Anti-DDoS Origin Enterprise protects your resources against Layer 3 and Layer 4 distributed denial-of-service (DDoS) attacks. When the bandwidth consumed by DDoS attacks exceeds the default scrubbing threshold that is predefined in Anti-DDoS Origin Enterprise, traffic scrubbing is automatically triggered to protect against DDoS attacks.

Overview

Anti-DDoS Origin Enterprise is suitable for large-scale services that are deployed on Alibaba Cloud and require high network quality. The risk of your services being exposed to DDoS attacks is low. However, if a DDoS attack occurs, it can cause you to suffer service interruptions and significant economic losses. Anti-DDoS Origin Enterprise delivers high protection capabilities against DDoS attacks and reduces potential risks at minimal cost. Anti-DDoS Origin Enterprise is suitable for the following scenarios:

  • The resources are deployed on Alibaba Cloud.
  • A large number of public IP addresses need to be protected.
  • The services require high bandwidth or have high queries per second (QPS).
  • IPv6-based requests exist.

Attack types

Attack type Security specification (recommended)
Reflection attacks such as Simple Service Discovery Protocol (SSDP), Network Time Protocol (NTP), and Memcached attacks.

We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS).You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.

UDP flood attacks
SYN flood attacks (large packets)
SYN flood attacks (small packets)
Connection flood attacks
HTTP flood attacks

We recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF) to use WAF to defend against HTTP flood attacks and use Anti-DDoS Origin Enterprise to defend against DDoS attacks.

Web attacks

Business scenarios

Service type Security specification (recommended)
Websites
  • To protect your website against just DDoS attacks:

    We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS).You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.

  • To protect your website against DDoS attacks, HTTP flood attacks, and web attacks:

    We recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF) to use WAF to defend against HTTP flood attacks and use Anti-DDoS Origin Enterprise to defend against DDoS attacks.

Games We recommend that you use Anti-DDoS Origin Enterprise to protect your assets and IP addresses. You can use EIPs integrated with Anti-DDoS Pro/Premium to mitigate DDoS attacks at the Tbit/s level.
UDP-based services
Apps

We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS).You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.