Each account can have multiple Anti-DDoS instances, and each instance has at least one protective line; therefore, there can be multiple protective lines under one account. Once your business is added to an Anti-DDoS instance, a protective line will be configured for it. If multiple protective lines have been configured, you need to choose the optimal business traffic scheduling method, i.e., how to schedule business traffic to the optimal line for protection while ensuring high business access speed and availability.
Anti-DDoS features priority-based CNAME smart scheduling, where you can select an Anti-DDoS instance and set the priority of its protective line as needed.
Note:
DNS reconfiguration is supported for Anti-DDoS Pro instances and Anti-DDoS Advanced instances (including instances for BGP, China Telecom, China Unicom, and China Mobile).
Smart scheduling is not needed if an instance has only one line.
Priority-based scheduling
All access traffic are first scheduled to the line of the highest priority. You can adjust the priority value of lines, which is 100 by default. The smaller the value, the higher the priority. The specific scheduling rules are as follows:
When an Anti-DDoS instance contains multiple lines from different ISPs and of the same priority, a response is made based on the ISP of the specific DNS request in the following order: BGP > China Telecom > China Unicom > China Mobile > ISPs outside the Chinese mainland.
If all the lines of the same priority are blocked, access traffic is automatically scheduled to the available line of the second-highest priority.
Note:
If no protective lines of the second-highest priority are available, automatic scheduling cannot be performed, and business access will be interrupted.
If the Anti-DDoS instance configured for your business contains multiple protective lines from the same ISP and of the same priority, access traffic will be evenly distributed to such lines.
Examples
Assume that you have the following Anti-DDoS instances: BGP protective IPs 1.1.1.1 and 1.1.1.2, China Telecom protective IP 2.2.2.2, and China Unicom protective IP 3.3.3.3, of which the priority of 1.1.1.2 is 2 and that of the rest is 1. Normally, all traffic will be scheduled to the protective lines with the current priority of 1. Specifically, traffic from China Unicom will be scheduled to 3.3.3.3, that from China Telecom to 2.2.2.2, and that from other ISPs to 1.1.1.1. If 1.1.1.1 is blocked, access traffic under this IP will be automatically scheduled to 2.2.2.2. If both 1.1.1.1 and 3.3.3.3 are blocked, traffic supposed to be scheduled to them will be distributed to 2.2.2.2, and if 2.2.2.2 is blocked too, traffic will be scheduled to 1.1.1.2.
To modify the DNS resolution, you need to purchase a DNS service, such as Tencent Cloud DNSPod.
Setting line priority
Please follow the steps below to set priorities for your protective instances based on your scheduling scheme:
1. Log in to the Anti-DDoS console and click Smart Scheduling on the left sidebar.
2. Click New Scheduling Policy to generate a CNAME record.
3. On the Create smart scheduling policy page, the TTL value defaults to 60 seconds and ranges from 1 to 3600 seconds. The default scheduling mode is Priority. Switchback time refers to the waiting time for triggering the switchback process when multiple resources are linked. Considering the waiting time for unblocking and to avoid frequent triggering of switchover, the minimum value allowed for switchback time is 10 minutes and the default value 60 minutes is recommended.
4. On the Create smart scheduling policy page, two modes are provided: priority and directional. Operation instructions for the two modes are as follows:
4.1 Priority mode: Set by priority (by numerical value) to provide scheduling between resources.
4.1.1 Click Add Anti-DDoS IP, select the target Anti-DDoS instance and IP, and click OK.
4.1.2 After the instance is added, DNS resolution is enabled for its protective line by default. At this point, you can set the priority.
4.2 Directional mode: Specify the scheduling relationship between resources through the directional mode.
4.2.1 Click Add Anti-DDoS IP, select the target Anti-DDoS instance and IP, select the wanted line, and click OK.
4.2.2 On the Create smart scheduling policy page, click Configure linkage resources on the right of the target resource.
4.2.3 In the Linkage resource management window, click Add resource, enter an IP and select a line, and click OK to configure the scheduling relationship between the specified resources.
Example
Assume that you want to implement the following scheme: The business traffic will be scheduled to a BGP protective line first; if it is blocked due to attacks, the traffic will be automatically scheduled to a China Telecom protective line; if it is blocked too, the traffic will be scheduled to a China Unicom protective line; and after the BGP protective line is unblocked, the traffic will be scheduled to it automatically.
To implement this scheduling scheme, set the priority of the BGP line in the Anti-DDoS instance to 1 and that of the China Telecom line to 2, and keep the priority of the China Unicom line unchanged.
If you do not want the China Unicom protective line to be in the traffic scheduling scheme, click
to disable DNS resolution for it, and you can enable DNS resolution again and set its priority when necessary. If you want to delete it from the current scheduling scheme, you can locate the row of its corresponding instance and click Unbind.
Modifying DNS resolution
Before using a CNAME record for smart scheduling, you are recommended to change the CNAME record of your business domain name DNS to the CNAME record automatically generated by the smart scheduling system of Tencent Cloud Anti-DDoS, to which all access traffic will be directed.
Yes
No
Was this page helpful?