When the public IP of an ECS or SLB instance is under a massive DDoS attack, and its traffic exceeds the corresponding black hole threshold, the IP is then black-holed, which leads to server unavailability.
Note: The black hole threshold values of instances may vary across regions. For more information, see Alibaba Cloud black hole policies.
In this situation, you can view the duration and know the reason as to why the IP was black-holed in the Alibaba Cloud Anti-DDoS Basic console.
Procedure
Log on to Anti-DDoS Basic console.
Select the region.
Select ECS, Server Load Balancer, or EIP (including NAT), and locate the instance IP. The Status column of the instance is displayed as black hole at this time.
Click View details, to view the duration time and reason for this black hole event.