Anti-DDoS Pro and Anti-DDoS Premium both provide Sec-Traffic Manager for you to configure rules on the interaction between them and the protected cloud services. You can configure rules for Anti-DDoS Pro or Anti-DDoS Premium. These rules take effect only in specific scenarios. This feature ensures service continuity and provides protection against distributed denial-of-service (DDoS) attacks. Sec-Traffic Manager provides features such as cloud service interaction, tiered protection, Content Delivery Network (CDN) interaction, Dynamic Route for CDN (DCDN) interaction, network acceleration, and Sec-MCA.

Scenarios

If you add your websites to Anti-DDoS Pro or Anti-DDoS Premium, you only need to add the domain names of your websites. For more information, see Add a website. If you add your non-website services to Anti-DDoS Pro or Anti-DDoS Premium, you only need to add the ports of your services. For more information, see Create forwarding rules.

After your services are added to Anti-DDoS Pro or Anti-DDoS Premium, all service traffic, including normal and malicious traffic, is forwarded to Anti-DDoS Pro or Anti-DDoS Premium. Malicious traffic is filtered out, and only normal traffic is forwarded to the origin server. During normal service access, normal traffic is also forwarded by Anti-DDoS Pro or Anti-DDoS Premium. This may cause a low latency to the service.

To resolve this issue, you can enable the cloud service interaction feature of Sec-Traffic Manager. If no attacks occur, normal traffic is directly forwarded to the origin server without increasing latency. If attacks occur, traffic is switched to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing and forwarding.

In addition to the preceding scenarios, Sec-Traffic Manager enables interactions between Anti-DDoS Pro or Anti-DDoS Premium and Anti-DDoS Origin, CDN, DCDN, Mainland China Acceleration (MCA), and Sec-MCA. For more information, see Benefits.

Note Anti-DDoS Pro and Anti-DDoS Premium provides Sec-Traffic Manager for you to configure rules for your service access. Whether to use Sec-Traffic Manager does not affect the billing of Anti-DDoS Pro and Anti-DDoS Premium. For more information about the billing methods of Anti-DDoS Pro and Anti-DDoS Premium, see Anti-DDoS Pro billing methods and Billing methods of Insurance Plan and Unlimited Plan.

Benefits

The following table describes the interaction scenarios of Sec-Traffic Manager and related topics.

× indicates that Anti-DDoS Pro does not support this interaction scenario.

Interaction scenario Description Anti-DDoS Pro Anti-DDoS Premium
Cloud Service Interaction Your services use Alibaba Cloud public IP addresses and are protected by Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
  • If no DDoS attacks occur, service traffic is directly forwarded to the origin server. Anti-DDoS Pro or Anti-DDoS Premium is dormant to avoid a high latency.
  • If DDoS attacks occur, Anti-DDoS Pro or Anti-DDoS Premium automatically takes effect. Anti-DDoS Pro or Anti-DDoS Premium scrubs service traffic and forwards normal traffic to the origin server.
Note Anti-DDoS Pro or Anti-DDoS Premium can interact with Alibaba Cloud Global Accelerator (GA). For more information, see What is Global Accelerator?.
Create a cloud service interaction rule
Tiered Protection Your services are protected by Anti-DDoS Origin Enterprise and Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
  • Anti-DDoS Origin Enterprise protects your services from low-volume DDoS attacks. Service traffic is directly forwarded to the origin server without increasing latency.
  • If volumetric DDoS attacks are detected, Anti-DDoS Pro or Anti-DDoS Premium takes effect. Anti-DDoS Pro or Anti-DDoS Premium scrubs service traffic and forwards normal traffic to the origin server.
Create a tiered protection rule
CDN/DCDN Interaction Your websites use Alibaba Cloud CDN or DCDN and are protected by Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
  • If no DDoS attacks occur, the nearest CDN or DCDN node is used for acceleration.
  • If DDoS attacks occur, Anti-DDoS Pro or Anti-DDoS Premium automatically takes effect.
Create a CDN or DCDN interaction rule
Network Acceleration Your services are protected by Anti-DDoS Premium Insurance or Unlimited plan and MCA to achieve the following effects:
  • If no DDoS attacks occur, the IP address that network acceleration provides is used to speed up service access.
  • If DDoS attacks occur, Anti-DDoS Premium automatically takes effect.
Note Network acceleration is suitable for the scenarios in which services are deployed outside mainland China and users of services come from mainland China. For more information, see Configure Anti-DDoS Premium MCA.
× Create a network acceleration rule
Sec-MCA Your services are protected by Anti-DDoS Premium Insurance or Unlimited plan and Sec-MCA to achieve the following effects:
  • The traffic from Internet service providers (ISPs) in mainland China, excluding China Mobile, is redirected to the IP address of the Anti-DDoS Premium Sec-MCA instance.
  • The traffic from China Mobile and ISPs outside mainland China is redirected to the IP address of the Anti-DDoS Premium instance.
Note Sec-MCA accelerates access of users in mainland China to services in regions outside mainland China. It also mitigates volumetric DDoS attacks on the networks of ISPs in mainland China, excluding China Mobile. For more information, see Configure Anti-DDoS Premium Sec-MCA.
× Create a Sec-MCA rule