Using ELB and CNAD Advanced to Enhance the Defense Against DDoS Attacks
Application Scenarios
Cloud Native Anti-DDoS Advanced (CNAD Advanced) can improve the anti-DDoS capability of cloud services and ensure service security. You can deploy a load balancer and add its EIP to a CNAD instance to significantly enhance the defense against various types of DDoS attacks.
Solution Architecture
If your website is deployed on an ECS, you can deploy a load balancer on the origin server of the ECS, and add the EIP of the load balancer to a CNAD advanced instance to protect your website against DDoS attacks.
Advantages
Compared to enabling CNAD Advanced for ECSs, combining CNAD Advanced and Elastic Load Balance (ELB) allows for the discarding of traffic from unlistened protocols and ports. This enhances defense against various DDoS attacks (including reflection attacks like SSDP, NTP, and Memcached, as well as UDP flood and SYN flood attacks), significantly improving the DDoS protection capability of ECSs and ensuring the security and reliability of user services.
Resource and Cost Planning
|
Resource |
Description |
Quantity |
Cost |
|---|---|---|---|
|
Load balancer |
Distributes access traffic across ECSs to eliminate single point of failures (SPOFs) caused by DDoS attacks. |
1 |
For details, see Billing Overview. |
|
CNAD advanced instance |
Protects the EIP of the load balancer against DDoS attacks. |
1 |
For details about CNAD Advanced billing modes and standards, see Billing Overview. |
Procedure
- Create a load balancer. For details, see Creating a Load Balancer.
Table 1 Parameter description Parameter
Description
Region
Select the region where the ECS is located.
EIP
Select Auto assign.
EIP Type
Select Dynamic BGP.
- Obtain the public IP address of the created load balancer, as shown in Figure 2.
- Buy a CNAD Advanced instance in the same region as the ECS.
- In the navigation pane on the left, choose . The Instances page is displayed.
Figure 3 Instance list
- In the upper right corner of the target instance box, click Add Protected Object.
- In the Add Protected Object dialog box that is displayed, select the elastic IP address of the load balancer obtained in 2 and click OK.
After adding protected objects, you can configure protection policies for them. Cloud Native Anti-DDoS Advanced provides unlimited protection against DDoS attacks for ECSs. When a DDoS attack occurs, traffic scrubbing is automatically triggered.
For details about how to configure a protection policy, see Adding a Protection Policy.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
