Distributed Denial of Service (DDoS) attack is a malicious network attack against the target system, which can make the attacked network inaccessible. Alibaba Cloud provides up to 5 Gbit/s of basic anti-DDoS protection for NAT Gateway, which can efficiently prevent DDoS attack.

How Anti-DDoS Basic works

After you enable Anti-DDos Basic, all traffic from the Internet must first pass through Alibaba Cloud Security before arriving at NAT Gateway. Anti-DDoS Basic scrubs and filters common DDoS attacks at Alibaba Cloud Security. Anti-DDos Basic protects your services against attacks such as SYN flood, UDP flood, ACK flood, ICMP flood, and DNS Query flood.

Anti-DDoS Basic sets the scrubbing threshold and black hole triggering threshold based on the EIP bandwidth of NAT Gateway. When the inbound traffic reaches the threshold, scrubbing or blackholing is triggered:
  • Scrubbing: When the attack traffic from the Internet exceeds the scrubbing threshold or matches certain attack traffic pattern, Alibaba Cloud Security starts scrubbing the attack traffic. The scrubbing includes packet filtering, bandwidth capping, and traffic throttling.
  • Blackholing: When the attack traffic from the Internet exceeds the black hole triggering threshold, blackholing is triggered and all inbound traffic is dropped.

Scrubbing threshold

The thresholds for triggering traffic scrubbing and blackholing on NAT Gateway are calculated as described in the following table:
EIP bandwidth Traffic scrubbing threshold (bits/s) Traffic scrubbing threshold (packets/s) Default black hole triggering threshold
Lower than or equal to 800 Mbit/s 800Mbps 120,000 1.5 Gbps
Higher than 800 Mbit/s Predefined bandwidth Predefined bandwidth × 150 Predefined bandwidth × 2

If the EIP bandwidth is 1,000 Mbit/s, the traffic scrubbing threshold (bits/s) is 1,000 Mbit/s, the traffic scrubbing threshold (packets/s) is 150,000 and the default blackholing threshold is 2 Gbit/s.