Create a network acceleration rule - Anti-DDoS Pro & Premium User Guide| Alibaba Cloud Documentation Center

You can use network acceleration for service interaction between an Anti-DDoS Premium Insurance or Unlimited instance and an Anti-DDoS Premium MCA instance. If no attacks occur, service traffic is sent to the IP address of the Anti-DDoS Premium MCA instance for acceleration. If attacks occur, service traffic is automatically switched to the Anti-DDoS Premium Insurance or Unlimited instance for scrubbing. Then, normal traffic is forwarded to your origin server.

Prerequisites

An Anti-DDoS Premium MCA instance is purchased. For more information, see Purchase an MCA plan for an Anti-DDoS Premium instance.
An Anti-DDoS Premium Insurance or Unlimited instance is purchased, and your service is added to the Anti-DDoS Premium Insurance or Unlimited instance. For more information, see Purchase an insurance plan or unlimited plan for an Anti-DDoS Premium instance and Add a website (website service) and Create forwarding rules (non-website service).

Notice The bandwidth and queries per second (QPS) of the Anti-DDoS Premium Insurance or Unlimited instance must meet protection requirements of your service. This ensures that the instance can process service traffic after the traffic is switched to the Anti-DDoS Premium Insurance or Unlimited instance.
The Anti-DDoS Premium Insurance or Unlimited instance can forward traffic as expected. For more information, see Verify the forwarding configuration on your local machine.

Background information

Network acceleration rules apply to scenarios where your servers are deployed outside mainland China but your users come from mainland China.

In this case, if you add your service only to an Anti-DDoS Premium Insurance or Unlimited instance, users in mainland China experience increased latency. You can purchase both an Anti-DDoS Premium Insurance or Unlimited instance and an Anti-DDoS Premium MCA instance. This allows you to accelerate user access by using the Anti-DDoS Premium MCA instance if no attacks occur. If your service encounters attacks, service traffic is forwarded to the Anti-DDoS Premium Insurance or Unlimited instance for protection. The following figure shows the interaction process.

For more information, see Configure Anti-DDoS Premium MCA.

Procedure

Log on to the Anti-DDoS Pro console.
In the top navigation bar, select Outside Mainland China.
If you select this region, the Anti-DDoS Premium console appears.
In the left-side navigation pane, choose Provisioning > Sec-Traffic Manager.
On the General tab, click Create Rule.

In the Create Rule pane, configure a Network Acceleration rule and click Next.

The following table describes the parameters.


Parameter	Description
Interaction Scenario	Select Network Acceleration.
Name	Specify the name of the rule. The rule name can be up to 128 characters in length and can contain letters, digits, and underscores (_).
Anti-DDoS Instance IP	Select an Anti-DDoS Pro or Anti-DDoS Premium instance.
Mainland China Acceleration IP	Select the IP address of the Anti-DDoS Premium MCA instance.
The waiting time of switching back	Specify the waiting time required to switch service traffic back to cloud resources from Anti-DDoS Pro or Anti-DDoS Premium. Valid values: Auto Switch-back: the waiting time required before service traffic is automatically switched back based on the duration of attacks. The automatic waiting time ranges from 10 minutes to 60 minutes. Customize: the custom waiting time required before service traffic is switched back. The custom waiting time ranges from 30 minutes to 120 minutes. To avoid frequent switchback operations, we recommend that you specify a waiting time of 60 minutes.

After the rule is created, Sec-Traffic Manager assigns a CNAME address for the rule. You can view the created rule and CNAME address in the rule list. CNAME address of the network acceleration rule

CNAME address of the network acceleration rule

Modify the DNS records.
Modify the DNS records of your domain name on the website of the DNS service provider to point the domain name to the CNAME address provided by Sec-Traffic Manager. For more information, see Change the CNAME record to redirect traffic to Sec-Traffic Manager.

What to do next

Switch traffic back: Assume that the general interaction rule takes effect and service traffic is switched to Anti-DDoS Pro or Anti-DDoS Premium. If the waiting time of switching back has not arrived, you can click Switch back to manually switch the traffic back to the cloud resource.

Note The Switch back button appears only when service traffic is switched to Anti-DDoS or Anti-DDoS Premium and the waiting time of switching back does not arrive.
The following exceptions may occur when you perform this operation:
- If all cloud resources are in blackhole filtering, the operation fails.
- If some cloud resources are in blackhole filtering and some are normal, traffic is switched to the normal cloud resources. After blackhole filtering is deactivated, traffic is automatically switched to other cloud resources.
Edit an interaction rule: On the General tab, find the rule that you want to edit and click Edit in the Actions column. You can modify parameters except Interaction Scenario and Name.
Delete an interaction rule: On the General tab, find the rule that you want to delete and click Delete in the Actions column.

Warning Before you delete an interaction rule, make sure that the service traffic is no longer directed to the CNAME address assigned by Sec-Traffic Manager. Otherwise, your service becomes unavailable after you delete the rule.