Anti-DDoS Origin Basic is activated by default. It provides a mitigation capability of up to 5 Gbit/s for your Alibaba Cloud assets to defend against DDoS attacks free of charge. This topic describes how to view the DDoS mitigation information about assets that belong to your Alibaba Cloud account and how to improve the DDoS mitigation capability of an asset. The assets are assigned public IP addresses.

Procedure

  1. Log on to the Traffic Security console.
  2. In the left-side navigation pane, click Assets.
  3. On the Assets page, view the description of DDoS attack mitigation or DDoS mitigation information about each asset.
    • In the DDoS Attack Protection Information section, you can perform the following operations:
      • Click Default Basic Protection Threshold to view default thresholds at which Anti-DDoS Origin Basic automatically triggers blackhole filtering in each region.
      • Click Blackholing to view the blackhole filtering policy of Alibaba Cloud.
      • Click Anti-DDoS Origin to go to the Manage Instances page. You can purchase Anti-DDoS Origin instances based on your business requirements. For more information, see Purchase an Anti-DDoS Origin Enterprise instance.
    • You can perform the following steps to view the DDoS mitigation information about each asset:
      1. Click the tab based on the type of assets that you want to view. For example, you can click ECS.
      2. In the asset list, view the DDoS mitigation information about each asset.
        Parameter Description
        IP/Remark The public IP address of an asset.

        You can click the public IP address of an asset to go to the IP Address Details panel. Then, you can view the traffic trends of the asset and the details of the events that occurred on the asset.

        IP Status The security status of an asset.
        Mitigation Capabilities The mitigation capability of an asset. The capability indicates the maximum bandwidth of DDoS attacks that can be mitigated.

        If the bandwidth that is consumed by DDoS attacks exceeds the mitigation capability of the asset, blackhole filtering is triggered for the asset. For more information about how to improve the mitigation capability of an asset, see Step 4.

        Cleaning Trigger Value The minimum bandwidth that must be reached before traffic scrubbing is triggered. The bandwidth is measured in Mbit/s and packets per second (PPS). For more information, see Configure a traffic scrubbing threshold.
  4. Improve the mitigation capability of an asset.
    If the mitigation capability of Anti-DDoS Origin Basic cannot meet your business requirements, you can use Anti-DDoS Origin Enterprise, Anti-DDoS Pro, or Anti-DDoS Premium based on your business scenarios. For more information, see Scenario-specific anti-DDoS solutions.
    • Use Anti-DDoS Origin Enterprise to protect an asset

      The following procedure describes how to use Anti-DDoS Origin Enterprise to protect an ECS instance. You can use this example as a reference for other types of assets.

      1. Select the public IP address of the ECS instance for which you want to protect on the ECS tab and click Add Anti-DDoS Origin.
      2. In the Anti-DDoS Origin panel, find the required instance and click Add in the Operation column. In the message that appears, click OK.
      Note If no Anti-DDoS Origin Enterprise instances exist, go to the buy page to purchase an instance. For more information, see Purchase an Anti-DDoS Origin Enterprise instance.
    • Use Anti-DDoS Pro or Anti-DDoS Premium

      In the left-side navigation pane, click Network Security. Then, click Anti-DDoS Pro or Anti-DDoS Premium to go to the related console. For information about the configurations of Anti-DDoS Pro or Anti-DDoS Premium, see Overview.