Innovation on Technology: Splitting Traffic through the Smart Scheduling Algorithm

DDoS attack and defense is a battle of resources. From the network, the CDN, the server to the database, DDoS attacks can occur if a resource difference exists.

Resource type User Hacker
Bandwidth resource G-level limited bandwidth and black hole routing mechanism triggered by peaks T-level overwhelming bandwidth resource
Broilers resource Limited server resource Large-scale leading broiler resource
Technical resource A complete area requiring protection Only one point needs to be broken
Capital resource Limited budget + high protection costs Nearly no cost

From the cloud layer, the burstable security network to the current Game Shield, after years of working with gaming industry users side by side, Alibaba Cloud's security team has used data and algorithms to change the pattern of large-scale DDoS attack defense.

Today, when dealing with hackers, Game Shield not only defend passively but also has the ability to counterattack. It effectively identifies which client is a hacker and which client is a normal user. By using more flexible scheduling algorithms, it splits the user's normal traffic and hackers' attack traffic to different places, so it can hold off massive DDoS attacks again and again.

During the evolution of Game Shield, the Alibaba Cloud security team has successfully balanced the four major kinds of resource inequality:

  • How to defense overwhelming T-level bandwidth resources
  • How to break hackers' broiler resources
  • How to fill the gaps that enable hackers to attack only a point while users must guard the whole area
  • How to reduce the capital cost