Alibaba Cloud provides Anti-DDoS Premium to protect servers that are deployed in regions outside the Chinese mainland against DDoS attacks.

After you add your service to an Anti-DDoS Premium instance for protection, Anti-DDoS Premium forwards all attack traffic that is destined for your servers to a dedicated IP address. Anti-DDoS Premium filters out attack traffic in scrubbing centers that are deployed nearest to visitors and forwards only service traffic back to the origin server. This ensures the stability of your workloads.

Usage notes

Anti-DDoS Premium is suitable for servers that are deployed outside the Chinese mainland.

Features

The following table describes the features provided by Anti-DDoS Premium.

Feature Description
Malformed packet filtering Anti-DDoS Premium protects your services against attacks, such as frag flood, smurf, stream flood, and land flood attacks, and filters out malformed packets, such as malformed IP, TCP, and UDP packets.
Protection against transport-layer DDoS attacks Anti-DDoS Premium protects your services against attacks, such as SYN flood, ACK flood, UDP flood, ICMP flood, and RST flood.
Protection against web application DDoS attacks Anti-DDoS Premium protects your services against HTTP GET flood, HTTP POST flood, and high-frequency attacks. Anti-DDoS Premium also supports user-defined rules for access control, such as specified HTTP header fields, URIs, and host rules.

Benefits

Anti-DDoS Premium provides the following benefits:
  • Global near-origin traffic scrubbing

    Anti-DDoS Premium uses the anycast mode and the traffic scrubbing centers of Alibaba Cloud around the world to forward DDoS attack traffic to the nearest traffic scrubbing center. Anti-DDoS Premium also supports backup and disaster recovery among multiple data centers.

  • Best effort protection

    Different from Anti-DDoS Pro, Anti-DDoS Premium uses global near-source scrubbing to provide best effort and continuous protection.

    Important If the attacks that are launched against your services adversely affect the infrastructure of the Anti-DDoS scrubbing centers, Alibaba Cloud reserves the rights to limit network traffic. If traffic limiting is triggered for your Anti-DDoS Premium instance, your services may be adversely affected. For example, your service traffic may be limited or blackhole filtering may be triggered.
  • Dedicated IP resources

    Anti-DDoS Premium provides a dedicated anycast IP address. Each IP address is isolated to avoid impacts on your services caused by DDoS attacks on other customers. This ensures more secure anti-DDoS services.

  • Security reports

    Anti-DDoS Premium provides detailed traffic and protection reports in real time. This provides a clear view of service security.

Scenarios

The Internet connects Internet service providers (ISPs) in different regions to allow global users to establish connections with each other. However, the network access and ability to communicate vary based on the policies of the ISPs. Therefore, you must select an appropriate DDoS mitigation solution based on your business requirements.
Note If only Anti-DDoS Premium is enabled, the network quality cannot be ensured when users in the Chinese mainland access Anti-DDoS Premium resources that are deployed outside the Chinese mainland. This is because of the current routing and interconnection strategies of ISPs.

In this case, the average network latency reaches 300 ms, and intermittent packet loss caused by the congestion of international links may occur. Therefore, we recommend that you deploy servers in the Chinese mainland to serve users in the Chinese mainland, use Anti-DDoS Pro to protect against DDoS attacks, and comply with relevant Chinese laws and regulations such as completing ICP filing and other compliance procedures.

The following table describes the scenarios in which servers are deployed in regions outside the Chinese mainland.
Scenario Solution
Servers are deployed outside the Chinese mainland to serve users outside the Chinese mainland. Deploy Anti-DDoS Premium to protect against DDoS attacks.
Servers are deployed outside the Chinese mainland to serve users in the Chinese mainland.
  • Solution 1

    If your services such as gaming services require a low network latency, migrate your servers to regions in the Chinese mainland where your users reside and deploy Anti-DDoS Pro to protect against DDoS attacks.

  • Solution 2

    If you do not plan to migrate your servers to regions in the Chinese mainland, we recommend that you purchase an Anti-DDoS Premium instance of the Chinese Mainland Acceleration (CMA) mitigation plan. After the Anti-DDoS Premium instance of the CMA mitigation plan is purchased, Alibaba Cloud technical support can help you deploy the smart Anti-DDoS service that automatically switches between an Anti-DDoS Premium instance and the Anti-DDoS Premium instance of the CMA mitigation plan. This way, you can use the Anti-DDoS Premium instance of the CMA mitigation plan to ensure smooth service access for users in the Chinese mainland when no attacks occur. For more information about an Anti-DDoS Premium instance of the CMA mitigation plan, see Use an Anti-DDoS Premium instance of the MCA mitigation plan.

Servers are deployed outside the Chinese mainland to serve users in the Chinese mainland and outside the Chinese mainland.
  • Solution 1

    Separately deploy servers in regions in the Chinese mainland and outside the Chinese mainland. Servers that are deployed in regions in the Chinese mainland serve users in the Chinese mainland, and servers that are deployed in regions outside the Chinese mainland serve users outside the Chinese mainland. Deploy Anti-DDoS Pro and Anti-DDoS Premium to protect your services in regions in the Chinese mainland and outside the Chinese mainland against DDoS attacks.

  • Solution 2

    If you do not plan to migrate your servers to regions in the Chinese mainland, we recommend that you purchase an Anti-DDoS Premium instance of the Chinese Mainland Acceleration (CMA) mitigation plan. After the Anti-DDoS Premium instance of the CMA mitigation plan is purchased, Alibaba Cloud technical support can help you deploy the smart Anti-DDoS service that automatically switches between an Anti-DDoS Premium instance and the Anti-DDoS Premium instance of the CMA mitigation plan. This way, you can use the Anti-DDoS Premium instance of the CMA mitigation plan to ensure smooth service access for users in the Chinese mainland when no attacks occur. For more information about an Anti-DDoS Premium instance of the CMA mitigation plan, see Use an Anti-DDoS Premium instance of the MCA mitigation plan.

References