Overview

It has been three years since Alibaba Cloud released the previous version of Anti-DDoS Pro. To meet your needs for more reliable networking, Alibaba Cloud has been consistently improving Anti-DDoS Pro services.

Currently, Alibaba Cloud has released the latest version of Anti-DDoS Pro.

The latest version is built on a new network infrastructure that connects Anti-DDoS Pro with Alibaba Cloud BGP data centers. This version reduces the average latency between Anti-DDoS Pro and any Chinese mainland region to less than 20 ms and offers more reliable networking than China Telecom or China Unicom networks alone. Anti-DDoS Pro adopts an architecture that requires attack traffic to be filtered in the same ISP network where the traffic was first detected. This significantly improves disaster recovery and protection capabilities offered by Anti-DDoS Pro.

Anti-DDoS Pro instance configurations

  • Basic bandwidth: The minimum basic bandwidth is 30 Gbit/s, which only costs RMB 20,800 per month.
  • Burstable bandwidth: The maximum burstable bandwidth is 600 Gbit/s. Contact customer service if you need more burstable bandwidth.

Migrate to the latest Anti-DDoS Pro

We recommend that you migrate to the latest version of Anti-DDoS Pro for a more reliable, secure, and faster service. Note the following details:

  • The China Telecom data center in Suzhou and China Unicom data center in Dalian will stop providing services after December 30, 2018. If your Anti-DDoS Pro instances are deployed in any of these data centers, you must migrate your service to the latest version of Anti-DDoS Pro before December 30, 2018. If you need help with service migration, contact customer service.
    Note You must migrate to the latest Anti-DDoS Pro if your Anti-DDoS Pro instances meet the criteria.
  • You can keep using your current Anti-DDoS Pro instances if they are not deployed in the China Telecom data center in Suzhou or China Unicom data center in Dalian. To experience the latest version of Anti-DDoS Pro now, you can purchase new Anti-DDoS Pro instances and migrate your service to new instances.

Procedure

You can perform the following steps to migrate your service.

Before you begin

Contact customer service to check whether your Anti-DDoS Pro instances meet the preceding criteria.

If your Anti-DDoS Pro instances meet the criteria, you can contact customer service to create new Anti-DDoS Pro instances for you. The expiration time of new instances is no earlier than that of old instances.

New instances have the same configurations as old instances.
Note We recommend that you migrate your service to new Anti-DDoS Pro instances once the new instances are created. During the migration process, both old and new Anti-DDoS Pro instances can forward your traffic and protect the security of your business.
Notice We recommend that you back up your configurations in advance. You can read Import and export configurations to learn how to import and export domain configurations and forwarding rules in the Anti-DDoS Pro console. After you migrate domain configurations to the new Anti-DDoS Pro instances, you cannot view these configurations on old Anti-DDoS Pro instances.
  1. Log on to the Anti-DDoS Pro console.
  2. Migrate domain configurations and forwarding rules to new Anti-DDoS Pro instances.
    • Migrate domain configurations to new Anti-DDoS Pro instances
      Notes:
      • Do not add forwarding rules on port 80 or 443. Anti-DDoS Pro uses port 80 or 443 by default. If the ports are already in use, you cannot associate your domain to new Anti-DDoS Pro instances.
      • If you submitted a ticket to redirect HTTP/2 or HTTPS requests to HTTP, you must disable the redirect feature before you migrate domain configurations to new Anti-DDoS Pro instances.
      • If a wildcard subdomain that matches your domain is already configured in other accounts, you cannot associate your domain to new Anti-DDoS Pro instances. If you have multiple Alibaba Cloud accounts, make sure to avoid this conflict.
      1. In the left-side navigation pane, choose Access > Web Service, and click Syn Domain Settings to New BGP Anti-DDoS.

      2. Enter the IP address of the new Anti-DDoS Pro instance and select the domains to be migrated.
        Note You can select up to 5 domains. If the old Anti-DDoS Pro instance is associated with more than 5 domains, synchronize domain configurations between the old and new instance in batches.


