Scenarios

Updated at:
Copy as MD

Anti-DDoS Native Enterprise protects your Alibaba Cloud resources against Layer 3 and Layer 4 distributed denial-of-service (DDoS) attacks. When attack traffic exceeds the default scrubbing threshold, traffic scrubbing starts automatically.

When to use Anti-DDoS Native Enterprise

Anti-DDoS Native Enterprise fits your needs if any of the following apply:

  • You need to protect Alibaba Cloud-hosted resources.

  • You need to protect a large number of public IP addresses.

  • Your services require high bandwidth or high queries per second (QPS).

  • Your services handle IPv6-based requests.

Recommended configurations by goal

Select a configuration based on what you need to defend against.

Goal Recommended configuration
Protect websites or apps against volumetric DDoS attacks (reflection attacks such as SSDP, NTP, and Memcached; UDP flood attacks; SYN flood attacks (large packets) and SYN flood attacks (small packets); connection flood attacks) Deploy Anti-DDoS Native Enterprise with Application Load Balancer (ALB), or with Classic Load Balancer (CLB) and Elastic Compute Service (ECS). Use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.
Protect websites against DDoS attacks, HTTP flood attacks, and web attacks Deploy Anti-DDoS Native Enterprise with Web Application Firewall (WAF). WAF defends against HTTP flood attacks and web attacks; Anti-DDoS Native Enterprise defends against DDoS attacks.
Protect game servers or UDP-based services against Tbit/s-level DDoS attacks Use Anti-DDoS Native Enterprise to protect your assets and IP addresses. For Tbit/s-level mitigation, use elastic IP addresses (EIPs) integrated with Anti-DDoS Proxy.