It has been three years since Alibaba Cloud released the previous version of Anti-DDoS Pro. To meet your needs for more reliable networking, Alibaba Cloud has been consistently improving Anti-DDoS Pro services.
Currently, Alibaba Cloud has released the latest version of Anti-DDoS Pro.
The latest version is built on a new network infrastructure that connects Anti-DDoS Pro with Alibaba Cloud BGP data centers. This version reduces the average latency between Anti-DDoS Pro and any Chinese mainland region to less than 20 ms and offers more reliable networking than China Telecom or China Unicom networks alone. Anti-DDoS Pro adopts an architecture that requires attack traffic to be filtered in the same ISP network where the traffic was first detected. This significantly improves disaster recovery and protection capabilities offered by Anti-DDoS Pro.
Anti-DDoS Pro instance configurations
- Basic bandwidth: The minimum basic bandwidth is 30 Gbit/s, which only costs RMB 20,800 per month.
- Burstable bandwidth: The maximum burstable bandwidth is 600 Gbit/s. Contact customer service if you need more burstable bandwidth.
Migrate to the latest Anti-DDoS Pro
We recommend that you migrate to the latest version of Anti-DDoS Pro for a more reliable, secure, and faster service. Note the following details:
- The China Telecom data center in Suzhou and China Unicom data center in Dalian will
stop providing services after December 30, 2018. If your Anti-DDoS Pro instances are
deployed in any of these data centers, you must migrate your service to the latest
version of Anti-DDoS Pro before December 30, 2018. If you need help with service migration,
contact customer service.
Note You must migrate to the latest Anti-DDoS Pro if your Anti-DDoS Pro instances meet the criteria.
- You can keep using your current Anti-DDoS Pro instances if they are not deployed in the China Telecom data center in Suzhou or China Unicom data center in Dalian. To experience the latest version of Anti-DDoS Pro now, you can purchase new Anti-DDoS Pro instances and migrate your service to new instances.
You can perform the following steps to migrate your service.
Before you begin
Contact customer service to check whether your Anti-DDoS Pro instances meet the preceding criteria.
If your Anti-DDoS Pro instances meet the criteria, you can contact customer service to create new Anti-DDoS Pro instances for you. The expiration time of new instances is no earlier than that of old instances.
- Log on to the Anti-DDoS Pro console.
- Migrate domain configurations and forwarding rules to new Anti-DDoS Pro instances.
- Migrate domain configurations to new Anti-DDoS Pro instances
- Do not add forwarding rules on port 80 or 443. Anti-DDoS Pro uses port 80 or 443 by default. If the ports are already in use, you cannot associate your domain to new Anti-DDoS Pro instances.
- If you submitted a ticket to redirect HTTP/2 or HTTPS requests to HTTP, you must disable the redirect feature before you migrate domain configurations to new Anti-DDoS Pro instances.
- If a wildcard subdomain that matches your domain is already configured in other accounts, you cannot associate your domain to new Anti-DDoS Pro instances. If you have multiple Alibaba Cloud accounts, make sure to avoid this conflict.
- In the left-side navigation pane, choose Syn Domain Settings to New BGP Anti-DDoS.
- Enter the IP address of the new Anti-DDoS Pro instance and select the domains to be
Note You can select up to 5 domains. If the old Anti-DDoS Pro instance is associated with more than 5 domains, synchronize domain configurations between the old and new instance in batches.
- Click Synchronize to migrate domain configurations to the new Anti-DDoS Pro instance. To view the domain
configurations that are already migrated to new Anti-DDoS Pro instances, log on to
the New BGP Anti-DDoS console and select .
Note At this point, your traffic is still forwarded by the old Anti-DDoS Pro instance.Domain synchronization notes:
Notice After you synchronize domain configurations, you cannot view these configurations on old Anti-DDoS Pro instances. However, the domains are still associated with old Anti-DDoS Pro instances. You can choosein the New BGP Anti-DDoS console to view domain configurations that are already migrated to new Anti-DDoS Pro instances. To prevent mistakes to these domain configurations, you cannot view these configurations in the old Anti-DDoS Pro console.
- If you have only one old Anti-DDoS Pro instance, perform the preceding steps to synchronize all domain configurations between the old and new Anti-DDoS Pro instance.
- If you have multiple old Anti-DDoS Pro instances and some domains are associated with multiple instances, you must identify the domains to be synchronized and the Anti-DDoS Pro instances associated with these domains. If you want to keep using some of the old Anti-DDoS Pro instances, we recommend that you dissociate the domains to be synchronized from these instances and perform the preceding steps to synchronize domain configurations between old and new Anti-DDoS Pro instances.
- After you synchronize domain configurations, we recommend that you log on to the New BGP Anti-DDoS console, choose , and compare the domain configurations in the Websites list with your backup configurations.
If you find any differences, you can manually change the domain configurations according
to your backup configurations.
