Anti-DDoS Origin Enterprise protects your resources against Layer 3 and Layer 4 traffic-based attacks. When the traffic exceeds the default scrubbing threshold that is predefined in Anti-DDoS Origin Enterprise, traffic scrubbing is automatically triggered to protect against distributed denial-of-service (DDoS) attacks.

Overview

Anti-DDoS Origin Enterprise is suitable for applications that are deployed on Alibaba Cloud. It meets the requirements for you when your business size is big and you are sensitive to network quality. You have low possibility of exposure to DDoS attacks. However, you may suffer significant economic losses if disruption or compromised response time of services occurs due to DDoS attacks. Anti-DDoS Origin Enterprise allows you to improve protection capacity against DDoS attacks at a minimum cost. It also reduces the potential risk of DDoS attacks that target your services. Anti-DDoS Origin Enterprise is suitable for the following resources:

  • Resources that reside in Alibaba Cloud.
  • A large number of public IP addresses.
  • Services that require high business bandwidth or queries per second (QPS).
  • IPv6-based incoming requests.

Evaluate applicability based on the attack type

The following table provides a list of DDoS attack types and indicates whether Anti-DDoS Origin Enterprise is suitable for each type.

Attack type Applicable Security specification (recommended)
Reflection attacks such as Simple Service Discovery Protocol (SSDP), Network Time Protocol (NTP), and Memcached attacks. Yes

We recommend that you include a deployment method that integrates Anti-DDoS Origin Enterprise, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.

UDP flood attacks Yes
SYN flood attacks (large packets) Yes
SYN flood attacks (small packets) Yes, but the protection is limited We recommend that you use Anti-DDoS Pro and Anti-DDoS Premium.
Connection flood attacks No

We recommend that you use Anti-DDoS Pro and Anti-DDoS Premium or GameShield.

HTTP flood attacks No

While you are using Anti-DDoS Origin Enterprise to defend against traffic-based attacks, we recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF). To obtain effective protection, you can use WAF to defend against HTTP flood attacks.

Web attacks No

Evaluate applicability based on the business type

The following table provides a list of business types and indicates whether Anti-DDoS Origin Enterprise is suitable for each business type.

Service type Applicable Security specification (recommended)
Websites Yes
  • If your websites may encounter DDoS attacks:

    We recommend that you include a deployment method that integrates Anti-DDoS Origin Enterprise, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.

  • If your websites may encounter DDoS attacks, HTTP flood attacks, or web attacks:

    While you are using Anti-DDoS Origin Enterprise to defend against traffic-based attacks, we recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF). To obtain effective protection, you can use WAF to defend against HTTP flood attacks.

Games No We recommend that you use GameShield.
UDP-based services No

We recommend that you use Anti-DDoS Pro and Anti-DDoS Premium or GameShield.

Apps Yes

We recommend that you include a deployment method that integrates Anti-DDoS Origin Enterprise, Server Load Balancer (SLB), and Elastic Compute Service (ECS). To obtain effective protection, you can use Server Load Balancer to drop inbound traffic from a port on which you do not configure a listener.