By default, Anti-DDoS Basic is activated, once the ECS instance is created. This service includes flow cleaning and black hole triggering.
The flow cleaning service consists of three units: detecting center, cleaning center, and centralized management center.
The detecting center monitors data traffic flowing into the ECS instance, and identifies abnormal traffic in a timely manner, such as DDoS attack. When an abnormity is detected, the management center guides the cleaning center to clean suspicious traffic based on the traffic diversion policy. Malicious traffic is removed, while legitimate traffic is returned to the original instance. This guarantees that only the legitimate traffic is forwarded to the target system.
When the attack traffic exceeds the default traffic threshold, the black hole triggering service automatically triggers a black hole. The threshold varies from regions and CPU configurations. For more information about default settings of different regions, see Anti-DDoS Basic black hole threshold.
The black hole causes traffic to be restricted for a period of time (2.5 hours by default), depending on attack status. Meanwhile, the flow cleaning service comes into effect.
The black hole duration keeps extending, if the attack continues. In addition, the black hole state cannot be manually deactivated. You must patiently wait for the system to auto unban the server.
To meet your urgent requirements for service recovery, you can use