All Products
Search
Document Center

Anti-DDoS:BGP diversion mode for IDC outside Alibaba Cloud

Last Updated:Oct 10, 2023

Anti-DDoS Origin BGP diversion mode shields entire networks for IDC outside Alibaba Cloud. You can manually or automatically enable traffic rerouting if DDoS attacks are detected. Then, Inbound traffic is rerouted to the anycast scrubbing centers of Alibaba Cloud around the world.

Scenarios

You can use on-demand instances to protect servers in data centers outside the Chinese mainland without the need to change IP addresses and network architecture for your services.

Prerequisites

An on-demand Anti-DDoS Origin instance is purchased.

Note

Anti-DDoS diversion instances protect servers in data centers outside the Chinese mainland. You must contact sales personnel to purchase anti-DDoS diversion instances.

Procedure

  1. Log on to the Traffic Security console.

  2. In the left-side navigation pane, click Assets.

  3. In the top navigation bar, select the region in which your asset resides.

  4. On the Assets page, click the Others tab.

    The Others tab lists the IP addresses of the anti-DDoS diversion instances of Anti-DDoS Origin paid editions that you have purchased in the current region. If you have purchased anti-DDoS diversion instances in other regions or have not purchased anti-DDoS diversion instances, no data is displayed on the Others tab.

  5. Find the on-demand instance for which you want to enable traffic rerouting and click Start Redirection in the Operation column. In the message that appears, click OK.

    After you enable traffic rerouting to the on-demand instance, the instance enters the Redirecting state. This indicates that the system is rerouting the traffic destined for protected assets to mitigate DDoS attacks.

    If you want to stop traffic rerouting to the on-demand instance, click Pause Redirection in the Operation column.

    Note

    After you click Pause Redirection, the system no longer reroutes the traffic destined for protected assets to your on-demand instance and does not mitigate DDoS attacks for your assets.

What to do next

You can also enable the Automatic (NetFlow) mode to automatically reroute traffic to an on-demand instance. You can enable or disable traffic rerouting to an on-demand instance based on the NetFlow information about your servers in data centers and rules that you specified. For more information about how to enable the Automatic (NetFlow) mode, see Enable the Automatic (NetFlow) mode.

Related operations