Each account can have multiple Anti-DDoS instances, and each instance has at least one protective line; therefore, there can be multiple protective lines under one account. Once your business is added to an Anti-DDoS instance, a protective line will be configured for it. If multiple protective lines have been configured, you need to choose the optimal business traffic scheduling method, i.e., how to schedule business traffic to the optimal line for protection while ensuring high business access speed and availability.
Anti-DDoS features priority-based CNAME intelligent scheduling, where you can select an Anti-DDoS instance and set the priority of its protective line as needed.
Note:DNS configuration is supported for Anti-DDoS Pro instances and Anti-DDoS Advanced instances (including instances for BGP, China Telecom, China Unicom, and China Mobile).
This refers to using the protective line of the highest priority to respond to all DNS requests, i.e., all access traffic will be scheduled to the protective line of the currently highest priority. You can adjust the priority value of a protective line, which is 100 by default. The smaller the value, the higher the priority. The specific scheduling rules are as follows:
Note:If no protective lines of the second-highest priority are available, automatic scheduling cannot be completed, and business access will be interrupted.
Suppose you have the following Anti-DDoS instances: BGP IPs 1.1.1.1
and 1.1.1.2
, China Telecom IP 2.2.2.2
, and China Unicom IP 3.3.3.3
, of which the priority of 1.1.1.2
is 2 and that of the rest is 1. Normally, all traffic will be scheduled to the protective lines with the current priority of 1. Specifically, traffic from China Unicom will be scheduled to 3.3.3.3
, that from China Telecom to 2.2.2.2
, and that from other ISPs to 1.1.1.1
. If 1.1.1.1
is blocked, access traffic under this IP will be automatically scheduled to 2.2.2.2
. If both 1.1.1.1
and 3.3.3.3
are blocked, traffic supposed to be scheduled to them will be distributed to 2.2.2.2
, and if 2.2.2.2
is blocked too, traffic will be scheduled to 1.1.1.2
.
Note:
- If you need to add the IP of your protected Tencent Cloud service to a purchased Anti-DDoS Pro instance, please see Getting Started with Anti-DDoS Pro.
- If you need to connect your layer-4 or layer-7 application to a purchased Anti-DDoS Advanced instance, please see Anti-DDoS Advanced documents Port Connection or Domain Name Connection.
Please follow the steps below to set priorities for your Anti-DDoS instance based on your scheduling scheme:
Suppose you want to implement the following scheme: the business traffic will be scheduled to a BGP protective line first; if it is blocked due to attacks, the traffic will be automatically scheduled to a China Telecom protective line; if it is also blocked, the traffic will be scheduled to a China Unicom protective line; and after the BGP protective line is unblocked, the traffic will be scheduled to it automatically.
To implement this scheduling scheme, set the priority of the BGP line in the Anti-DDoS instance to 1 and that of the China Telecom line to 2, and keep the priority of the China Unicom line unchanged.
If you do not want the China Unicom protective line to be in the traffic scheduling scheme, click to disable domain name resolution for it, and you can enable domain name resolution again and set its priority when necessary. If you want to delete it from the current scheduling scheme, you can locate the row of its corresponding instance and click Unbind.
Before using a CNAME record for intelligent scheduling, you are recommended to change the CNAME record of your business domain name DNS to the CNAME record automatically generated by the intelligent scheduling system of Tencent Cloud Anti-DDoS, to which all access traffic to your business website will be directed.
Was this page helpful?