- The new and old Anti-DDoS Pro instances use different CIDR blocks to forward traffic back to your origin server. If you set access control rules on your origin server, make sure to add the back-to-origin CIDR blocks used by new Anti-DDoS Pro instances to the whitelist. You can select View Back-to-origin CIDR Blocks to view all back-to-origin CIDR blocks used by new Anti-DDoS Pro instances. and click
- If your domain has not obtained an ICP license, you can submit a ticket or contact customer service for help. We recommend that you obtain an ICP license as soon as possible.
- Migrate forwarding rules to the new Anti-DDoS Pro instances
- In the left-side navigation pane, choose and select an Anti-DDoS Pro instance and IP address.
- Click Export Rules and select Export rules to export forwarding rules in a TXT file to your local computer.
- In the New BGP Anti-DDoS console, choose , select an Anti-DDoS Pro instance, click Batch Operations, and select Create Rule.
- Copy the contents of the TXT file to the edit area in the Create Rule dialog box,
and click Create to migrate the forwarding rules to the selected Anti-DDoS Pro instance.
Note For more information about importing and exporting multiple forwarding rules, see Import and export configurations. After you migrate forwarding rules to the new instance, you can follow a similar procedure to migrate session persistence and health check settings to the new instance.
- Migrate domain configurations to new Anti-DDoS Pro instances
- You can modify the hosts file on your machine to test if the domain configurations and forwarding rules work as expected. For more information, see Test configurations on local machines.
- After you pass the tests, change DNS resolution settings and modify A record values
through your DNS provider to forward traffic to your Anti-DDoS Pro instances.
Note If you use IPs and ports to set up the Anti-DDoS Pro instance, replace your service IP with the IP address of the Anti-DDoS Pro instance to forward traffic to Anti-DDoS Pro.
- After you migrate your service to new Anti-DDoS Pro instances, your old Anti-DDoS
Pro instances will be released when their subscription period ends. You can also submit
a ticket or contact customer service to release your old instances.
Note When both old and new Anti-DDoS Pro instances are in use, you cannot delete the domain configurations that were migrated from the old instances in the new BGP Anti-DDoS console. You can only delete these domain configurations when the associated old Anti-DDoS Pro instances are released.
- The migration process will not affect your service. If you need to roll back the configurations, submit a ticket or contact customer service.
- To avoid additional fees during the migration process and when both new and old Anti-DDoS Pro instances are in use, we recommend that you set the basic bandwidth and burstable bandwidth to the same value on your old Anti-DDoS Pro instances.
- If your Anti-DDoS Pro instances do not meet the preceding criteria, you can purchase
new Anti-DDoS Pro instances by yourself and follow the preceding steps to migrate
your service to new Anti-DDoS Pro instances. After the migration process is complete,
and your old Anti-DDoS Pro instances have subscription time left, you can submit a
ticket to request a refund.
Note If your Anti-DDoS Pro instances meet the preceding criteria, you cannot request a refund because your new Anti-DDoS Pro instances are created by Alibaba Cloud free of charge.
What benefits does the latest Anti-DDoS Pro have?
For more information about the benefits offered by Anti-DDoS Pro, see What is Anti-DDoS Pro.
Where can I find detailed pricing information?
For more information about pricing, see Billing methods.
How fast is the network used by Anti-DDoS Pro?
You can use third-party testing tools to test the latency of Anti-DDoS Pro instances. For example, http://ping.chinaz.com/22.214.171.124.
Test IP address: 126.96.36.199
Do I need to buy new Anti-DDoS Pro instances during the migration process?
No. After you confirm the configurations of your new Anti-DDoS Pro instances with customer service, Alibaba Cloud creates new Anti-DDoS Pro instances for you free of charge.
How can I tell where my Anti-DDoS Pro instance is deployed?
- If you use domains to set up Anti-DDoS Pro instances, it takes one to three days because you need to update DNS records through your DNS provider.
- If you use IPs and ports to set up Anti-DDoS Pro instances, it depends on your service status.
Will my service be interrupted during the migration process?
In most situations, migrating to new Anti-DDoS Pro instances does not affect your service. The actual situation may vary according to the service status. Alibaba Cloud allows you to keep both old and new Anti-DDoS Pro instances in use for a period of time. Old Anti-DDoS Pro instances are not released until Alibaba Cloud confirms that all your traffic is forwarded to your new Anti-DDoS Pro instances.
Your service availability is the highest priority of Alibaba Cloud during the entire migration process.
- The latest version of Anti-DDoS Pro is based on BGP networks and supports quick disaster recovery. This version provides faster and more reliable networks compared with older versions. To set up the latest Anti-DDoS Pro to protect your business, you need to change A records instead of CNAME records.
- The latest Anti-DDoS Pro uses different back-to-origin CIDR blocks than older versions of Anti-DDoS Pro. You need to manually update back-to-origin CIDR blocks if you have set access control rules to protect your origin server.