By default, Anti-DDoS Origin provides free basic protection for your assets that are deployed on Alibaba Cloud. The assets include the public IP addresses of Elastic Compute Service (ECS) instances, public IP addresses of Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs). Basic protection can be used to mitigate DDoS attacks of up to 5 Gbit/s. If the service traffic of an asset exceeds the normal service traffic, Anti-DDoS Origin scrubs the attack traffic to ensure service availability. This topic describes how to configure a traffic scrubbing threshold.

Background information

Anti-DDoS Origin uses artificial intelligence (AI) to analyze and scrub attack traffic. You can configure a traffic scrubbing threshold based on your normal service traffic. Then, Anti-DDoS Origin uses the big data capabilities provided by Alibaba Cloud to learn the normal service traffic and uses algorithms to identify DDoS attacks.

Anti-DDoS Origin scrubs attack traffic only when Anti-DDoS Origin identifies DDoS attacks and the attack traffic reaches the traffic scrubbing threshold that you configure. This prevents traffic scrubbing by mistake due to a fixed traffic scrubbing threshold. For example, if your normal service traffic fluctuates and exceeds the fixed traffic scrubbing threshold, traffic scrubbing may be triggered by mistake.

Procedure

  1. Log on to the Traffic Security console.
  2. In the left-side navigation pane, click Assets.
  3. In the top navigation bar, select the region of your asset.
  4. Click the ECS, SLB, or EIP (including NAT)) tab and select an asset for which you want to configure a traffic scrubbing threshold.
    Note On the Others tab, you can configure on-demand Anti-DDoS Origin instances. You cannot configure traffic scrubbing on this tab. For more information about on-demand Anti-DDoS Origin instances, see Enable traffic rerouting to an on-demand instance.
  5. In the IP address list, click the IP address for which you want to configure a traffic scrubbing threshold in the IP/Remark column. Assets
  6. In the Instance Details panel, click Cleaning Settings. Instance Details
  7. In the Cleaning Settings panel, specify Cleaning threshold for the IP address. Cleaning Settings
    You can set Cleaning threshold to one of the following values to configure a traffic scrubbing threshold:
    • Default: Anti-DDoS Origin adjusts the traffic scrubbing threshold based on the throughput of your ECS instance.
    • Manual setting: You can select a specific threshold that includes Traffic and Packets per Second.
      Note If DDoS attacks are detected, or the throughput or the packets per second (pps) reaches the selected threshold, traffic scrubbing is triggered.
      If you select Manual setting, take note of the following items:
      • Configure a traffic scrubbing threshold that is slightly greater than the actual throughput and pps. If the threshold is significantly greater than the actual throughput or pps, the protection effect is compromised. If the threshold is significantly less than the actual throughput or pps, normal traffic may be scrubbed.
      • If normal traffic is scrubbed, we recommend that you increase the traffic scrubbing threshold.
      • During large promotions or activities for a website, we recommend that you increase the traffic scrubbing threshold.
  8. Click OK.