Anti-DDoS Pro provides eight BGP lines at the Tbit/s level to protect your servers deployed in mainland China against volumetric DDoS attacks. Compared with anti-DDoS service based on Internet Data Center (IDC), Anti-DDoS Pro now supports more reliable networks with lower latency. This enables quicker disaster recovery.

Benefits

Anti-DDoS Pro provides the following benefits:
  • Maximum BGP bandwidth resources in mainland China. It provides a maximum protection bandwidth of 1.5 Tbit/s to protect your services against volumetric DDoS attacks.
  • Top-quality bandwidth resources in mainland China. Its BGP lines cover most Internet service provider (ISP) networks in mainland China, such as China Telecom, China Unicom, China Mobile, and China Education and Research Network. The average latency is about 20 ms.
  • Only one IP address is required to access different ISP networks in mainland China.

Differences between IDC-based anti-DDoS service and Anti-DDoS Pro

Item IDC-based anti-DDoS service

(China Telecom, China Unicom, and China Mobile networks)

IDC-based anti-DDoS service

(BGP lines)

Anti-DDoS Pro
ISP networks Only supports China Telecom, China Unicom, and China Mobile networks. Supports multiple small and medium-sized ISP networks in addition to China Telecom, China Unicom, and China Mobile networks. Supports multiple small and medium-sized ISP networks in addition to China Telecom, China Unicom, and China Mobile networks.
Network latency Average latency is 30 ms in mainland China. Cross-network access may occur if you use networks provided by small-sized ISPs. Average latency is 20 ms in mainland China. No cross-network access is required. Average latency is 20 ms in mainland China. No cross-network access is required.
Dedicated back-to-origin line Not supported. Traffic is forwarded back to the origin server with a latency over the Internet. If the origin server is deployed on Alibaba Cloud, traffic is forwarded back to the origin server with a negligible latency by using dedicated connections. Otherwise, traffic is forwarded back to the origin server over the Internet. If the origin server is deployed on Alibaba Cloud, traffic is forwarded back to the origin server with a negligible latency by using dedicated connections. Otherwise, traffic is forwarded back to the origin server over the Internet.
Disaster recovery If a server fault occurs, transport-layer traffic cannot be automatically scheduled. Due to DNS resolution limits, automatic scheduling for application-layer traffic cannot take effect immediately. Supports automatic scheduling for all traffic based on BGP routing. The switchover is completed within several seconds. Supports automatic scheduling for all traffic based on BGP routing. The switchover is completed within several seconds.
IP addresses Needs more than two IP addresses, which requires a larger configuration workload. Needs only one IP address. Needs only one IP address.
Maximum protection capability Provides a maximum protection bandwidth of 1 Tbit/s against volumetric DDoS attacks based on China Telecom or China Unicom networks. Provides a maximum protection bandwidth of 100 Gbit/s against volumetric DDoS attacks. Provides a maximum protection bandwidth of 1.5 Tbit/s against volumetric DDoS attacks.
Attack mitigation for the transport layer Supports protection against flood attacks such as SYN floods, ACK floods, and ICMP floods. Filters out malformed packets, empty requests, and requests from zombies. The same. The same.
Attack mitigation for the application layer Supports protection against HTTP flood attacks. Supports protection against HTTP flood attacks. Supports protection against HTTP flood attacks.

Scenarios

We recommend that you use Anti-DDoS Pro as required:
  • A reliable network that has a minimal latency, provides quick disaster recovery, and covers multiple ISP networks.
  • Basic protection that offers 20 Gbit/s or more of BGP bandwidth.
  • Protection against volumetric DDoS attacks over 300 Gbit/s.

References