
Click the instance ID on the target server card to go to the server overview page.
If you have many servers, you can enter a public IP address or an instance ID in the search box to filter the servers.
-
In the Basic Information section, next to DDoS Attack Status, click More to go to the Anti-DDoS console.
-
On the Asset Center page of the Anti-DDoS console, you can view the DDoS mitigation information for all Simple Application Server instances in the current region. This includes the Status, Mitigation Capabilities, and Scrubbing Threshold. For more information, see Asset Center.
Operations
After you create a Simple Application Server instance, you can perform the following security operations as needed:
| Related operations |
Description |
| Set scrubbing threshold |
After a Simple Application Server instance is created, Anti-DDoS Origin Basic is enabled by default using the maximum scrubbing threshold. However, if the maximum scrubbing threshold (BPS) is too high, it may not provide effective protection. Adjust the scrubbing threshold as needed. For more information, see Set Anti-DDoS Origin Basic.
Note
Note the following suggestions for manually setting the scrubbing threshold:
|
| Cancel traffic scrubbing |
When traffic reaches the scrubbing threshold, Anti-DDoS starts scrubbing, regardless of whether it is normal service traffic. This may cause normal services to become unavailable or be affected. To ensure normal service, you can manually cancel traffic scrubbing. For more information, see How to cancel traffic scrubbing.
Warning
After you cancel traffic scrubbing, if the inbound traffic to the Simple Application Server instance exceeds the corresponding blackhole triggering threshold, the public IP address of your Simple Application Server instance enters a blackhole. The Alibaba Cloud blackhole filtering policy temporarily blocks all inbound Internet traffic to the Simple Application Server instance. Proceed with caution. For more information, see Alibaba Cloud blackhole filtering policy. |