All Products
Search
Document Center

Anti-DDoS:What is Anti-DDoS Native

Last Updated:Jun 25, 2026

When your cloud assets face volumetric DDoS attacks, default protection thresholds may prove insufficient. Anti-DDoS Native boosts your baseline defense without requiring architectural changes — purchase an instance, associate it with your public IP addresses, and activate protection within minutes. This cost-effective service defends against Layer 3 and Layer 4 DDoS attacks.

Background information

DDoS attack: Short for Distributed Denial of Service attack. Attackers consume network or device resources through malicious traffic, causing service unavailability. For more information, see .

How it works

Anti-DDoS Native uses a bypass deployment architecture. Anti-DDoS Native deploys DDoS attack detection and traffic scrubbing systems at the egress of Alibaba Cloud data centers. The service primarily relies on passive traffic scrubbing, supplemented by active suppression, to identify and scrub DDoS attack traffic without disrupting legitimate business operations.

  1. Attack detection: The system continuously monitors traffic flowing through public IP addresses.

  2. Traffic scrubbing: When inbound traffic exceeds the scrubbing threshold, the system automatically diverts the traffic to a scrubbing center.

  3. Traffic reinjection: After the scrubbing center discards attack traffic, it reinjects clean business traffic back to the origin server. This ensures that your business remains accessible even during an ongoing attack.

Benefits

  • Instant deployment: Protection takes effect immediately after purchase, with deployment completed in as fast as one minute. The defense capability applies directly to your cloud products without the need to deploy additional infrastructure or change IP addresses.

  • Elastic defense: When facing large-scale attacks, the system automatically leverages all available DDoS protection resources in the current region for maximum defense capacity.

  • BGP multi-ISP access: Uses Border Gateway Protocol (BGP) bandwidth to enable high-speed access from multiple carriers — including China Telecom, China Unicom, and China Mobile — through a single IP address.

  • Large-scale scrubbing capacity: Provides ample scrubbing bandwidth to meet the security needs of major promotional events, new product launches, and core business operations.

  • Flexible sharing: Multiple IP addresses can share the same Anti-DDoS Native instance to meet the defense needs of multiple assets.

Service comparison: Anti-DDoS Native vs. Anti-DDoS Proxy

Use the following comparison to determine which service best fits your needs. Choose Anti-DDoS Native to enhance baseline defense in a convenient and cost-effective manner. Choose Anti-DDoS Proxy for core business operations that need to withstand ultra-large-scale attacks with independent resources and a higher SLA.

Dimension

Anti-DDoS Native

Anti-DDoS Proxy

Core positioning

Enhanced protection for cloud products.

Professional-grade independent protection.

Access method

Bind to existing public IP addresses. No need to change IP addresses.

Switch business traffic to an Anti-DDoS IP address.

Protection capability

Region-level shared resource with an upper limit (Gbps-level).

Independent resources, up to Tbps-level, with a higher SLA.

Applicable scenarios

Enhance baseline defense in a convenient and cost-effective manner.

Core business operations that need to withstand ultra-large-scale attacks.

Cost

Relatively low.

Relatively high.

Supported cloud product types

Dimension

Standard cloud products

Enhanced cloud products

Definition

Cloud products that come with default DDoS protection from Alibaba Cloud, such as standard ECS instances, Elastic IP addresses (EIPs), and Server Load Balancer (SLB) instances.

Cloud products for which the DDoS protection enhancement feature is enabled at the time of purchase. Currently, this specifically refers to Anti-DDoS Advanced EIP.

Protection policy activation

Protection policies (such as IP address blacklists and whitelists, and region blocking) take effect only when the asset is under attack and traffic is being scrubbed.

Protection policies remain active at all times. All traffic flows through the scrubbing center.

Protection capability

Shares region-level scrubbing capability. In the Chinese mainland, the maximum capacity reaches hundreds of Gbps.

Provides Tbps-level maximum defense capacity.

