The following table lists the default thresholds at which Anti-DDoS automatically triggers black holes in each region. These thresholds are measured in bit/s.

Note
  • Anti-DDoS can automatically trigger black holes for Elastic Compute Service (ECS), Server Load Balancer (SLB), Elastic IP Address (EIP), and Web Application Firewall (WAF) instances. This feature is available for IPv4 networks in all regions and for IPv6 network only in specific regions. In the following table, a check sign (√) in the Support IPv6 column indicates that the automatic black hold trigger feature is supported for IPv6 in the region and the thresholds are applicable to both IPv4 and IPv6. A cross sign (×) indicates that the feature is not supported for IPv6 in the region and the thresholds are applicable only to IPv4 networks.
  • Practical black hole triggering thresholds for ECS, SLB, and EIP instances change based on the instance type and bandwidth that you purchase. You can refer to the Assets page of the Anti-DDoS Basic console for more details. For more information, see Assets.
  • In each region, the same threshold to trigger black holes is applied for WAF, SLB, and EIP instances.
Region Support IPv4 Support IPv6 ECS instances with one vCPU ECS instances with two vCPUs ECS instances with more than four vCPUs SLB, EIP (includes public IP addresses of NAT gateways), and WAF instances
China (Hangzhou) 500 Mbit/s 1 Gbit/s 5 Gbit/s 5 Gbit/s
China (Shanghai) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Qingdao) × 500 Mbit/s 1 Gbit/s 5 Gbit/s 5 Gbit/s
China (Beijing) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Zhangjiakou-Beijing Winter Olympics) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Hohhot) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Shenzhen) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Heyuan) 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Chengdu) × 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
China (Hong Kong) 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Singapore × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Australia (Sydney) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Malaysia (Kuala Lumpur) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Indonesia (Jakarta) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Japan (Tokyo) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
Germany (Frankfurt) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
UK (London) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
US (Silicon Valley) × 500 Mbit/s 1 Gbit/s 2 Gbit/s 2 Gbit/s
US (Virginia) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
India (Mumbai) × 500 Mbit/s 1 Gbit/s 1 Gbit/s 1 Gbit/s
UAE (Dubai) × 500 Mbit/s 500 Mbit/s 500 Mbit/s 500 Mbit/s
The default black hole duration is 2.5 hours. During this period, blackholing is enabled and cannot be disabled. The actual black hole duration changes based on the type of attack, ranging from 30 minutes to 24 hours. The black hole duration is based on the following factors:
  • The duration of attacks: If attacks continue, the black hole duration is extended. The next black hole duration is set to zero and starts at the time when the last black hole duration is extended.
  • The frequency of attacks: If an asset experiences attacks for the first time, the black hole duration automatically decreases. Otherwise, assets that experience frequent attacks have a high probability to encounter continuous attacks. In such cases, the black hole duration is automatically extended.
Note If excessive breaches of the black hole threshold occur on an asset, Alibaba Cloud reserves the right to extend the black hole duration and decrease the black hole threshold for the asset. You can refer to the Anti-DDoS console for more details about the black hole triggering threshold and black hole duration.