Application
For scenarios where user business servers are deployed outside of Mainland China, Cerberus provides high-defense DDoS services to help businesses reduce the risk of DDoS attacks. After the business accesses the DDoS high defense service, the attack traffic suffered by the server will be led to the exclusive IP of the DDoS high defense. DDoS High Defense uses the world's leading distributed near-source cleaning method to clean the attack traffic and return the filtered normal traffic to the origin server to ensure stable business operation.

Suitable

The business servers that need to be connected to the DDoS High Defense for protection are deployed outside the mainland of China.

Features

DDoS High Defense (International) supports the following DDoS attack defense functions.
DDoS
Attack classification
Attack subclass
Malformed message
Filter Frag flood, Smurf, stream flood, and Land flood attacks, filter malformed packets such as IP malformed packets, TCP malformed packets, and UDP malformed packets.
Defense against transport layer DDoS attacks
Filter Syn flood, Ack flood, UDP flood, ICMP flood, Rst flood and other attacks.
Defense against web application DDoS attacks
Filter HTTP Get flood, HTTP Post flood, and high-frequency attacks. At the same time, it supports customizing more refined access control rules based on HTTP characteristics, URI, Host, etc.
Product advantages
Anti-DDoS premium service has the following advantages:
Global near-source cleaning
Through the Anycast communication mode, make full use of the capabilities of Alibaba Cloud traffic cleaning centers around the world as a resource for DDoS high-defense services, and use distributed technology to automatically pull DDoS attack traffic to the traffic cleaning center closest to the attack source for filtering. While maximizing integration, it also has the ability to back up disasters in multiple computer rooms.
Unlimited full protection
The DDoS high defense service relies on the global near-source cleaning capability to provide every user with full protection without an upper limit.
Note!
If an attack on your business affects the infrastructure of Alibaba Cloud High Defense Cleaning Center, Hellhound reserves the right to suppress traffic. When a DDoS high-defense instance is suppressed by traffic, it may have a certain impact on your business. For example, business access traffic may be speed-limited or even black holes.
Exclusive IP resources
The DDoS high defense service provides each user with an exclusive Anycast IP, and each IP is isolated from each other to avoid any accidental injury to your business due to DDoS attacks suffered by other users, and to provide you with more secure DDoS protection services.
Security report
The DDoS High Defense Service provides you with detailed traffic reports and detailed attack protection information in real time, allowing you to understand the current business security status in a timely and accurate manner.

Application scenario

The Internet realizes global interoperability access through the interconnection of network operators from all over the world. However, due to the different strategies of network operators in each region, the actual situation of network access interoperability varies. Therefore, you need to choose the most suitable DDoS security protection solution according to different business scenarios.
Description
Based on the current routing interconnection strategy of network operators, when accessing overseas DDoS defense resources from mainland China by default, the use of DDoS defense services alone cannot guarantee the quality of the network link. The problems in this scenario include: the average access delay is as high as 300ms, and may be affected by international link congestion and cause intermittent packet loss. Therefore, it is strongly recommended that you deploy servers in mainland China to serve users in mainland China, and use other mainland China DDoS high-defense services to solve DDoS security protection issues, and complete compliance procedures such as website filing in compliance with relevant Chinese laws and regulations.
Global DDoS protection
Dispatch Hellhound's global DDoS protection nodes nearby according to the attack source. Using Anycast and GSLB technology, dispatch A Hellhound's global DDoS protection nodes, and then initiate the attack source to filter to maximize the protection capability. It can solve the problem of scheduling Hellhound's global DDoS protection nodes according to the source of the attack, using Anycast and GSLB technology to schedule Hellhound's global DDoS protection nodes, and then initiating the source of the attack to filter to maximize the protection capabilities.
Single area DDoS protection bandwidth bottleneck
The bandwidth of the local computer room cannot be expanded infinitely to resist DDoS attacks launched from all over the world, and the global DDoS protection network can be effectively used to improve the overall protection capabilities and effects.
Cross-border network congestion caused by DDoS attacks
DDoS attacks usually cause cross-border network congestion in some areas, which affects normal cross-border access. DDoS protection is implemented in each area to relieve the load of cross-border network links.
For services where servers are deployed outside of Mainland China, they are mainly divided into the following three scenarios.
Scenes
Recommended plan
The business server is deployed in regions other than Mainland China and mainly serves users in regions other than Mainland China
Purchase Hellhound DDoS high defense service to mitigate DDoS attacks.
The business server is deployed outside of Mainland China and mainly serves users in Mainland China
Solution 1:
If your business requires high network latency (for example, game industry server), build your server to migrate to the mainland China region where your main users are located, and purchase DDoS high-defense services to mitigate DDoS attacks.

Solution 2:
If your business server cannot be migrated to mainland China temporarily, it is recommended that you contact sales or apply for the purchase of a DDoS high-defense acceleration network through a work order. After opening, Cerberus technical support staff will assist you to complete the configuration of the DDoS high-defense intelligent switching scheme, and realize the demand of ensuring smooth access for users in mainland China through accelerated lines when there is no DDoS attack. For the configuration of the DDoS anti-acceleration line, see Configuring DDoS Anti-acceleration Line.
The business server is deployed in regions other than mainland China and serves users in mainland China and regions other than mainland China
Solution 1:
It is recommended that you deploy business servers in different regions, use servers deployed in mainland China to serve users in mainland China, and servers deployed in regions other than mainland China to serve users in regions outside mainland China. At the same time, through the purchase of DDoS high-defense services and DDoS high-defense services, respectively, to protect the business in mainland China and outside China, and mitigate DDoS attacks.

Solution 2:
If your business server cannot be migrated to mainland China temporarily, it is recommended that you contact sales or apply for the purchase of a DDoS high-defense acceleration network through a work order. After opening, Cerberus technical support staff will assist you to complete the configuration of the DDoS high-defense intelligent switching scheme, and realize the demand of ensuring smooth access for users in mainland China through accelerated lines when there is no DDoS attack. For the configuration of the DDoS anti-acceleration line, see Configuring DDoS Anti-acceleration Line.

Contact Us

Cerberus.net
email: [email protected]