Help Center/ Anti-DDoS Service/ FAQs/ General FAQs/ What Is the Black Hole Policy of HUAWEI CLOUD?
Updated on 2025-07-14 GMT+08:00

What Is the Black Hole Policy of HUAWEI CLOUD?

To protect the usability of Huawei Cloud services in general, if the attack traffic on the cloud server exceeds the threshold, a black hole will be triggered to block all accesses from the Internet for a certain period of time.

What Is a Blackhole?

A black hole refers to a situation where access to a cloud server is blocked by Huawei Cloud because attack traffic targeting a cloud server exceeds a certain threshold.

Why Is the Blackhole Policy Required?

DDoS attacks will interrupt user services and cause adverse impacts on the AAD data center. Defense against DDoS attacks is costly on bandwidth consumption.

Bandwidth is purchased by Huawei Cloud from carriers, and those carriers bill for bandwidth even if it was part of DDoS attack. Huawei Cloud provides Cloud Native Anti-DDoS Basic (Anti-DDoS) for free to protect your resources against DDoS attacks below a certain threshold, but if an attack exceeds a certain size, we will route the traffic to a blackhole.

How Do I Deactivate a Blackhole?

After a blackhole is executed, Huawei Cloud continuously monitors the DDoS attack status. After the attack ends, Huawei Cloud automatically removes the blackhole from the ECS and restores Internet access.

When a server (ECS) enters is put in the blackhole, you handle it by referring to Table 1.

Table 1 Black hole deactivation methods

Anti-DDoS Edition

Deactivation Policy

Deactivation Method

Cloud Native Anti-DDoS Basic (Anti-DDoS)

NOTE:

Anti-DDoS is enabled by default.

  • The blackhole is automatically removed after the traffic enters the blackhole for 24 hours.
  • If the system detects that the attack has not stopped, and attack traffic is still exceeding the configured threshold, the access will be blocked again.

You need to wait until the system deactivates it automatically.

Cloud Native Anti-DDoS Pro

  • The blackhole is automatically removed after the traffic enters the blackhole for 24 hours.
  • If the system detects that the attack has not stopped, and attack traffic is still exceeding the configured threshold, the access will be blocked again.

You need to wait until the system deactivates it automatically.

Advanced Anti-DDoS

The default blackhole duration is 30 minutes.

You need to wait until the system deactivates it automatically.