The Assets page in the Traffic Security console displays DDoS mitigation information for all public IP addresses in your Alibaba Cloud account. Use this page to check protection status, review mitigation capabilities, and upgrade protection.
Prerequisites
Before you begin, ensure that you have:
An Alibaba Cloud account with at least one asset that has a public IP address, such as an Elastic Compute Service (ECS) instance
Access to the Traffic Security console
View DDoS mitigation information
Log on to the Traffic Security console.
In the left-side navigation pane, click Assets.
In the Description of DDoS Attack Mitigation section at the top of the page, click any of the following links for more information:
Link Description Default Basic Mitigation Threshold View the default thresholds at which Anti-DDoS Origin Basic triggers blackhole filtering in each region. Blackhole View the blackhole filtering policy of Alibaba Cloud. Anti-DDoS Origin Open the Handle Now panel to purchase Anti-DDoS Origin instances. Click the tab for the asset type you want to inspect, such as the ECS tab.
Review the DDoS mitigation information for each asset. The following table describes the columns.
Asset list columns
| Column | Description |
|---|---|
| IP | The public IP address of the asset. Click the IP address to view traffic trends. |
| IP Status | The security status of the asset. Values: Normal, Cleaning (you can cancel traffic scrubbing; see Cancel traffic cleaning), and Black Hole Activated (you can view blackhole filtering events; see View information about blackhole filtering events). |
| Mitigation Capabilities | The maximum bandwidth of DDoS attacks that can be mitigated. If the bandwidth consumed by DDoS attacks exceeds the mitigation capability of the asset, blackhole filtering is triggered. |
| Traffic Scrubbing Threshold | The minimum bandwidth (in Mbit/s and PPS) at which traffic scrubbing is triggered. For more information, see Configure traffic scrubbing thresholds. |
Improve mitigation capability
If Anti-DDoS Origin Basic does not meet your requirements, you can use Anti-DDoS Origin of a paid edition, Anti-DDoS Pro, or Anti-DDoS Premium. For more information, see Scenario-specific anti-DDoS solutions.
Use Anti-DDoS Origin (paid edition)
The following example shows how to protect an ECS instance. The same procedure applies to other asset types.
On the Assets page, click the ECS tab.
Select the public IP address of the ECS instance, then click Enable Anti-DDoS Origin.
In the Anti-DDoS Origin Instances of Paid Editions panel, find the instance and click Add in the Actions column.
In the confirmation message, click OK.
If no Anti-DDoS Origin instances of paid editions exist, purchase one first. For more information, see Purchase an Anti-DDoS Origin instance of a paid edition.
Use Anti-DDoS Pro or Anti-DDoS Premium
In the left-side navigation pane, click Network Security.
Click Anti-DDoS Proxy (Chinese Mainland) for Anti-DDoS Pro, or click Anti-DDoS Proxy (Outside Chinese Mainland) for Anti-DDoS Premium.
Configure protection for your services. For detailed steps, see Protect website services.