Distributed Denial of Service (DDoS) attack is a malicious network attack against the target system, which can make the attacked network inaccessible. Alibaba Cloud provides up to 5 Gbit/s of basic anti-DDoS protection for NAT Gateway, which can efficiently prevent DDoS attack.
How Anti-DDoS Basic works
After you enable Anti-DDos Basic, all traffic from the Internet must first pass through Alibaba Cloud Security before arriving at NAT Gateway. Anti-DDoS Basic scrubs and filters common DDoS attacks at Alibaba Cloud Security. Anti-DDos Basic protects your services against attacks such as SYN flood, UDP flood, ACK flood, ICMP flood, and DNS Query flood.
- Scrubbing: When the attack traffic from the Internet exceeds the scrubbing threshold or matches certain attack traffic pattern, Alibaba Cloud Security starts scrubbing the attack traffic. The scrubbing includes packet filtering, bandwidth capping, and traffic throttling.
- Blackholing: When the attack traffic from the Internet exceeds the black hole triggering threshold, blackholing is triggered and all inbound traffic is dropped.
Scrubbing threshold
EIP bandwidth | Traffic scrubbing threshold (bits/s) | Traffic scrubbing threshold (packets/s) | Default black hole triggering threshold |
---|---|---|---|
Lower than or equal to 800 Mbit/s | 800Mbps | 120,000 | 1.5 Gbps |
Higher than 800 Mbit/s | Predefined bandwidth | Predefined bandwidth × 150 | Predefined bandwidth × 2 |
If the EIP bandwidth is 1,000 Mbit/s, the traffic scrubbing threshold (bits/s) is 1,000 Mbit/s, the traffic scrubbing threshold (packets/s) is 150,000 and the default blackholing threshold is 2 Gbit/s.