To add a Sec-MCA rule, you must purchase an Anti-DDoS Premium Insurance or Unlimited instance and an Anti-DDoS Premium Sec-MCA instance. You can direct traffic from all ISPs in the Chinese mainland (excluding China Mobile) to the IP address of the Sec-MCA instance and direct traffic from China Mobile and regions outside the Chinese mainland to the IP address of the Anti-DDoS Premium instance.

Prerequisites

  • A Sec-MCA instance is purchased, and your service is added to the instance. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance and Configure Anti-DDoS Premium Sec-MCA.
    Note You only need to add your service to the Sec-MCA instance and do not need to modify DNS records of the domain name.
  • An Anti-DDoS Premium Insurance or Unlimited instance is purchased, and your service is added to the Anti-DDoS Premium Insurance or Unlimited instance. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance and Add a website (website service) and Manage forwarding rules (non-website service).
    Note The bandwidth and queries per second (QPS) of the Anti-DDoS Premium Insurance or Unlimited instance must meet protection requirements of your service. This ensures that the instance can process service traffic after the traffic is switched to the Anti-DDoS Premium Insurance or Unlimited instance.
  • Both the Anti-DDoS Premium instance of the MCA mitigation plan and the Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan forward service traffic as expected.

    For more information, see Verify the forwarding configurations on your local computer.

Background information

Sec-MCA accelerates service access in scenarios where your service is deployed outside the Chinese mainland but your users reside in the Chinese mainland. It also mitigates volumetric DDoS attacks on the networks of ISPs in the Chinese mainland, excluding China Mobile.

If you want to provide quick and stable access for all users, including users in and outside the Chinese mainland and users from various ISPs, such as China Unicom and China Mobile, you can use the Sec-MCA instance together with the Anti-DDoS Premium Insurance or Unlimited instance.

For more information, see Configure Anti-DDoS Premium Sec-CMA.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Outside Chinese Mainland.
    If you select this region, the Anti-DDoS Premium console appears.
  3. In the left-side navigation pane, choose Provisioning > Sec-Traffic Manager.
  4. On the General tab, click Create Rule.
  5. In the Create Rule pane, configure a Sec-MCA rule and click Next.
    Parameter Description
    Interaction Scenario Select Sec-MCA.
    Name Specify the name of the rule.

    The rule name can be up to 128 characters in length and can contain letters, digits, and underscores (_).

    Sec-MCA Select the IP address of the Sec-MCA instance.
    Anti-DDoS Premium Select an Anti-DDoS Pro or Anti-DDoS Premium instance.
    After the rule is created, Sec-Traffic Manager assigns a CNAME address for the rule. You can view the created rule and CNAME address in the rule list.
  6. Modify the DNS records.
    Modify the DNS records of your domain name on the website of the DNS service provider to point the domain name to the CNAME address provided by Sec-Traffic Manager. For more information, see Change the CNAME record to redirect traffic to Sec-Traffic Manager.

What to do next

  • Edit an interaction rule: On the General tab, find the rule that you want to edit and click Edit in the Actions column. You can modify parameters except Interaction Scenario and Name.
  • Delete an interaction rule: On the General tab, find the rule that you want to delete and click Delete in the Actions column.
    Warning Before you delete an interaction rule, make sure that the service traffic is no longer directed to the CNAME address assigned by Sec-Traffic Manager. Otherwise, your service becomes unavailable after you delete the rule.