Alibaba Cloud provides Anti-DDoS Premium to protect servers that are deployed in regions outside the Chinese mainland against DDoS attacks.
After you add your service to an Anti-DDoS Premium instance for protection, Anti-DDoS Premium forwards all attack traffic that is destined for your servers to a dedicated IP address. Anti-DDoS Premium filters out attack traffic in scrubbing centers that are deployed nearest to visitors and forwards only service traffic back to the origin server. This ensures the stability of your workloads.
Usage notes
Anti-DDoS Premium is suitable for servers that are deployed outside the Chinese mainland.
Features
The following table describes the features provided by Anti-DDoS Premium.
Feature | Description |
---|---|
Malformed packet filtering | Anti-DDoS Premium protects your services against attacks, such as frag flood, smurf, stream flood, and land flood attacks, and filters out malformed packets, such as malformed IP, TCP, and UDP packets. |
Protection against transport-layer DDoS attacks | Anti-DDoS Premium protects your services against attacks, such as SYN flood, ACK flood, UDP flood, ICMP flood, and RST flood. |
Protection against web application DDoS attacks | Anti-DDoS Premium protects your services against HTTP GET flood, HTTP POST flood, and high-frequency attacks. Anti-DDoS Premium also supports user-defined rules for access control, such as specified HTTP header fields, URIs, and host rules. |
Benefits
- Global near-origin traffic scrubbing
Anti-DDoS Premium uses the anycast mode and the traffic scrubbing centers of Alibaba Cloud around the world to forward DDoS attack traffic to the nearest traffic scrubbing center. Anti-DDoS Premium also supports backup and disaster recovery among multiple data centers.
- Best effort protection
Different from Anti-DDoS Pro, Anti-DDoS Premium uses global near-source scrubbing to provide best effort and continuous protection.
Important If the attacks that are launched against your services adversely affect the infrastructure of the Anti-DDoS scrubbing centers, Alibaba Cloud reserves the rights to limit network traffic. If traffic limiting is triggered for your Anti-DDoS Premium instance, your services may be adversely affected. For example, your service traffic may be limited or blackhole filtering may be triggered. - Dedicated IP resources
Anti-DDoS Premium provides a dedicated anycast IP address. Each IP address is isolated to avoid impacts on your services caused by DDoS attacks on other customers. This ensures more secure anti-DDoS services.
- Security reports
Anti-DDoS Premium provides detailed traffic and protection reports in real time. This provides a clear view of service security.
Scenarios
In this case, the average network latency reaches 300 ms, and intermittent packet loss caused by the congestion of international links may occur. Therefore, we recommend that you deploy servers in the Chinese mainland to serve users in the Chinese mainland, use Anti-DDoS Pro to protect against DDoS attacks, and comply with relevant Chinese laws and regulations such as completing ICP filing and other compliance procedures.
Scenario | Solution |
---|---|
Servers are deployed outside the Chinese mainland to serve users outside the Chinese mainland. | Deploy Anti-DDoS Premium to protect against DDoS attacks. |
Servers are deployed outside the Chinese mainland to serve users in the Chinese mainland. |
|
Servers are deployed outside the Chinese mainland to serve users in the Chinese mainland and outside the Chinese mainland. |
|