Anti-DDoS Pro provides eight Border Gateway Protocol (BGP) lines at the Tbit/s level to protect your servers deployed in mainland China against DDoS attacks. Compared with anti-DDoS service based on Internet Data Centers (IDCs), Anti-DDoS Pro supports more stable networks with lower latency and quicker disaster recovery.

Target users

Anti-DDoS Pro is suitable for workloads deployed in mainland China.

Benefits

Anti-DDoS Pro provides the following benefits:
  • Highest BGP bandwidth in mainland China: Anti-DDoS Pro provides a maximum bandwidth of 1.5 Tbit/s to protect your services against DDoS attacks.
  • Top-quality bandwidth resources in mainland China: Anti-DDoS Pro provides BGP lines that cover most Internet service provider (ISP) networks in mainland China, such as China Telecom, China Unicom, China Mobile, and China Education and Research Network. The average latency is approximately 20 milliseconds.
  • Distributed on-premises data centers to clean DDoS attacks: Anti-DDoS Pro provides more than eight on-premises data centers to scrub DDoS attacks. The total bandwidth exceeds 10 Tbit/s and the bandwidth of each on-premises data center exceeds 1 Tbit/s.
  • Only one IP address is required to access different ISP networks in mainland China and to meet the requirements of anti-DDoS protection.
  • Anti-DDoS Pro provides exclusive protection for more than 20 ISPs, such as China Telecom, China Unicom, China Mobile, and China Education and Research Network.

Scenarios

We recommend that you activate Anti-DDoS Pro if you have the following requirements:
  • Reliable networks that have a minimal latency, provide quick disaster recovery, and cover multiple ISP networks.
  • BGP lines that provide at least 20 Gbit/s bandwidth against basic DDoS attacks.
  • BGP lines that provide at least 300 Gbit/s bandwidth against DDoS attacks.

Comparison between Anti-DDoS Pro and IDC-based anti-DDoS service

Item IDC-based anti-DDoS service

that uses China Telecom, China Unicom, and China Mobile networks

IDC-based anti-DDoS service

that uses BGP lines

Anti-DDoS Pro
ISP networks Only supports China Telecom, China Unicom, and China Mobile networks. Supports multiple small and medium-sized ISP networks in addition to China Telecom, China Unicom, and China Mobile networks. Supports multiple small and medium-sized ISP networks in addition to China Telecom, China Unicom, and China Mobile networks.
Network quality The average latency is approximately 30 milliseconds in mainland China. Cross-ISP connections may be required if you use networks provided by small-sized ISPs. The average latency is approximately 20 milliseconds in mainland China. Cross-ISP connections are not required. The average latency is approximately 20 milliseconds in mainland China. Cross-ISP connections are not required.
Leased back-to-origin lines Not supported. Traffic is forwarded back to the origin server with a latency over the Internet. If the origin server is deployed on Alibaba Cloud, traffic is forwarded back to the origin server with a negligible latency through leased lines. Otherwise, traffic is forwarded back to the origin server through the Internet. If the origin server is deployed on Alibaba Cloud, traffic is forwarded back to the origin server with a negligible latency through leased lines. Otherwise, traffic is forwarded back to the origin server through the Internet.
Disaster recovery If a server exception occurs, transport-layer traffic cannot be automatically scheduled. Due to DNS resolution limits, automatic scheduling for application-layer traffic cannot take effect immediately. Supports automatic scheduling for all traffic based on BGP routing. The switchover is completed within seconds. Supports automatic scheduling for all traffic based on BGP routing. The switchover is completed within seconds.
Required number of IP addresses Requires more than two IP addresses, which requires complex configurations. Requires only one IP address. Requires only one IP address.
Maximum protection capability Based on China Telecom or China Unicom networks, provides a maximum bandwidth of 1 Tbit/s against DDoS attacks. Provides a maximum bandwidth of 100 Gbit/s against DDoS attacks. Provides a maximum bandwidth of 1.5 Tbit/s against DDoS attacks.
Protection for the transport layer Provides protection against flood attacks such as SYN flood attacks, ACK flood attacks, and ICMP flood attacks, malformed packets, empty requests, and zombi requests. The same. The same.
Protection for the application layer Supports protection against HTTP flood attacks. The same. The same.

Related topics