In most cases, Anti-DDoS Origin protects your resources against Layer-3 and Layer-4 volume-based attacks. When the traffic exceeds the default cleaning threshold that is predefined in Anti-DDoS Origin, traffic cleaning is automatically triggered to protect against distributed denial of service (DDoS) attacks.

Overview

Anti-DDoS Origin is applicable to applications that are deployed on Alibaba Cloud. It meets the requirements for you when your business size is big and you are sensitive to network quality. You have low possibility of exposure to DDoS attacks. However, you may suffer significant economic losses when disruption or compromised response time of services occurs due to DDoS attacks. Anti-DDoS Origin allows you to improve protection capacity against DDoS attacks at a minimum cost. It also reduces the potential risk of DDoS attacks that target your services. Anti-DDoS Origin is applicable to the following resources:

  • Resources that reside in Alibaba Cloud.
  • A large number of public IP addresses.
  • Services that require high business bandwidth or queries per second (QPS).
  • IPv6-based incoming requests.

Evaluate applicability based on the attack type

The following table provides a list of DDoS attack types and indicates whether Anti-DDoS Origin is applicable to each type.

Attack type Applicable Security specification (recommended)
Reflection attacks such as simple service discovery protocol (SSDP), network time protocol (NTP), and Memcached attacks. Yes

We recommend that you include a deployment method that integrates Anti-DDoS Origin, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.

UDP flood attacks Yes
SYN flood attacks (large packets) Yes
SYN flood attacks (small packets) Yes, but the protection is limited. We recommend that you use Anti-DDoS Pro.
Connection flood attacks No

We recommend that you use Anti-DDoS Pro or GameShield.

HTTP flood attacks No

We recommend that you integrate Anti-DDoS Origin with Web Application Firewall (WAF). To obtain effective protection, you can use Web Application Firewall to defense against HTTP flood attacks, while using Anti-DDoS Origin to defense against volume-based attacks.

Web attacks No

Evaluate applicability by the business type

The following table provides a list of business types and indicates whether Anti-DDoS Origin is applicable to each business type.

Business type Applicable Security specification (recommended)
Websites Yes

We recommend that you include a deployment method that integrates Anti-DDoS Origin, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.

For HTTP flood attacks and web attacks:

We recommend that you integrate Anti-DDoS Origin with Web Application Firewall (WAF). To obtain effective protection, you can use Web Application Firewall to defense against HTTP flood attacks, while using Anti-DDoS Origin to defense against volume-based attacks.

Games No We recommend that you use GameShield.
UDP-based services No

We recommend that you use Anti-DDoS Pro or GameShield.

Apps Yes

We recommend that you include a deployment method that integrates Anti-DDoS Origin, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.