Anti-DDoS Origin Basic is enabled by default. It provides a protection capacity of up to 5 Gbit/s for Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs) under your Alibaba Cloud account. Protection against distributed denial of service (DDoS) attacks for the preceding assets is provided free of charge. The Assets page shows a list of assets that belong to an Alibaba Cloud account and their protection status and traffic trends. These assets include ECS instances, SLB instances, and EIPs. The information allows you to obtain an overview of security risks from DDoS attacks for your assets. You can use the information to improve protection for an asset.


  1. Log on to the Alibaba Cloud Anti-DDoS Basic console.
  2. On the top of the Assets page, select a region.
  3. On the Assets page, view information about protection against DDoS attacks.DDoS Attack Protection Information
    In the DDoS Attack Protection Information section, you can perform the following operations:
    • Click Default Basic Protection Threshold to view default black hole triggering thresholds for different assets that reside in each region.
    • Click Blackholing to view Alibaba Cloud black hole policies.
    • Click Anti-DDoS Origin to go to the Manage Instances page. You can purchase Anti-DDoS Origin instances as needed. For more information, see Purchase an Anti-DDoS Origin Enterprise instance.
  4. Click the ECS, SLB, EIP (including NAT), or Others tab based on the type of cloud service that you want to protect.
    Note The Others tab shows all the on-demand Anti-DDoS Origin instances under your account. On-demand instances can protect servers in on-premises data centers outside China and cloud assets based on CIDR blocks. You can manually enable or disable protection in the console or by calling API operations. For more information, see Enable traffic rerouting to an on-demand instance and ModifyOnDemaondDefenseStatus.
  5. In a list of assets, view the protection status of each asset.
    The Assets page lists all assets in a region and provides further details about protection against DDoS attacks for each asset. The details include Status, Protection Capacity, and Cleaning Trigger Value.
    • Status indicates the security state of an instance. Available states include Normal, Cleaning, and Black Hole Activated.
    • Protection Capacity indicates the capacity of an instance to protect against DDoS attacks. This capacity means the maximum bandwidth of DDoS attacks that can be defended against. If the bandwidth that DDoS attacks consume exceeds the protection capacity of an instance, a black hole is triggered, and all packets that are routed to the instance are dropped. For more information about how to improve the protection capacity of an instance, see Step 6.
    • Cleaning Trigger Value indicates the minimum bandwidth that must be reached before traffic scrubbing is triggered. The bandwidth is measured in Mbit/s and packets per second (PPS). For more information, see Configure a cleaning threshold.
  6. Improve the protection capacity of a specific asset.
    • Enable Anti-DDoS Origin

      If you have purchased an Anti-DDoS Origin Enterprise instance in the current region, you can perform the following operations to enable Anti-DDoS Origin for a specific asset.

      Anti-DDoS Origin Enterprise instances provide an account-level DDoS mitigation service for your assets and business to mitigate DDoS attack risks on the cloud. Enterprises can safeguard their large businesses at controllable costs, without the need to change the business architecture or increase latency. For more information, see What is Anti-DDoS Origin?

      The procedure used to configure Anti-DDoS Origin for different types of assets (ECS, SLB, and EIP) is similar. The following procedure describes how to enable Anti-DDoS Origin for an ECS instance. You can use this example as a reference for other types of assets.

      1. Select the ECS instance for which you want to enable Anti-DDoS Origin from the ECS instance list and click Add Anti-DDoS Origin.Enable Anti-DDoS Origin
      2. In the Anti-DDoS Origin instance list, find the required instance and click Add in the Operation column.Anti-DDoS Origin instance list
      3. In the OK message, click OK.Confirmation
    • Activate Anti-DDoS Pro or Anti-DDoS Premium.

      If your business faces high risks of DDoS attacks, we recommend that you activate Anti-DDoS Pro or Anti-DDoS Premium. For example, if your business experiences frequent DDoS attacks, volumetric DDoS attacks, or DDoS attacks have severely affected your business, you can activate Anti-DDoS Pro or Anti-DDoS Premium.

      Anti-DDoS Pro and Anti-DDoS Premium provide 8-line bandwidth resources of the Border Gateway Protocol (BGP) type at the Tbit/s level. The bandwidth resources are exclusive for mainland China. This allows you to defend against a huge number of DDoS attacks.

      In the left-side navigation pane, choose Anti-DDoS Services > Anti-DDoS Pro or Anti-DDoS Premium to go to the related console.
      • Anti-DDoS Pro is ideal for businesses that are deployed in mainland China.
      • Anti-DDoS Premium is ideal for businesses that are deployed outside mainland China.