Anti-DDoS Premium supports Secure Mainland China Acceleration (Sec-MCA). This allows you to accelerate access from mainland China to services in regions outside mainland China. Sec-MCA provides traffic scrubbing capabilities of more than 2 Tbit/s. This improves the access speed and stability of your business.

Prerequisites

An Anti-DDoS Premium Sec-MCA instance is purchased. For more information, see Purchase a Sec-MCA plan for an Anti-DDoS Premium instance.

Background information

Sec-MCA provides DDoS scrubbing capabilities and speeds up user access. Furthermore, you do not need to switch to an Anti-DDoS Premium instance to protect your services.
Note MCA does not provide DDoS scrubbing capabilities. If your services are under attack, you must switch to an Anti-DDoS Premium instance. If DDoS attacks occur frequently, you must continually switch to an Anti-DDoS Premium instance.
The following table lists the differences between MCA and Sec-MCA.
Module Function Mitigation scope Switchover required Required instance specifications
Sec-MCA Acceleration and DDoS mitigation (providing traffic scrubbing capabilities of more than 2 Tbit/s) Traffic from Internet Service Providers (ISPs) in mainland China, excluding China Mobile When your service is under attack, you do not need to switch to Anti-DDoS Premium to mitigate the DDoS attack.
  • Traffic from ISPs in mainland China, excluding China Mobile: Anti-DDoS Premium Sec-MCA
  • Traffic from all ISPs: Anti-DDoS Premium Insurance Plan or Unlimited Plan plus Sec-MCA
Network acceleration Acceleration only DDoS mitigation is not provided. When your service is under attack, you must switch to Anti-DDoS Premium to mitigate the DDoS attack. Traffic from all ISPs in mainland China: Anti-DDoS Premium Insurance Plan or Unlimited Plan plus Sec-MCA

Protect traffic from mainland China ISPs, excluding China Mobile

To provide quick and stable access for users who use mainland China Internet Service Providers (ISPs), excluding China Mobile, you can use only Anti-DDoS Premium Sec-MCA.
Note Users of China Mobile or outside mainland China cannot access your services by using the IP addresses of Sec-MCA. For information about how to accelerate access for these users, see Protect traffic from all ISPs.
  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Outside Mainland China.
  3. Add your website or non-website services to your Anti-DDoS Premium Sec-MCA instance.
    • Website configuration: Select the dedicated IP address of your Anti-DDoS Premium Sec-MCA instance. For more information, see Add a website.
    • Port configuration for non-website services: Configure a port forwarding rule in an Anti-DDoS Premium Sec-MCA instance. For more information, see Create forwarding rules.
  4. Redirect the traffic to the Anti-DDoS Premium Sec-MCA instance and protect your services.
    • Website configuration: Change the CNAME record to point the website to the CNAME address assigned by Anti-DDoS Premium. For more information, see Modify DNS records to protect websites.
    • Port configuration for non-website services: After you create a port forwarding rule, set the IP address to be protected to the IP address of the Anti-DDoS Premium instance.

Protect traffic from all ISPs

If you want to provide quick and stable access for users in and outside mainland China irrespective of ISPs, you can use Anti-DDoS Premium Insurance Plan or Unlimited Plan and Sec-MCA. You must create a Sec-MCA rule in Sec-Traffic Manager.

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Outside Mainland China.
  3. Add your website or non-website services to the Sec-MCA instance of Anti-DDoS Premium Insurance Plan or Unlimited Plan.
    Note In this step, you do not need to change the DNS record.
    • Website configuration: When you select the dedicated IP address of your Anti-DDoS Premium instance, you must select the dedicated IP addresses of both the Anti-DDoS Premium Insurance Plan or Unlimited Plan instance and the Anti-DDoS Premium Sec-MCA instance. For more information, see Add a website.
    • Port configuration for non-website services: You must configure a port forwarding rule in both the Anti-DDoS Premium Insurance Plan or Unlimited Plan instance and the Anti-DDoS Premium Sec-MCA instance. For more information, see Create forwarding rules.
    Note Before you add your non-website services to an Anti-DDoS Premium Sec-MCA instance, make sure that the services can be accessed by using domain names. This ensures that traffic can be automatically redirected to the Anti-DDoS Premium Sec-MCA instance. If your services are accessed by using IP addresses, traffic cannot be automatically redirected.
  4. Choose Provisioning > Sec-Traffic Manager. On the page that appears, click the General tab.
  5. Click Create Rule. In the dialog box that appears, configure the following parameters and click Next.
    • Interaction Scenario: Select Sec-MCA.
    • Name: Enter the name of the rule.
    • Sec-MCA: Select an Anti-DDoS Premium Sec-MCA instance.
    • Anti-DDoS Premium: Select an Anti-DDoS Premium Insurance Plan or Unlimited Plan instance.
    After you create a port forwarding rule, the system generates a CNAME address. You only need to change the DNS record to map the domain name to the CNAME address.
    • The traffic from mainland China ISPs, excluding China Mobile, is redirected to the IP address of the Anti-DDoS Premium Sec-MCA instance.
    • The traffic from China Mobile and regions outside mainland China is redirected to the IP address of Anti-DDoS Premium.
    Note When you add your services, make sure that you have selected the dedicated IP addresses of both the Anti-DDoS Premium Insurance Plan or Unlimited Plan instance and the Anti-DDoS Premium Sec-MCA instance.
  6. Change the DNS record for the domain name at your DNS service provider.
    After you map your domain name to the CNAME address generated in Sec-Traffic Manager, the traffic is automatically redirected to Sec-Traffic Manager.
    Note Automatic traffic redirection is achieved based on the CNAME address. Therefore, you must use the CNAME record.