When your cloud assets face volumetric DDoS attacks, default protection thresholds may prove insufficient. Anti-DDoS Native boosts your baseline defense without requiring architectural changes — purchase an instance, associate it with your public IP addresses, and activate protection within minutes. This cost-effective service defends against Layer 3 and Layer 4 DDoS attacks.
Background information
DDoS attack: Short for Distributed Denial of Service attack. Attackers consume network or device resources through malicious traffic, causing service unavailability. For more information, see .
How it works
Anti-DDoS Native uses a bypass deployment architecture. Anti-DDoS Native deploys DDoS attack detection and traffic scrubbing systems at the egress of Alibaba Cloud data centers. The service primarily relies on passive traffic scrubbing, supplemented by active suppression, to identify and scrub DDoS attack traffic without disrupting legitimate business operations.
Attack detection: The system continuously monitors traffic flowing through public IP addresses.
Traffic scrubbing: When inbound traffic exceeds the scrubbing threshold, the system automatically diverts the traffic to a scrubbing center.
Traffic reinjection: After the scrubbing center discards attack traffic, it reinjects clean business traffic back to the origin server. This ensures that your business remains accessible even during an ongoing attack.
Benefits
Instant deployment: Protection takes effect immediately after purchase, with deployment completed in as fast as one minute. The defense capability applies directly to your cloud products without the need to deploy additional infrastructure or change IP addresses.
Elastic defense: When facing large-scale attacks, the system automatically leverages all available DDoS protection resources in the current region for maximum defense capacity.
BGP multi-ISP access: Uses Border Gateway Protocol (BGP) bandwidth to enable high-speed access from multiple carriers — including China Telecom, China Unicom, and China Mobile — through a single IP address.
Large-scale scrubbing capacity: Provides ample scrubbing bandwidth to meet the security needs of major promotional events, new product launches, and core business operations.
Flexible sharing: Multiple IP addresses can share the same Anti-DDoS Native instance to meet the defense needs of multiple assets.
Service comparison: Anti-DDoS Native vs. Anti-DDoS Proxy
Use the following comparison to determine which service best fits your needs. Choose Anti-DDoS Native to enhance baseline defense in a convenient and cost-effective manner. Choose Anti-DDoS Proxy for core business operations that need to withstand ultra-large-scale attacks with independent resources and a higher SLA.
Dimension | Anti-DDoS Native | Anti-DDoS Proxy |
Core positioning | Enhanced protection for cloud products. | Professional-grade independent protection. |
Access method | Bind to existing public IP addresses. No need to change IP addresses. | Switch business traffic to an Anti-DDoS IP address. |
Protection capability | Region-level shared resource with an upper limit (Gbps-level). | Independent resources, up to Tbps-level, with a higher SLA. |
Applicable scenarios | Enhance baseline defense in a convenient and cost-effective manner. | Core business operations that need to withstand ultra-large-scale attacks. |
Cost | Relatively low. | Relatively high. |
Supported cloud product types
Dimension | Standard cloud products | Enhanced cloud products |
Definition | Cloud products that come with default DDoS protection from Alibaba Cloud, such as standard ECS instances, Elastic IP addresses (EIPs), and Server Load Balancer (SLB) instances. | Cloud products for which the DDoS protection enhancement feature is enabled at the time of purchase. Currently, this specifically refers to Anti-DDoS Advanced EIP. |
Protection policy activation | Protection policies (such as IP address blacklists and whitelists, and region blocking) take effect only when the asset is under attack and traffic is being scrubbed. | Protection policies remain active at all times. All traffic flows through the scrubbing center. |
Protection capability | Shares region-level scrubbing capability. In the Chinese mainland, the maximum capacity reaches hundreds of Gbps. | Provides Tbps-level maximum defense capacity. |
Purchasing configuration | When purchasing an EIP, select Default for Security Protection. | When purchasing an EIP, select Anti-DDoS (Pro/Premium) for Security Protection. |
Anti-DDoS Native versions
Category | Instance edition | Description |
Anti-DDoS Native 1.0 (Subscription) | Anti-DDoS Native (Enterprise) | Anti-DDoS Native discontinued new purchases for this edition. |
Anti-DDoS Native 2.0 (Subscription) | Anti-DDoS Native (SMB), Anti-DDoS Native (Enterprise) | Supports both standard cloud products and Anti-DDoS Advanced EIPs (EIPs with DDoS protection enhancement). The Anti-DDoS Native (SMB) supports only standard cloud products and does not support Anti-DDoS Advanced EIPs.
