Sec-Traffic Manager is provided by Anti-DDoS Proxy to help you configure rules on the interaction between Anti-DDoS Proxy and cloud services. The rules take effect only in specific scenarios. Sec-Traffic Manager ensures service continuity if no DDoS attacks occur and helps mitigate DDoS attacks. Sec-Traffic Manager provides features such as cloud service interaction, tiered protection, Alibaba Cloud CDN (CDN) interaction, Dynamic Content Delivery Network (DCDN) interaction, network acceleration, and secure acceleration.
Scenarios
If you add website services to Anti-DDoS Proxy, you need to only add the domain names of the website services. For more information, see Add one or more websites. If you add non-website services to Anti-DDoS Proxy, you need to only add the ports of the non-website services. For more information, see Configure port forwarding rules.
After you add services to Anti-DDoS Proxy, all traffic, including service and attack traffic, is forwarded to Anti-DDoS Proxy. Attack traffic is filtered out, and only service traffic is forwarded to the origin server. During normal service access, service traffic is also forwarded by Anti-DDoS Proxy. This may cause a low service latency.
To resolve this issue, you can enable the cloud service interaction feature of Sec-Traffic Manager. If no attacks occur, service traffic is directly forwarded to the origin server without increasing latency. If attacks occur, traffic is switched to Anti-DDoS Proxy for scrubbing and forwarding.
In addition to the preceding scenarios, Sec-Traffic Manager enables interactions between Anti-DDoS Proxy and Anti-DDoS Origin, CDN, DCDN, the Chinese Mainland Acceleration (CMA) mitigation plan, and the Secure Chinese Mainland Acceleration (Sec-CMA) mitigation plan. For more information, see Interaction scenarios.
Anti-DDoS Proxy provides Sec-Traffic Manager to help you to configure rules for your service access. Whether you use Sec-Traffic Manager does not affect the billing of Anti-DDoS Proxy. For more information about the billing methods of Anti-DDoS Proxy, see Billing of Anti-DDoS Proxy (Chinese Mainland) and Billing of Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans.
Interaction scenarios
The following table describes the interaction scenarios of Sec-Traffic Manager and the related topics.
A cross (×) indicates that Anti-DDoS Proxy (Chinese Mainland) does not support the interaction scenario.
Interaction scenario | Description | Anti-DDoS Proxy (Chinese Mainland) | Anti-DDoS Proxy (Outside Chinese Mainland) | References |
Cloud service interaction | Your services use Alibaba Cloud public IP addresses and are protected by Anti-DDoS Proxy to achieve the following effects:
Note Anti-DDoS Proxy can interact with Alibaba Cloud Global Accelerator (GA). For more information, see What is Global Accelerator?. | √ | √ | |
Tiered protection | Your services are protected by Anti-DDoS Origin Enterprise and Anti-DDoS Proxy to achieve the following effects:
| √ | √ | |
CDN or DCDN interaction | Your website services use Alibaba Cloud CDN or DCDN and are protected by Anti-DDoS Proxy to achieve the following effects:
| √ | √ | |
Network acceleration | Your services are protected by an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance or Unlimited mitigation plan and an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the CMA mitigation plan to achieve the following effects:
Note Network acceleration is suitable for scenarios in which services are deployed outside the Chinese mainland and the users of the services are from the Chinese mainland. For more information, see Configure an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the CMA mitigation plan. | × | √ | |
Secure acceleration | Your services are protected by an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance or Unlimited mitigation plan and an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Sec-CMA mitigation plan to achieve the following effects:
Note An Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Sec-CMA mitigation plan accelerates access of users in the Chinese mainland to services in regions outside the Chinese mainland. The instance also mitigates volumetric DDoS attacks on the networks of ISPs in the Chinese mainland, excluding China Mobile. For more information, see Configure an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Sec-CMA mitigation plan. | × | √ |