By default, Anti-DDoS Origin provides free basic protection for your assets that are
deployed on Alibaba Cloud. The assets include the public IP addresses of Elastic Compute
Service (ECS) instances, public IP addresses of Server Load Balancer (SLB) instances,
and elastic IP addresses (EIPs). Basic protection can be used to mitigate DDoS attacks
of up to 5 Gbit/s. If the service traffic of an asset exceeds the normal service traffic,
Anti-DDoS Origin scrubs the attack traffic to ensure service availability. This topic
describes how to configure a traffic scrubbing threshold.
Background information
Anti-DDoS Origin uses artificial intelligence (AI) to analyze and scrub attack traffic.
You can configure a traffic scrubbing threshold based on your normal service traffic.
Then, Anti-DDoS Origin uses the big data capabilities provided by Alibaba Cloud to
learn the normal service traffic and uses algorithms to identify DDoS attacks.
Anti-DDoS Origin scrubs attack traffic only when Anti-DDoS Origin identifies DDoS
attacks and the attack traffic reaches the traffic scrubbing threshold that you configure.
This prevents traffic scrubbing by mistake due to a fixed traffic scrubbing threshold.
For example, if your normal service traffic fluctuates and exceeds the fixed traffic
scrubbing threshold, traffic scrubbing may be triggered by mistake.
Procedure
- Log on to the Traffic Security console.
- In the left-side navigation pane, click Assets.
- In the top navigation bar, select the region of your asset.
- Click the ECS, SLB, or EIP (including NAT)) tab and select an asset for which you want to configure a traffic scrubbing threshold.
Note On the
Others tab, you can configure on-demand Anti-DDoS Origin instances. You cannot configure
traffic scrubbing on this tab. For more information about on-demand Anti-DDoS Origin
instances, see
Enable traffic rerouting to an on-demand instance.
- In the IP address list, click the IP address for which you want to configure a traffic
scrubbing threshold in the IP/Remark column.

- In the Instance Details panel, click Cleaning Settings.

- In the Cleaning Settings panel, specify Cleaning threshold for the IP address.
You can set Cleaning threshold to one of the following values to configure a traffic
scrubbing threshold:
- Default: Anti-DDoS Origin adjusts the traffic scrubbing threshold based on the throughput
of your ECS instance.
- Manual setting: You can select a specific threshold that includes Traffic and Packets per Second.
Note If DDoS attacks are detected, or the throughput or the packets per second (pps) reaches
the selected threshold, traffic scrubbing is triggered.
If you select Manual setting, take note of the following items:
- Configure a traffic scrubbing threshold that is slightly greater than the actual throughput
and pps. If the threshold is significantly greater than the actual throughput or pps,
the protection effect is compromised. If the threshold is significantly less than
the actual throughput or pps, normal traffic may be scrubbed.
- If normal traffic is scrubbed, we recommend that you increase the traffic scrubbing
threshold.
- During large promotions or activities for a website, we recommend that you increase
the traffic scrubbing threshold.
- Click OK.