Purchasing configuration

When purchasing an EIP, select Default for Security Protection.

When purchasing an EIP, select Anti-DDoS (Pro/Premium) for Security Protection.

Anti-DDoS Native versions

Category

Instance edition

Description

Anti-DDoS Native 1.0 (Subscription)

Anti-DDoS Native (Enterprise)

Anti-DDoS Native discontinued new purchases for this edition.

Anti-DDoS Native 2.0 (Subscription)

Anti-DDoS Native (SMB), Anti-DDoS Native (Enterprise)

Supports both standard cloud products and Anti-DDoS Advanced EIPs (EIPs with DDoS protection enhancement). The Anti-DDoS Native (SMB) supports only standard cloud products and does not support Anti-DDoS Advanced EIPs.

  • Anti-DDoS Native (SMB): Not restricted to a specific region, but can protect only standard cloud products in a single region under the current Alibaba Cloud account.

  • Anti-DDoS Native (Enterprise): No region restriction at the time of purchase. Supports standard cloud products across all regions and Anti-DDoS Advanced EIPs under the current Alibaba Cloud account.

Anti-DDoS Native 2.0 (Pay-as-you-go)

Anti-DDoS Native (Enterprise)

Supports standard cloud products and enhanced cloud products.

Instance specification comparison

Comparison item

Anti-DDoS Native 1.0

Anti-DDoS Native 2.0 (Subscription)

Anti-DDoS Native 2.0 (Pay-as-you-go)-Discontinues new purchases

Anti-DDoS Native (Enterprise)

Anti-DDoS Native (SMB)

Anti-DDoS Native (Enterprise)

Anti-DDoS Native (Enterprise)

Protected assets

Alibaba Cloud products: ECS, SLB, EIP (including EIPs bound to NAT Gateway), IPv6 Gateway, Simple Application Server, WAF, GA

  • Alibaba Cloud products: ECS, SLB, EIP (including EIPs bound to NAT Gateway), IPv6 Gateway, Simple Application Server, WAF, GA

  • Anti-DDoS Advanced EIP (EIP with DDoS protection enhancement)

Billing method

Subscription

Subscription

Subscription

Pay-as-you-go

Number of attacks mitigated

Unlimited

2 per month

Unlimited

Unlimited

Protected asset type

Standard cloud products

Standard cloud products and enhanced cloud products (Anti-DDoS Advanced EIP)

Number of asset regions

Protects public IP assets in a single region.

Protects public IP assets in a single region.

Protects public IP assets across all regions under the current Alibaba Cloud account.

Protects public IP assets across all regions under the current Alibaba Cloud account.

Protected asset network type

Supports only one type of public IP address: IPv4 or IPv6.

Supports only one type of public IP address: IPv4 or IPv6.

Supports protecting both IPv4 and IPv6 public IP addresses simultaneously.

Supports protecting both IPv4 and IPv6 public IP addresses simultaneously.

Number of protected IP addresses

Starting from 100 IP addresses at the time of purchase, freely selectable.

You can select 1 to 29 IP addresses at the time of purchase.

You can select 30 to 2,000 IP addresses at the time of purchase.

For higher specifications, contact your sales representative.

Maximum of 2,000 IP addresses.

Business bandwidth

Freely selectable bandwidth at the time of purchase. Supports unlimited scaling.

You can select 50 Mbit/s to 1,000 Mbit/s at the time of purchase.

Starting from 100 Mbit/s at the time of purchase, freely selectable. Supports unlimited scaling. No bandwidth limit for standard cloud products. Enhanced cloud products (Anti-DDoS Advanced EIPs) have a bandwidth limit.

  • Standard cloud products: Billing is based on clean traffic. No bandwidth limit.

  • Enhanced cloud products: Billing is based on clean traffic, but bandwidth is limited. For more details, see .

Burstable business bandwidth

Not supported.

