Anti-DDoS Pro and Anti-DDoS Premium both provide Sec-Traffic Manager for you to configure rules on the interaction between them and the protected cloud services. You can configure rules for Anti-DDoS Pro or Anti-DDoS Premium. These rules take effect only in specific scenarios. This feature ensures service continuity and provides protection against distributed denial-of-service (DDoS) attacks. Sec-Traffic Manager provides features such as cloud service interaction, tiered protection, Content Delivery Network (CDN) interaction, Dynamic Route for CDN (DCDN) interaction, network acceleration, and Sec-MCA.
Scenarios
If you add your websites to Anti-DDoS Pro or Anti-DDoS Premium, you only need to add the domain names of your websites. For more information, see Add a website. If you add your non-website services to Anti-DDoS Pro or Anti-DDoS Premium, you only need to add the ports of your services. For more information, see Manage forwarding rules.
After your services are added to Anti-DDoS Pro or Anti-DDoS Premium, all service traffic, including normal and malicious traffic, is forwarded to Anti-DDoS Pro or Anti-DDoS Premium. Malicious traffic is filtered out, and only normal traffic is forwarded to the origin server. During normal service access, normal traffic is also forwarded by Anti-DDoS Pro or Anti-DDoS Premium. This may cause a low latency to the service.
To resolve this issue, you can enable the cloud service interaction feature of Sec-Traffic Manager. If no attacks occur, normal traffic is directly forwarded to the origin server without increasing latency. If attacks occur, traffic is switched to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing and forwarding.
In addition to the preceding scenarios, Sec-Traffic Manager enables interactions between Anti-DDoS Pro or Anti-DDoS Premium and Anti-DDoS Origin, CDN, DCDN, Chinese Mainland Acceleration (MCA), and Sec-MCA. For more information, see Benefits.
Benefits
The following table describes the interaction scenarios of Sec-Traffic Manager and related topics.
× indicates that Anti-DDoS Pro does not support this interaction scenario.
| Interaction scenario | Description | Anti-DDoS Pro | Anti-DDoS Premium |
|---|---|---|---|
| Cloud Service Interaction | Your services use Alibaba Cloud public IP addresses and are protected by Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
Note Anti-DDoS Pro or Anti-DDoS Premium can interact with Alibaba Cloud Global Accelerator
(GA). For more information, see What is Global Accelerator?.
|
Create a cloud service interaction rule | |
| Tiered Protection | Your services are protected by Anti-DDoS Origin Enterprise and Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
|
Create a tiered protection rule | |
| CDN/DCDN Interaction | Your websites use Alibaba Cloud CDN or DCDN and are protected by Anti-DDoS Pro or Anti-DDoS Premium to achieve the following effects:
|
Create a CDN or DCDN interaction rule | |
| Network Acceleration | Your services are protected by Anti-DDoS Premium Insurance or Unlimited plan and MCA to achieve the following effects:
Note Network acceleration is suitable for the scenarios in which services are deployed
outside the Chinese mainland and users of services come from the Chinese mainland.
For more information, see Use an Anti-DDoS Premium instance of the MCA mitigation plan.
|
× | Create a network acceleration rule |
| Sec-MCA | Your services are protected by Anti-DDoS Premium Insurance or Unlimited plan and Sec-MCA to achieve the following effects:
Note Sec-MCA accelerates access of users in the Chinese mainland to services in regions
outside the Chinese mainland. It also mitigates volumetric DDoS attacks on the networks
of ISPs in the Chinese mainland, excluding China Mobile. For more information, see
Configure Anti-DDoS Premium Sec-CMA.
|
× | Create a Sec-MCA rule |