Help Center/ Anti-DDoS Service/ FAQs/ General FAQs/ What Is the Black Hole Policy of HUAWEI CLOUD?

Updated on 2025-07-14 GMT+08:00

View PDF

What Is the Black Hole Policy of HUAWEI CLOUD?

To protect the usability of Huawei Cloud services in general, if the attack traffic on the cloud server exceeds the threshold, a black hole will be triggered to block all accesses from the Internet for a certain period of time.

What Is a Blackhole?

A black hole refers to a situation where access to a cloud server is blocked by Huawei Cloud because attack traffic targeting a cloud server exceeds a certain threshold.

Why Is the Blackhole Policy Required?

DDoS attacks will interrupt user services and cause adverse impacts on the AAD data center. Defense against DDoS attacks is costly on bandwidth consumption.

Bandwidth is purchased by Huawei Cloud from carriers, and those carriers bill for bandwidth even if it was part of DDoS attack. Huawei Cloud provides Cloud Native Anti-DDoS Basic (Anti-DDoS) for free to protect your resources against DDoS attacks below a certain threshold, but if an attack exceeds a certain size, we will route the traffic to a blackhole.

How Do I Deactivate a Blackhole?

After a blackhole is executed, Huawei Cloud continuously monitors the DDoS attack status. After the attack ends, Huawei Cloud automatically removes the blackhole from the ECS and restores Internet access.

When a server (ECS) enters is put in the blackhole, you handle it by referring to Table 1.

**Table 1** Black hole deactivation methods
Anti-DDoS Edition	Deactivation Policy	Deactivation Method
Cloud Native Anti-DDoS Basic (Anti-DDoS) NOTE: Anti-DDoS is enabled by default.	The blackhole is automatically removed after the traffic enters the blackhole for 24 hours. If the system detects that the attack has not stopped, and attack traffic is still exceeding the configured threshold, the access will be blocked again.	You need to wait until the system deactivates it automatically.
Cloud Native Anti-DDoS Pro	The blackhole is automatically removed after the traffic enters the blackhole for 24 hours. If the system detects that the attack has not stopped, and attack traffic is still exceeding the configured threshold, the access will be blocked again.	You need to wait until the system deactivates it automatically.
Advanced Anti-DDoS	The default blackhole duration is 30 minutes.	You need to wait until the system deactivates it automatically.

Parent topic: General FAQs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot