Accelerate and Protect Your Websites and Apps with Anti-DDoS Premium’s Mainland China Acceleration (MCA) Service

By Thomas Poon, Solutions Architect

After successfully building your website, web application, or mobile applications, you need to carefully consider how you would launch your product. This may include network considerations as well as security considerations.

In particular, you may be concerned about protecting your websites or apps against external threats, such as DDoS attacks. While DDoS attacks typically do not sacrifice data privacy, it will make your application unresponsive or even forcing your internet service provider to “blackhole” the whole website.

In this article, Ill show you how to use Alibaba Cloud’s Anti-DDoS Premium to protect your critical assets against DDoS attacks. I’ll also show you how to accelerate access for Mainland China users to your application hosted outside Mainland China, such as Singapore and Hong Kong, with the new Mainland China Acceleration (MCA) service.

I will be combining several Alibaba Cloud products, including Anti-DDoS Premium, Domain Name Service (DNS), and Object Storage Service (OSS).

The following will be a step-by-step explanation about how to configure the whole setup in under 30 minutes.

Setting Up Anti-DDoS Premium Mainland China Acceleration (MCA) Service

We have set up an internet accessible website, hosted on Alibaba Cloud OSS: http://websitetemplate.oss-cn-hongkong.aliyuncs.com

Image for post
Image for post

For this tutorial, we’ll imagine this is our original website that we wish to protect and accelerate.

Access the Anti-DDoS Premium console, purchase the Anti-DDoS Premium service together with the Mainland China Acceleration instance (you may contact Alibaba Cloud to assist you).

Image for post
Image for post
  1. For the Anti-DDoS Premium insurance plan: It provides 2 unlimited mitigations per month (unlimited plan available).
  2. For the Mainland China Acceleration plan: By default it provides 10Mb accelerated bandwidth between Mainland China and overseas.

Now we can start configuring the Anti-DDoS + MCA services. Click Provisioning -> Add Website

Complete the setup as below :

Website domain: demo.alibabacloudhk.com (we want end user to use this domain name to access)

Protocol : HTTP (it also supports web socket)

Origin Server : websitetemplate.oss-cn-hongkong.aliyuncs.com (this is our website)

Then click Add Website

Image for post
Image for post

The DDoS protection setup is almost complete. Click Return to Website List

Image for post
Image for post

You will be able to see that the Domain is configured to Anti-DDoS and MCA instance IPs.

Image for post
Image for post

Configuring the Mainland China Acceleration Selector

Next we will configure the MCA, so that for China Mainland users will use the MCA first, and fail-over to Anti-DDoS IP if MCA is under attack.

Switch to the Security Traffic Manager tab and click Add Rule

Image for post
Image for post

Add the MCA rule in which the MCA IP has a high priority and the Anti-DDoS IP is low Priority.

Image for post
Image for post

The Security Traffic Manager will generate a CNAME record, which is responsible for the traffic fail-over between the MCA IP and then Anti-DDoS Premium IP address if necessary.

Image for post
Image for post

Setting Up the DNS Service for Mainland User

Now we will configure the DNS service, so the user will be able to resolve demo.alibabacloudhk.com to MCA and Anti-DDoS Premium.

Go to the Alibaba Cloud DNS service console. Under Domains, click on your domain name.

Image for post
Image for post

Click Add Record, and then set the demo.alibabacloudhk.com as CNAME “58nz89begh5mzq5d.scommander.com”

Image for post
Image for post

Verifying the Results from Mainland China

You can find any machine located in China, to ping the hostname, you will find the hostname will first resolved to the CNAME, and then connect to the MCA with extremely fast speed ( ~ 31ms from Shanghai to Hong Kong ).

Image for post
Image for post

The procedures just configured the following architecture.

Image for post
Image for post

Now your website is protected by Alibaba Cloud’s Anti-DDoS Premium service, and accelerated to Mainland China users as well.

References

  1. What Is a DDoS Attack?
  2. What Is Anti-DDoS Premium?
  3. What Is MCA?

Reference:https://www.alibabacloud.com/blog/accelerate-and-protect-your-websites-and-apps-with-anti-ddos-premiums-mainland-china-acceleration-mca-service_594396?spm=a2c41.12531900.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store