Background
Anti-DDoS Pro is available for Tencent Cloud users in Beijing, Shanghai, and Guangzhou regions only and guarantees all-out protection. Integrating the local cleansing center capability, all-out protection aims to spare no effort to successfully defend against each DDoS attack. In addition, all-out protection will be adjusted according to the actual network status. Anti-DDoS Pro is not available in Chengdu, Chongqing, and other regions in the Chinese mainland. If your business's real server is deployed in Tencent Cloud and you need to use the protection capability of Anti-DDoS Pro in regions other than where your real server is located, you may consider the following solution.
Solution
This solution involves Anti-DDoS Pro, Cloud Load Balancer (CLB), and your real server. Firstly, you will need to deploy a CLB instance in a region where you have Anti-DDoS Pro resources and bind the CLB to the Anti-DDoS Pro instance. Next, configure the private network forwarding rules for the CLB to ensure that your business can be accessed through the public IP of the CLB.
Normally, business traffic will be routed to the public IP of the real server or directly to the public IP of the CLB in another region. The business traffic will access the nearest real server.
If attacks occur, business traffic will be routed to the IP of the CLB to cleanse the attack traffic. After the traffic is cleansed, the CLB will forward the traffic back to the real server via Direct Connect lines in the Tencent Cloud private network.
The following figure describes the details of the solution:
Benefits
The DDoS protection capability will no longer be limited by regions and can be up to 300 Gbps.
The business traffic will be forwarded via Direct Connect lines in the Tencent Cloud private network with high reliability and low latency.
You will enjoy all the advantages brought by Tencent Cloud Anti-DDoS network. All your public IPs will be BGP IPs and the latency will be very low.
Tips
Deploy Anti-DDoS Pro and CLB in advance.
Establish a business availability monitoring system so that you can promptly notice and respond to any problem with access to the real server when the automatic switching mechanism is not deployed.
Test regularly, familiarize yourself with the solution details, and solve potential problems.
Was this page helpful?