When the attack traffic to a server exceeds the black hole threshold configured for the server room, the server is thrown into a black hole to block external network access to the server. Once a server is thrown into a black hole, it become unavailable during the black hole duration. After that, the system determines that the attack traffic stops, and the black hole status is automatically lifted.
The black hole is a service that Alibaba Cloud purchases from the operator who imposes strict restrictions on the time and frequency to lift the black hole. The black hole state cannot be manually deactivated. Thus, you must patiently wait for the system to auto unban the server.
Why enact the black hole policy? Why can’t help users resist the attack for an unlimited period of time?
DDoS attacks severely impair not only victims, but also the entire cloud network. Besides, DDoS defense costs a lot, the biggest among which is the bandwidth cost.
Alibaba Cloud purchases bandwidth from ISPs. ISPs will not clean out DDoS attack traffic when calculating the bandwidth cost, but will directly charge Alibaba Cloud on the consumed bandwidth.
Alibaba Cloud Security potentially defends against DDoS attacks for Alibaba Cloud users free of charge at a limited cost, but when the attacking traffic exceeds the threshold, Alibaba Cloud will block the traffic to the IP address under attack.
You can purchase the Anti-DDoS Pro service to easily prevent DDoS attacks and safeguard normal operation of servers.
Anti-DDoS Pro service is designed to help users defend against DDoS attacks, with clear commitment on the protection capability and defense performance.
The default black hole triggering thresholds offered by basic protection feature of Anti-DDoS Basic in various regions are as follows (Unit: bps):
Note: The triggering thresholds apply to Alibaba Cloud ECS, Server Load Balancer, VPC, and other products.
|Region||1-core CPU classic-network ECS||2-core CPU classic-network ECS||4-core (or later) CPU classic-network ECS||Server Load Balancer and VPC|
|China East 1||500M||1G||5G||5G|
|China East 2||500M||1G||2G||2G|
|China North 1||500M||1G||5G||5G|
|China North 2||500M||1G||2G||2G|
|China North 3||500M||1G||2G||2G|
|China North 5||500M||1G||2G||2G|
|China South 1||500M||1G||2G||2G|
|US West 1||500M||1G||2G||2G|
|US East 1||500M||500M||500M||500M|
The default black hole duration is 2.5 hours and the server cannot be unbanned during this period.
The actual black hole duration depends on the attack situation and may range from 30 minutes to 24 hours.
The duration of the black hole is mainly influenced by the following factors:
Whether the attack persists. The black hole duration keeps extending, if the attack continues. The black hole duration is re-calculated from the time of extension.
Whether the attack is frequent. If a user is attacked for the first time, the black hole duration will be automatically shortened. On the contrary, the black hole duration for a user under frequent attacks will be automatically extended as the user is more likely to be attacked again.
Note: For users suffering overly frequent black holes, Alibaba Cloud reserves the right to extend the black hole duration and reduce the black hole threshold. You can go to the console to view the specific black hole threshold and duration.