Anti-DDoS Origin is a protection service that improves protection capacity against distributed denial of service (DDoS) attacks for resources. These resources include Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, Elastic IP (EIP) instances, and Web Application Firewall (WAF) assets. Compared with Anti-DDoS Pro, Anti-DDoS Origin attaches protection capacity to cloud services and imposes no limit. You do not need to change the IP addresses of resources to be protected. These limits include the number of Layer-4 ports and the number of Layer-7 domain names. Anti-DDoS Origin is easy to deploy. You need to only bind the IP of a resource to be protected with Anti-DDoS Origin. The protection for the resource takes effect within a few minutes.

Benefits

Anti-DDoS Origin provides the following benefits:
  • Supports the out-of-the-box purchase. Supports quick deployment within one minute. Anti-DDoS Origin attaches protection capacity to cloud services in a direct manner, which eliminates the need to deploy and switch IP addresses.
  • Provides scalable protection capacity. When you experience large-scale DDoS attacks, Anti-DDoS Origin uses all resources that reside in a region to provide unlimited protection.
  • Adopts Alibaba Cloud Border Gateway Protocol (BGP) bandwidth resources across China Telecom, China Unicom, China Mobile, CERNET, Great Wall Broadband, and other Internet Service Providers (ISPs). Only one IP address is needed to obtain fast access to the networks of the preceding ISPs.
  • Provides protection bandwidth as needed to ensure business continuity and security in various scenarios. These scenarios include big promotions, event releases, and important services.
  • Supports multiple IP addresses sharing protection capacity. This allows you to enhance protection for multiple IP addresses.
  • IPv6-based protection is supported in multiple regions. For more information, see Black hole triggering thresholds in Anit-DDoS Basic.

Protection plan

Anti-DDoS Origin provides Basic and Enterprise protection plans.
  • Anti-DDoS Origin Basic provides free protection for public IP addresses of Alibaba Cloud resources. Anti-DDoS Origin Basic provides protection capacity of up to 5 Gbit/s.
  • Anti-DDoS Origin Enterprise provides protection for public IP addresses of Alibaba Cloud resources after you activate the service. These resources include Elastic Compute Service (ECS) instances, Server Load Balancer instances, Elastic IP (EIP) instances, and Web Application Firewall (WAF) assets. Anti-DDoS Origin Enterprise provides basic protection capacity of up to 20 Gbit/s and shared unlimited protection. Unlimited protection mitigates DDoS attacks. The capacity of unlimited protection is based on the number of resources of an anti-DDoS cluster. The capacity of unlimited protection increases when the overall network capacity of Alibaba Cloud increases. You do not need to pay extra expenses for the capacity increase.

    For more information about the pricing structure of Anti-DDoS Origin, see Billing methods.

Limits

Available regions where you can create an Anti-DDoS Origin Enterprise instance include China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou-Beijing Winter Olympics), China (Hohhot), and China (Shenzhen).

After the request for activation is approved, you can activate Anti-DDoS Origin Enterprise in the following regions: China (Hong Kong), US (Silicon Valley), Singapore, and US (Virginia).