All Products
Search

This Product

    Global Accelerator:Anti-DDoS Basic

    Document Center

    Global Accelerator:Anti-DDoS Basic

    Last Updated:Dec 01, 2025

    A DDoS attack is a malicious network attack that targets a system to make its services unavailable to users. By default, Alibaba Cloud enables Anti-DDoS Basic free of charge for the accelerated IP addresses and public IP addresses of endpoint groups of Global Accelerator instances. This feature effectively prevents malicious attacks and improves the security and DDoS mitigation capability of Global Accelerator instances.

    How Anti-DDoS Basic works

    Mitigation capabilities

    Anti-DDoS Basic protects the accelerated IP addresses and public IP addresses of endpoint groups for Global Accelerator instances by default. Anti-DDoS Basic provides up to 5 Gbps of basic DDoS mitigation capability. The maximum free mitigation capability varies based on the region:

    • For more information about the default thresholds that trigger blackhole filtering for Anti-DDoS Basic in each region, see thresholds that trigger blackhole filtering in Anti-DDoS Basic.

    • The actual blackhole triggering threshold for a Global Accelerator instance depends on the region and bandwidth configuration. The value displayed on the Asset page prevails.

    How it works

    All traffic from the Internet must pass through the DDoS protection network before it reaches a Global Accelerator instance. The DDoS protection network monitors the traffic that enters the Global Accelerator instance in real time. When large amounts of traffic or unusual traffic, such as DDoS attacks, are detected, Anti-DDoS Basic redirects the suspicious traffic from the original network path to a scrubbing device without disrupting normal services. The device identifies and removes malicious traffic, and then forwards the legitimate traffic to the destination Global Accelerator instance. This process is called traffic scrubbing.

    Note

    If traffic from the Internet exceeds the DDoS mitigation capability, the traffic is routed to a blackhole to protect the entire cluster. In this case, all inbound traffic is blocked. For more information, see Alibaba Cloud blackhole filtering policy.

    Traffic scrubbing is triggered under the following conditions:

    • Traffic scrubbing is triggered if the traffic matches the features of an attack traffic model.

    • Anti-DDoS Basic automatically sets a scrubbing threshold based on the bandwidth of the accelerated IP address and the public IP address of the endpoint group of a Global Accelerator instance. When traffic volume reaches this threshold, traffic scrubbing starts, regardless of whether the traffic is normal service traffic.

    Traffic scrubbing methods include filtering attack messages, limiting traffic speed, and limiting packet speed. Anti-DDoS Basic uses the following scrubbing thresholds:

    • BPS scrubbing threshold: When the inbound traffic exceeds the BPS scrubbing threshold, traffic scrubbing is triggered.

    • PPS scrubbing threshold: When the number of inbound data packets exceeds the PPS scrubbing threshold, traffic scrubbing is triggered.

    Scrubbing thresholds

    The scrubbing thresholds for the accelerated IP addresses and public IP addresses of endpoint groups of a Global Accelerator instance are calculated as described in the following tables.

    Table 1. Maximum BPS scrubbing threshold

    IP bandwidth (Unit: Mbps)

    Maximum BPS scrubbing threshold (Unit: Mbps)

    ≤300

    450

    >300

    Bandwidth of the accelerated IP address × 1.5

    Table 2. Maximum PPS scrubbing threshold

    IP bandwidth (Unit: Mbps)

    Maximum PPS scrubbing threshold (Unit: pps)

    ≤100

    100,000

    >100

    Bandwidth of the accelerated IP address × 1,000

    The IP bandwidth is calculated as follows:

    • IP bandwidth of the accelerated IP address: the bandwidth value allocated to the acceleration area.

    • The bandwidth of the public IP address of the endpoint group depends on the billing method and bandwidth metering method of the Global Accelerator instance.

      Billing method

      Bandwidth metering method

      IP bandwidth

      Subscription

      Pay-by-bandwidth (bound to a basic bandwidth plan)

      Bandwidth of the public IP address of the endpoint group = Peak bandwidth of the basic bandwidth plan

      Pay-as-you-go

      Pay-by-data-transfer (unified settlement by CDT)

      1200 Mbps

    For example, assume that for a standard Global Accelerator instance, the bandwidth allocated to the acceleration area for an accelerated IP address is 100 Mbps, and the peak bandwidth of the associated basic bandwidth plan is 200 Mbps. In this case:

    • Mitigation threshold for the accelerated IP address: The maximum BPS scrubbing threshold is 450 Mbps, and the maximum PPS scrubbing threshold is 100,000.

    • Mitigation threshold for the public IP address of the endpoint group: The maximum BPS scrubbing threshold is 450 Mbps, and the maximum PPS scrubbing threshold is 200,000.

    View the mitigation thresholds of a Global Accelerator instance

    1. Log on to the GA console.

    2. On the Instances page, click the instance ID.

      Note

      To view the mitigation thresholds for a basic Global Accelerator instance, choose Basic Instance in the navigation pane on the left of the Global Accelerator console to open the basic Global Accelerator instance list page.

    3. Choose whether to view the mitigation thresholds for the accelerated IP address or the public IP address of the endpoint group of the Global Accelerator instance.

      Note

      The DDoS protection icon is color-coded to indicate the status, which can be Normal, Cleaning, or Black Hole Activated. You can view more details in the tooltip.

      View the mitigation thresholds of an accelerated IP address

      On the instance details page, click the Acceleration Areas tab, locate the destination accelerated IP address, and hover over the DDoS protection icon in the Accelerated IP Address or Security Protection column. In the tooltip that appears, you can view the BPS scrubbing threshold, PPS scrubbing threshold, and blackhole triggering threshold.

      View the mitigation thresholds of a public IP address of an endpoint group

      Mitigation thresholds for public IP addresses of endpoint groups apply only to standard Global Accelerator instances.

      1. On the instance details page, click the Listeners tab, and then click the listener ID that is associated with the destination public IP address of the endpoint group.

      2. On the listener details page, click the Endpoint Group tab. Find the public IP address of the target endpoint group and hover over the DDoS protection icon. The tooltip that appears displays the BPS scrubbing threshold, PPS scrubbing threshold, and black hole triggering threshold for the public IP address.

    Related operations

    • Set scrubbing thresholds: By default, Global Accelerator applies Anti-DDoS Basic protection based on the maximum threshold of the IP bandwidth. However, the maximum BPS scrubbing threshold for some IP bandwidths may be too high to provide optimal protection. Therefore, you may need to adjust the scrubbing threshold. For more information, see Set scrubbing thresholds.

    • Purchase other DDoS protection services: Anti-DDoS Basic provides only basic security protection. If you require a higher level of security protection, you can connect GA to Anti-DDoS Origin or Anti-DDoS Pro/Premium.