Alibaba Cloud provides Anti-DDoS Premium to protect against DDoS attacks for servers deployed outside mainland China.

After you set up an Anti-DDoS Premium instance to protect your services, Anti-DDoS Premium forwards all attack traffic directed toward your servers to a dedicated IP address. Anti-DDoS Premium relies on the state of the art distributed near-origin traffic scrubbing to scrub malicious traffic and forward normal traffic to origin servers. This ensures the stability of your services.

Features

The following table describes the features provided by Anti-DDoS Premium.

Feature Description
Malformed packet filtering Anti-DDoS Premium protects your services against attacks, such as frag flood, smurf, stream flood, and land flood attacks, and filters out malformed packets, such as IP packets, TCP packets, and UDP packets.
Protection against transport-layer DDoS attacks Anti-DDoS Premium protects your services against attacks, such as SYN flood, ACK flood, UDP flood, ICMP flood, and RST flood.
Protection against web application DDoS attacks Anti-DDoS Premium protects your services against HTTP GET flood, HTTP POST flood, and high-frequency attacks. It also supports user-defined rules for access control, such as specific HTTP header field, URIs, and host rules.

Benefits

Anti-DDoS Premium provides the following benefits:
  • Global near-origin traffic scrubbing

    Anti-DDoS Premium uses the anycast mode and the traffic scrubbing centers of Alibaba Cloud around the world to forward DDoS attack traffic to the nearest traffic scrubbing center. It also supports backup and disaster recovery among multiple data centers.

  • Unlimited protection

    Different from Anti-DDoS Pro, Anti-DDoS Premium relies on global near-source scrubbing to provide unlimited and continuous protection.

    Notice If the attacks that target your services impact the infrastructure of anti-DDoS scrubbing centers, Alibaba Cloud reserves the right to throttle the traffic. Traffic throttling on your Anti-DDoS Premium instances may affect your services. For example, user traffic may also be throttled or even routed to a black hole.
  • Dedicated IP resources

    Anti-DDoS Premium provides a dedicated anycast IP address. Each IP address is isolated to avoid any impact on your services caused by DDoS attacks on other customers. This provides you with more secure anti-DDoS services.

  • Security reports

    Anti-DDoS Premium provides detailed traffic reports and attack prevention reports in real time. This provides you a clear view of your service security.

Scenarios

The Internet connects operators in different regions to enable global users to establish connections with each other. However, the network access and ability to communicate vary with the policies of these operators. Therefore, you must select an appropriate DDoS protection solution based on your service requirements.
Note When customers in mainland China want to access Anti-DDoS Premium resources deployed outside mainland China, the network quality cannot be guaranteed if only Anti-DDoS Premium is enabled due to the current routing and interconnection strategies of network operators.

In this case, the average network latency reaches 300 ms, and intermittent packet loss caused by the congestion of international links may occur. Therefore, we recommend that you deploy servers in mainland China to serve users in mainland China, use Anti-DDoS Pro to protect against DDoS attacks, and comply with relevant China laws and regulations to complete website registration and other compliance procedures.

The following table describes the scenarios where servers are deployed outside mainland China.
Scenario Solution
Servers are deployed outside mainland China to serve users outside mainland China.Outside mainland China Deploy Anti-DDoS Premium to protect against DDoS attacks.
Servers are deployed outside mainland China to serve users in mainland China.Outside mainland China
  • Solution 1

    If your services require a low network latency, such as that required for games, migrate your servers to mainland China where your users are located and deploy Anti-DDoS Pro to protect against DDoS attacks.

  • Solution 2

    If you do not plan to migrate your servers to mainland China, contact sales personnel or submit a ticket to purchase an Anti-DDoS Premium MCA instance. After you submit a ticket, technical support personnel can help you deploy the smart Anti-DDoS service that automatically switches between Anti-DDoS Pro or Anti-DDoS Premium and MCA. This guarantees smooth access for users in mainland China by using MCA if no attacks are detected. For more information about MCA configurations for Anti-DDoS Premium, see Configure Anti-DDoS Premium MCA.

Servers are deployed outside mainland China to serve users both in mainland China and outside mainland China.Outside mainland China
  • Solution 1

    Deploy servers separately for mainland China and outside mainland China. Servers deployed in mainland China serve users in mainland China, and servers deployed outside mainland China serve users outside mainland China. Deploy both Anti-DDoS Pro and Anti-DDoS Premium to protect your services in and outside mainland China against DDoS attacks.

  • Solution 2

    If you do not plan to migrate your servers to mainland China, contact sales personnel or submit a ticket to purchase an Anti-DDoS Premium MCA instance. After you submit a ticket, technical support personnel can help you deploy the smart Anti-DDoS service that automatically switches between Anti-DDoS Pro or Anti-DDoS Premium and MCA. This guarantees smooth access for users in mainland China by using MCA if no attacks are detected. For more information about MCA configurations for Anti-DDoS Premium, see Configure Anti-DDoS Premium MCA.

References