Alibaba Cloud provides you with various DDoS mitigation solutions. You can select an appropriate solution based on your business requirements. This topic describes the DDoS mitigation solutions and application scenarios.

The DDoS mitigation solutions include Anti-DDoS Origin Basic, Anti-DDoS Origin Enterprise, Anti-DDoS Pro, Anti-DDoS Premium, and GameShield. Anti-DDoS Origin Basic is provided free of charge. The following table describes these solutions.

Note If you want a customized security solution, contact pre-sales customer service to consult Alibaba Cloud security architects.
Solution Overview Scenario Mitigation capability
Anti-DDoS Origin Basic Anti-DDoS Origin Basic can defend against up to 5 Gbit/s of DDoS attacks free of charge for the public IP address of an Alibaba Cloud asset. The asset can be an Elastic Compute Service (ECS) instance, Server Load Balancer (SLB) instance, Elastic IP Address (EIP), EIP that is associated with a NAT gateway, simple application server, or Web Application Firewall (WAF) instance. Business that has basic requirements on security. Anti-DDoS Origin Basic is automatically enabled after you purchase an Alibaba Cloud service. We recommend that you use other security solutions for additional protection if your business has higher requirements on security. The maximum mitigation capability is 5 Gbit/s.

For more information, see Editions.

Anti-DDoS Origin Enterprise Anti-DDoS Origin Enterprise improves the mitigation capability for an Alibaba Cloud asset. The asset can be an ECS instance, SLB instance, EIP, EIP that is associated with a NAT gateway, simple application server, or WAF instance.

You can apply the mitigation capability of Anti-DDoS Origin Enterprise to Alibaba Cloud assets with a simple configuration.

  • Business that is latency-sensitive, such as live video streaming and live Q&A.
  • Business whose ports, domain names, and IP addresses are frequently attacked.
Anti-DDoS Origin Enterprise provides best effort protection. For more information, see unlimited protection.
Anti-DDoS Pro and Anti-DDoS Premium Anti-DDoS Pro and Anti-DDoS Premium protect servers on the Internet against volumetric DDoS attacks. These servers may be deployed on Alibaba Cloud or provided by a third party.

After the configuration, traffic that is destined for your origin server is forwarded to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. Only service traffic is forwarded to the origin server. This ensures the stability and reliability of the origin server.

  • Financial, e-commerce, and portal websites.
  • Internet egresses of the networks, portals, and open platforms that belong to public sectors.
  • Important live streaming and sales promotions.
  • Business that encounters attacks from competitors and ransom-driven attacks.
  • Apps that encounter spam user registration, brushing, and fraudulent traffic.
GameShield GameShield protects against DDoS attacks and HTTP flood attacks in the gaming industry.

Similar to Anti-DDoS Pro and Anti-DDoS Premium, GameShield can defend against Tbit/s-level DDoS attacks. GameShield can also defend against TCP-based HTTP flood attacks that are specific to the gaming industry.

  • Gaming services for which bandwidth resources are exhausted by volumetric DDoS attacks.
  • Gaming services that are frequently attacked by large numbers of bots.
GameShield provides Tbit/s of mitigation capability.