|
Anti-DDoS Native 2.0 (Pay-as-you-go) | Anti-DDoS Native (Enterprise) | Supports standard cloud products and enhanced cloud products. |
Instance specification comparison
Comparison item | Anti-DDoS Native 1.0 | Anti-DDoS Native 2.0 (Subscription) | Anti-DDoS Native 2.0 (Pay-as-you-go)-Discontinues new purchases | |
Anti-DDoS Native (Enterprise) | Anti-DDoS Native (SMB) | Anti-DDoS Native (Enterprise) | Anti-DDoS Native (Enterprise) | |
Protected assets | Alibaba Cloud products: ECS, SLB, EIP (including EIPs bound to NAT Gateway), IPv6 Gateway, Simple Application Server, WAF, GA |
| ||
Billing method | Subscription | Subscription | Subscription | Pay-as-you-go |
Number of attacks mitigated | Unlimited | 2 per month | Unlimited | Unlimited |
Protected asset type | Standard cloud products | Standard cloud products and enhanced cloud products (Anti-DDoS Advanced EIP) | ||
Number of asset regions | Protects public IP assets in a single region. | Protects public IP assets in a single region. | Protects public IP assets across all regions under the current Alibaba Cloud account. | Protects public IP assets across all regions under the current Alibaba Cloud account. |
Protected asset network type | Supports only one type of public IP address: IPv4 or IPv6. | Supports only one type of public IP address: IPv4 or IPv6. | Supports protecting both IPv4 and IPv6 public IP addresses simultaneously. | Supports protecting both IPv4 and IPv6 public IP addresses simultaneously. |
Number of protected IP addresses | Starting from 100 IP addresses at the time of purchase, freely selectable. | You can select 1 to 29 IP addresses at the time of purchase. | You can select 30 to 2,000 IP addresses at the time of purchase. For higher specifications, contact your sales representative. | Maximum of 2,000 IP addresses. |
Business bandwidth | Freely selectable bandwidth at the time of purchase. Supports unlimited scaling. | You can select 50 Mbit/s to 1,000 Mbit/s at the time of purchase. | Starting from 100 Mbit/s at the time of purchase, freely selectable. Supports unlimited scaling. No bandwidth limit for standard cloud products. Enhanced cloud products (Anti-DDoS Advanced EIPs) have a bandwidth limit. |
|
Burstable business bandwidth | Not supported. | Supported, Daily 95th Percentile enabled by default. When enabled, the total business bandwidth becomes 5 times the baseline business bandwidth. | Not involved | |
SLS logs | Supported. | Not supported. | Supported. | Supported. |
Multi-account management | Not supported. | Not supported. | Supported. | Supported. |
Protection performance comparison
Anti-DDoS Native provides version 1.0 and version 2.0. Anti-DDoS Native discontinued new purchases for version 1.0. The following table shows the protection capability reference values for version 2.0 only.
Anti-DDoS Native uses a "best-effort protection" mode. The protection capability is not a fixed value but dynamically adjusts based on the overall protection water level of the cloud data center. The protection water level typically increases as Alibaba Cloud's network infrastructure expands, but it may temporarily decrease in special circumstances such as resource constraints.
Region | Anti-DDoS Native 2.0 (Subscription) Anti-DDoS Native (SMB) | Anti-DDoS Native 2.0 (Subscription) Anti-DDoS Native (Enterprise) | Anti-DDoS Native 2.0 (Pay-as-you-go) Anti-DDoS Native (Enterprise)-Discontinues new purchases | |||
Standard cloud products | Standard cloud products | Enhanced cloud products | Standard cloud products | Enhanced cloud products | ||
Chinese Mainland | China (Beijing), China (Shanghai), China (Hangzhou), China (Shenzhen), China (Ulanqab), China (Zhangjiakou), China (Hohhot), China (Heyuan) | Maximum 300 Gbps to 600 Gbps. | Maximum Tbps-level. Available for purchase only in China (Beijing), China (Shanghai), and China (Hangzhou). | Maximum 300 Gbps to 600 Gbps. | Maximum Tbps-level. Available for purchase only in China (Beijing), China (Shanghai), and China (Hangzhou). | |
China (Chengdu), China (Guangzhou), China (Qingdao) | Maximum tens of Gbps. | Maximum tens of Gbps. | ||||
Outside Chinese Mainland | China (Hong Kong), Singapore (Singapore), Germany (Frankfurt), US (Silicon Valley), US (Virginia) | Maximum 100 to 200 Gbps. | Maximum Tbps-level. | Maximum 100 to 200 Gbps. | Maximum Tbps-level. | |
Japan (Tokyo) | Maximum tens of Gbps. | Maximum Tbps-level. | Maximum tens of Gbps. | Maximum Tbps-level. | ||
Other regions | Limited protection capability (less than 10 Gbps). | Maximum Tbps-level. | Limited protection capability (less than 10 Gbps). | Maximum Tbps-level. | ||
Quick start
Purchase an Anti-DDoS Native instance. If you need to add Anti-DDoS Advanced EIP assets, complete the Service Linked Role (SLR) authorization first. For more information, see Purchase an Anti-DDoS Origin instance .
Add your public IP assets as protected objects of the instance. For more information, see Protected objects.
Customize protection policies based on your business traffic patterns. For more information, see Configure custom mitigation policies.
View your business traffic monitoring data. For more information, see Business monitoring.
Enable protection logs and use the protection analysis feature to query and analyze logs and view built-in protection reports. For more information, see Enable mitigation analysis.
After your public IP assets are under attack, view attack event details. For more information, see Attack analysis.
View blackhole events and scrubbing events. For more information, see Event Center .
After completing the steps above, verify that protection is active by checking the protection status of your assets in the Anti-DDoS Native console. A "Protected" status indicates that your public IP addresses are successfully associated with the instance and defense is operational. You can also view real-time traffic monitoring data to confirm that the system monitors your business traffic.
FAQ
Can Anti-DDoS Native defend against CC attacks (application layer attacks)?
No. Anti-DDoS Native primarily defends against Layer 3 and Layer 4 volumetric attacks (such as UDP floods and SYN floods). To protect against application layer attacks such as HTTP flood and CC attacks, use Anti-DDoS Proxy.