DDoS attacks are cyber attacks against targeted systems that make services unavailable to users. By default, Anti-DDoS Origin Basic protects the accelerated IP addresses and endpoint group IP addresses of Global Accelerator instances against DDoS attacks free of charge. This feature helps improve the mitigation capabilities and the security of your Global Accelerator instances.
How Anti-DDoS Origin Basic works
Mitigation capabilities
By default, Anti-DDoS Origin Basic is enabled for the accelerated IP addresses and endpoint group IP addresses of Global Accelerator instances. Anti-DDoS Origin Basic provides a mitigation capability of up to 5 Gbit/s. The mitigation capacity varies based on the region:
For more information about the default thresholds that trigger blackhole filtering in Anti-DDoS Origin Basic in each region, see View blackhole filtering thresholds in Anti-DDoS Origin Basic.
The actual blackhole filtering threshold of a Global Accelerator instance varies based on the region and bandwidth configuration. You can view the actual threshold on the Assets page of the Traffic Security console.
How Anti-DDoS Origin Basic works
Anti-DDoS Origin Basic monitors traffic to Global Accelerator instances in real time. All traffic from the Internet must pass through Anti-DDoS Origin Basic before the traffic reaches a Global Accelerator instance. When a large amount of traffic or suspicious traffic, such as DDoS attack traffic, is detected, Anti-DDoS Origin Basic redirects traffic from the destination network to a scrubbing device. The scrubbing device identifies and mitigates malicious traffic and forwards legitimate traffic to the destination network and then to Global Accelerator instances. This process is called traffic scrubbing. For more information, see What is Anti-DDoS Origin?
If the amount of Internet traffic to a cluster exceeds the capacity of Anti-DDoS, the traffic is routed to a blackhole to protect the cluster. In this case, all traffic is blocked. For more information, see Blackhole filtering policy of Alibaba Cloud.
To trigger traffic scrubbing, the following conditions must be met:
Traffic patterns. If traffic patterns match the patterns of attack traffic, traffic scrubbing is triggered.
Traffic amounts. Anti-DDoS Origin Basic automatically sets scrubbing thresholds based on the bandwidth of the accelerated IP addresses and endpoint group IP addresses of a GA instance. When traffic reaches a threshold, Anti-DDoS Origin Basic scrubs traffic regardless of whether the traffic is considered attack traffic.
The methods of traffic scrubbing include attack packet filtering, bandwidth throttling, and packet throttling. The following scrubbing thresholds are provided by Anti-DDoS Origin Basic:
Scrubbing threshold based on bits per second (BPS): When the amount of inbound traffic per second exceeds this value, scrubbing is triggered.
Scrubbing threshold based on packets per second (PPS): When the number of inbound packets per second exceeds this value, scrubbing is triggered.
Scrubbing threshold
The following table describes the methods that are used to calculate the traffic scrubbing thresholds for the accelerated IP addresses and endpoint group IP addresses of a Global Accelerator instance.
IP address bandwidth (Unit: Mbit/s) | Maximum BPS-based scrubbing threshold (Unit: Mbit/s) |
≤ 300 | 450 |
> 300 | Bandwidth of the accelerated IP address × 1.5 |
IP address bandwidth (Unit: Mbit/s) | Maximum PPS-based scrubbing threshold (Unit: packets per second) |
≤ 100 | 100,000 |
> 100 | Bandwidth of the accelerated IP address × 1,000 |
The IP address bandwidth is calculated by using the following formula:
Bandwidth of the accelerated IP address: the bandwidth allocated to the acceleration region.
Bandwidth of the endpoint group IP address: varies based on the billing method and bandwidth metering method of the Global Accelerator instance.
Billing method
Bandwidth metering method
IP address bandwidth
Subscription
Pay-by-data-transfer (managed by CDT)
Bandwidth of the endpoint group IP address = Maximum bandwidth supported by the GA instance
Pay-by-bandwidth (associated with a basic bandwidth plan)
Bandwidth of the endpoint group IP address = Maximum bandwidth of the basic bandwidth plan
Pay-as-you-go
Pay-by-data-transfer (managed by CDT)
1200 Mbps
For example, the bandwidth allocated to the acceleration region to which an accelerated IP address of a standard Global Accelerator instance belongs is 100 Mbit/s, and the maximum bandwidth of the basic bandwidth plan associated with the GA instance is 200 Mbit/s. The following section describes the scrubbing thresholds for accelerated IP addresses and endpoint group IP addresses.
Accelerated IP address: The maximum BPS-based scrubbing threshold is 450 Mbit/s and the maximum PPS-based scrubbing threshold is 100,000 packets per second.
Endpoint group IP address: The maximum BPS-based scrubbing threshold is 450 Mbit/s, and the maximum PPS-based scrubbing threshold is 200,000 packets per second.
View the protection thresholds of a Global Accelerator instance
Log on to the GA console.
On the Instances page, find the instance that you want to manage, and click the ID of the instance.
NoteIf you want to view the protection thresholds of a basic Global Accelerator instance, select Basic Instance in the left-side navigation pane to go to the Global Accelerator page.
You can view the protection thresholds of accelerated IP addresses or endpoint group IP addresses of Global Accelerator instances.
NoteAnti-DDoS Origin Basic can be in one of the following states: Protected, Cleaning, and Blackhole. The Anti-DDoS Origin Basic icon is displayed in different colors based on the state. The information can be viewed in the tooltip that appears.
View the protection thresholds of accelerated IP addresses
On the instance details page, click the Acceleration Areas tab. Find the accelerated IP address that you want to view and move the pointer over the Anti-DDoS Origin Basic icon in the Accelerated IP Address column or Security Protection column. In the tooltip that appears, you can view the BPS-based scrubbing threshold, PPS-based scrubbing threshold, and blackhole filtering threshold of the accelerated IP address.
View the protection thresholds of endpoint group IP addresses
Only standard Global Accelerator instances support protection thresholds for endpoint group IP addresses.
On the instance details page, click the Listeners tab, and then click the ID of the listener to which the endpoint group IP address belongs.
On the listener details page, click the Endpoint Group tab. Find the endpoint group IP address that you want to manage and move the pointer over the Anti-DDoS Origin Basic icon. In the tooltip that appears, you can view the BPS-based scrubbing threshold, PPS-based scrubbing threshold, and blackhole filtering threshold of the endpoint group IP address.
References
Specify a traffic scrubbing threshold: Anti-DDoS Origin Basic protects Global Accelerator instances by using the maximum thresholds that are calculated by using the IP address bandwidth. The maximum BPS-based scrubbing thresholds of specific IP addresses may be too high to trigger protection. You can adjust the traffic scrubbing thresholds based on your business requirements. For more information, see Specify a traffic scrubbing threshold.
Purchase other Anti-DDoS services: Anti-DDoS Origin Basic provides only basic protection. If you require additional protection, you can purchase Anti-DDoS Origin Enterprise or Anti-DDoS Pro/Premium. For more information, see Purchase an Anti-DDoS Origin Enterprise instance and Purchase an Anti-DDoS Pro/Premium instance.