Supported, Daily 95th Percentile enabled by default. When enabled, the total business bandwidth becomes 5 times the baseline business bandwidth.

Not involved

SLS logs

Supported.

Not supported.

Supported.

Supported.

Multi-account management

Not supported.

Not supported.

Supported.

Supported.

Protection performance comparison

Note
  • Anti-DDoS Native provides version 1.0 and version 2.0. Anti-DDoS Native discontinued new purchases for version 1.0. The following table shows the protection capability reference values for version 2.0 only.

  • Anti-DDoS Native uses a "best-effort protection" mode. The protection capability is not a fixed value but dynamically adjusts based on the overall protection water level of the cloud data center. The protection water level typically increases as Alibaba Cloud's network infrastructure expands, but it may temporarily decrease in special circumstances such as resource constraints.

Region

Anti-DDoS Native 2.0 (Subscription) Anti-DDoS Native (SMB)

Anti-DDoS Native 2.0 (Subscription) Anti-DDoS Native (Enterprise)

Anti-DDoS Native 2.0 (Pay-as-you-go) Anti-DDoS Native (Enterprise)-Discontinues new purchases

Standard cloud products

Standard cloud products

Enhanced cloud products

Standard cloud products

Enhanced cloud products

Chinese Mainland

China (Beijing), China (Shanghai),

China (Hangzhou), China (Shenzhen), China (Ulanqab), China (Zhangjiakou), China (Hohhot), China (Heyuan)

Maximum 300 Gbps to 600 Gbps.

Maximum Tbps-level.

Available for purchase only in China (Beijing), China (Shanghai), and China (Hangzhou).

Maximum 300 Gbps to 600 Gbps.

Maximum Tbps-level.

Available for purchase only in China (Beijing), China (Shanghai), and China (Hangzhou).

China (Chengdu), China (Guangzhou), China (Qingdao)

Maximum tens of Gbps.

Maximum tens of Gbps.

Outside Chinese Mainland

China (Hong Kong), Singapore (Singapore), Germany (Frankfurt), US (Silicon Valley), US (Virginia)

Maximum 100 to 200 Gbps.

Maximum Tbps-level.

Maximum 100 to 200 Gbps.

Maximum Tbps-level.

Japan (Tokyo)

Maximum tens of Gbps.

Maximum Tbps-level.

Maximum tens of Gbps.

Maximum Tbps-level.

Other regions

Limited protection capability (less than 10 Gbps).

Maximum Tbps-level.

Limited protection capability (less than 10 Gbps).

Maximum Tbps-level.

Quick start

  1. Purchase an Anti-DDoS Native instance. If you need to add Anti-DDoS Advanced EIP assets, complete the Service Linked Role (SLR) authorization first. For more information, see Purchase an Anti-DDoS Origin instance .

  2. Add your public IP assets as protected objects of the instance. For more information, see Protected objects.

  3. Customize protection policies based on your business traffic patterns. For more information, see Configure custom mitigation policies.

  4. View your business traffic monitoring data. For more information, see Business monitoring.

  5. Enable protection logs and use the protection analysis feature to query and analyze logs and view built-in protection reports. For more information, see Enable mitigation analysis.

  6. After your public IP assets are under attack, view attack event details. For more information, see Attack analysis.

  7. View blackhole events and scrubbing events. For more information, see Event Center .

Note

After completing the steps above, verify that protection is active by checking the protection status of your assets in the Anti-DDoS Native console. A "Protected" status indicates that your public IP addresses are successfully associated with the instance and defense is operational. You can also view real-time traffic monitoring data to confirm that the system monitors your business traffic.

FAQ

  • Can Anti-DDoS Native defend against CC attacks (application layer attacks)?

    No. Anti-DDoS Native primarily defends against Layer 3 and Layer 4 volumetric attacks (such as UDP floods and SYN floods). To protect against application layer attacks such as HTTP flood and CC attacks, use Anti-DDoS Proxy.