This article takes an example to describe how to connect your layer-4 service to Anti-DDoS Pro by using CNAME resolution.
In most cases, you can directly specify the clients to access the Anti-DDoS Pro IP address for layer-4 access (non-web service protection). However, in some cases, you may need to use a domain name to connect your layer-4 service to Anti-DDoS Pro. In such cases, you can add a layer-7 domain name, and use the same CNAME to resolve the domain name to the different Anti-DDoS Pro lines for CNAME auto scheduling.
Assume that you want the traffic accessing the game server domain name (game.aliyundemo.com) to be redirected to your Anti-DDoS Pro IP address, the game’s TCP ports are 1234 and 5678, and the origin site IP address is 1.1.1.1.
Step 1: Add the domain name to Web Service to obtain the CNAME.
If this domain name relates to a real website business, you must specify the correct protocol type and origin site IP. This CNAME can also be used in domain name resolution for layer-4 service protection.
Step 2: Configure a forwarding rule under Non-Web Service.
Follow Non-website access to configure two forwarding rules for the TCP ports 1234 and 5678.
Step 3: Update the DNS settings of the domain name
Go to your DNS service provider to add a CNAME record for game.aliyundemo.com, resolving it to the CNAME generated in Step 1.
When the procedure is complete, requests from clients can be intelligently resolved to the Anti-DDoS Pro IP addresses based on their network types. Anti-DDoS Pro can then correctly forward requests sent from the clients to origin based on the layer-4 forwarding configuration.
Additionally, you can enable CNAME Auto switch for layer-4 services on the Web Service page.