      3. Click Synchronize to migrate domain configurations to the new Anti-DDoS Pro instance. To view the domain configurations that are already migrated to new Anti-DDoS Pro instances, log on to the New BGP Anti-DDoS console and select Management > Websites.
        Note At this point, your traffic is still forwarded by the old Anti-DDoS Pro instance.
        Domain synchronization notes:
        • If you have only one old Anti-DDoS Pro instance, perform the preceding steps to synchronize all domain configurations between the old and new Anti-DDoS Pro instance.
        • If you have multiple old Anti-DDoS Pro instances and some domains are associated with multiple instances, you must identify the domains to be synchronized and the Anti-DDoS Pro instances associated with these domains. If you want to keep using some of the old Anti-DDoS Pro instances, we recommend that you dissociate the domains to be synchronized from these instances and perform the preceding steps to synchronize domain configurations between old and new Anti-DDoS Pro instances.
        Notice After you synchronize domain configurations, you cannot view these configurations on old Anti-DDoS Pro instances. However, the domains are still associated with old Anti-DDoS Pro instances. You can choose Management > Websites in the New BGP Anti-DDoS console to view domain configurations that are already migrated to new Anti-DDoS Pro instances. To prevent mistakes to these domain configurations, you cannot view these configurations in the old Anti-DDoS Pro console.
      4. After you synchronize domain configurations, we recommend that you log on to the New BGP Anti-DDoS console, choose Management > Websites, and compare the domain configurations in the Websites list with your backup configurations. If you find any differences, you can manually change the domain configurations according to your backup configurations.
        Notes:
        • The new and old Anti-DDoS Pro instances use different CIDR blocks to forward traffic back to your origin server. If you set access control rules on your origin server, make sure to add the back-to-origin CIDR blocks used by new Anti-DDoS Pro instances to the whitelist. You can select Management > Websites and click View Back-to-origin CIDR Blocks to view all back-to-origin CIDR blocks used by new Anti-DDoS Pro instances.
        • If your domain has not obtained an ICP license, you can submit a ticket or contact customer service for help. We recommend that you obtain an ICP license as soon as possible.
    • Migrate forwarding rules to the new Anti-DDoS Pro instances
      1. In the left-side navigation pane, choose Access > Non-Web Service and select an Anti-DDoS Pro instance and IP address.
      2. Click Export Rules and select Export rules to export forwarding rules in a TXT file to your local computer.
      3. In the New BGP Anti-DDoS console, choose Management > Port Settings, select an Anti-DDoS Pro instance, click Batch Operations, and select Create Rule.
      4. Copy the contents of the TXT file to the edit area in the Create Rule dialog box, and click Create to migrate the forwarding rules to the selected Anti-DDoS Pro instance.
        Note For more information about importing and exporting multiple forwarding rules, see Import and export configurations. After you migrate forwarding rules to the new instance, you can follow a similar procedure to migrate session persistence and health check settings to the new instance.
  3. You can modify the hosts file on your machine to test if the domain configurations and forwarding rules work as expected. For more information, see Test configurations on local machines.
  4. After you pass the tests, change DNS resolution settings and modify A record values through your DNS provider to forward traffic to your Anti-DDoS Pro instances.
    Note If you use IPs and ports to set up the Anti-DDoS Pro instance, replace your service IP with the IP address of the Anti-DDoS Pro instance to forward traffic to Anti-DDoS Pro.
  5. After you migrate your service to new Anti-DDoS Pro instances, your old Anti-DDoS Pro instances will be released when their subscription period ends. You can also submit a ticket or contact customer service to release your old instances.
    Note When both old and new Anti-DDoS Pro instances are in use, you cannot delete the domain configurations that were migrated from the old instances in the new BGP Anti-DDoS console. You can only delete these domain configurations when the associated old Anti-DDoS Pro instances are released.
Notes
  • The migration process will not affect your service. If you need to roll back the configurations, submit a ticket or contact customer service.
  • To avoid additional fees during the migration process and when both new and old Anti-DDoS Pro instances are in use, we recommend that you set the basic bandwidth and burstable bandwidth to the same value on your old Anti-DDoS Pro instances.
  • If your Anti-DDoS Pro instances do not meet the preceding criteria, you can purchase new Anti-DDoS Pro instances by yourself and follow the preceding steps to migrate your service to new Anti-DDoS Pro instances. After the migration process is complete, and your old Anti-DDoS Pro instances have subscription time left, you can submit a ticket to request a refund.
    Note If your Anti-DDoS Pro instances meet the preceding criteria, you cannot request a refund because your new Anti-DDoS Pro instances are created by Alibaba Cloud free of charge.

FAQ

What benefits does the latest Anti-DDoS Pro have?

For more information about the benefits offered by Anti-DDoS Pro, see What is Anti-DDoS Pro.

Where can I find detailed pricing information?

For more information about pricing, see Billing methods.

How fast is the network used by Anti-DDoS Pro?

You can use third-party testing tools to test the latency of Anti-DDoS Pro instances. For example, http://ping.chinaz.com/203.107.32.57.

Test IP address: 203.107.32.57

Do I need to buy new Anti-DDoS Pro instances during the migration process?

No. After you confirm the configurations of your new Anti-DDoS Pro instances with customer service, Alibaba Cloud creates new Anti-DDoS Pro instances for you free of charge.

How can I tell where my Anti-DDoS Pro instance is deployed?

Your Anti-DDoS Pro instance is deployed in the China Telecom data center in Suzhou or China Unicom data center in Dalian if its IP address is within one of the following CIDR blocks:
  • 180.97.164.128/26
  • 180.97.164.0/25
  • 180.97.163.0/24
  • 180.97.162.0/24
  • 180.97.161.0/24
  • 180.97.89.0/24
  • 180.101.207.0/24
  • 180.101.208.0/24
  • 218.94.232.0/24
  • 218.60.113.0/24
  • 218.60.114.0/24
  • 218.60.115.0/25
  • 218.60.115.128/26
  • 218.60.112.0/24
  • 218.60.121.0/24
  • 218.60.82.0/24
  • 218.60.83.0/24
  • 211.93.149.0/24
How long does it take to migrate my service to new Anti-DDoS Pro instances?
  • If you use domains to set up Anti-DDoS Pro instances, it takes one to three days because you need to update DNS records through your DNS provider.
  • If you use IPs and ports to set up Anti-DDoS Pro instances, it depends on your service status.

Will my service be interrupted during the migration process?

In most situations, migrating to new Anti-DDoS Pro instances does not affect your service. The actual situation may vary according to the service status. Alibaba Cloud allows you to keep both old and new Anti-DDoS Pro instances in use for a period of time. Old Anti-DDoS Pro instances are not released until Alibaba Cloud confirms that all your traffic is forwarded to your new Anti-DDoS Pro instances.

Your service availability is the highest priority of Alibaba Cloud during the entire migration process.

What else do I need to know when migrating to the latest Anti-DDoS Pro?
  • The latest version of Anti-DDoS Pro is based on BGP networks and supports quick disaster recovery. This version provides faster and more reliable networks compared with older versions. To set up the latest Anti-DDoS Pro to protect your business, you need to change A records instead of CNAME records.
  • The latest Anti-DDoS Pro uses different back-to-origin CIDR blocks than older versions of Anti-DDoS Pro. You need to manually update back-to-origin CIDR blocks if you have set access control rules to protect your origin server.