If the primary back-to-origin link for a non-website service fails, you need a way to quickly redirect traffic to a backup link. Origin redundancy lets you configure primary and secondary origin servers for a port forwarding rule, so you can manually switch traffic between them. This improves disaster recovery (DR) for non-website services protected by Anti-DDoS Pro or Anti-DDoS Premium.
Origin redundancy requires manual switching. It does not automatically detect failures or redirect traffic. Monitor your back-to-origin links and switch when needed.
How it works
When you enable origin redundancy on a port forwarding rule, Anti-DDoS maintains two sets of back-to-origin IP addresses:
Primary origin server -- Receives traffic by default. The current back-to-origin IP addresses of the rule are automatically assigned to this server.
Secondary origin server -- Serves as a standby. Switch traffic to it when the primary back-to-origin link fails.
Traffic flows to the primary origin server until you manually switch to the secondary.
Limitations
| Limitation | Description |
|---|---|
| Alibaba Cloud origin servers | Only origin servers under the current Alibaba Cloud account can be added |
| Port forwarding rule lock | After you enable origin redundancy, the corresponding port forwarding rule is locked and cannot be modified. To modify the rule, first disable origin redundancy |
| IP address limit | Each origin server (primary and secondary) supports up to 20 back-to-origin IP addresses |
Enable origin redundancy
Before you begin, make sure that a non-website service is added to Anti-DDoS Pro or Anti-DDoS Premium. For details, see Manage forwarding rules.
Log on to the Anti-DDoS Pro console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): Select Chinese Mainland for Anti-DDoS Pro instances.
Anti-DDoS Proxy (Outside Chinese Mainland): Select Outside Chinese Mainland for Anti-DDoS Premium instances.
In the left-side navigation pane, choose Provisioning > Port Config.
Select the instance to manage. Find the target port forwarding rule and click Back-to-origin Settings in the Actions column.
In the Back-to-origin Settings dialog box, turn on Origin Redundancy.
In the Note message, click OK. The current back-to-origin IP addresses of the port forwarding rule are automatically assigned to the primary origin server, and traffic is forwarded to the primary origin server.
Configure the back-to-origin IP addresses for the primary and secondary origin servers. Separate multiple IP addresses with commas (,). Each origin server supports up to 20 back-to-origin IP addresses.
Select the origin server to receive traffic, and then click OK.
Switch to the secondary origin server
If the primary back-to-origin link fails, switch traffic to the secondary origin server:
Open the Back-to-origin Settings dialog box for the target port forwarding rule.
Select Use Secondary Origin Server, and then click OK. Traffic is redirected to the secondary back-to-origin IP addresses.
To switch back to the primary origin server, open the same dialog box and select the primary origin server.
Disable origin redundancy
To disable origin redundancy, turn off Origin Redundancy in the Back-to-origin Settings dialog box.
After you disable origin redundancy:
The back-to-origin IP addresses of the currently active origin server become the back-to-origin IP addresses of the port forwarding rule. For example, if the secondary origin server is active when you disable origin redundancy, the secondary origin server's IP addresses are used.
The port forwarding rule is unlocked and can be modified. For details, see Manage forwarding rules.