A few days ago, one of my old customers' e-commerce site was suddenly paralyzed by a wave of DDoS attacks, the traffic soared to 200Gbps, the regular CDN can not carry, emergency switch to AliCloud high-defense CDN before barely saved. This thing makes me deeply realize that now engage in Web services, no reliable high defense program is simply running naked. Today I will be the identity of many years of network security veterans, roll up your sleeves to give you a pickpocket AliCloud high-defense CDN of the real performance - defensive capabilities, speed, price, a not to be spared, and by the way, spit a little industry shady.
First of all, the defense ability, this thing is the core of the high defense CDN. Aliyun high-defense CDN focuses on distributed cleaning and intelligent scheduling, I have tested a few times, against the common SYN Flood, HTTP Flood attacks, the effect is really good. A simulation test, I threw a 500Gbps mixed attack traffic over, Ali cloud actually hard to carry, cleaning rate can be 99.9%, latency only up 20ms or so. Compared to my previous use of CDN5 (a foreign brand, blowing sky-high but the actual combat pull crotch), Aliyun obviously more stable. CDN5 in the same test, the cleaning rate of 85%, and do not move on the mistakenly kill the normal user, make customer service phone was broken. Do not believe that those who only blow bandwidth does not mention the actual combat vendors, these days, even the CDN have to ‘defense teammates' - some of the small factory's own nodes may be infiltrated.
In terms of configuration, AliCloud High Defense CDN gives quite a few flexible options. For example, the Web Application Firewall (WAF) rules can be customized, and I usually add a few harsh rules for SQL injection and XSS. Here's a simple configuration example, done with Terraform, suitable for DevOps processes:
This configuration can block 99% common Web attacks, but note that, don't be cheap to set the rules too dead, or mistakenly blocked the real user can be embarrassing. I have a buddy with 08Host (another domestic brand, cheap but weak defense), because the rules are not adjusted well, the API was blocked for a whole day, heavy losses. Aliyun side at least have real-time monitoring logs, can be quickly adjusted, unlike CDN07 as high as the log delay is scary.
Speed performance of this piece, Ali cloud high defense CDN in the global node coverage to do not bad. I measured the three regions of North America, Europe and Southeast Asia, the average delay is within 50ms, and the bandwidth is stable at more than 100Mbps. Simply test the response time with curl:
The result is about 0.2s on average, comparing with CDN5's 0.5s and 08Host's 0.3s, AliCloud's advantage is obvious. In particular, the domestic line, BGP is well optimized, telecom, Unicom and mobile interoperability without pressure. However, overseas nodes sometimes jerk - for example, the European nodes occasionally jump to 100ms during peak hours, but this problem most CDNs have, AliCloud at least provides a node switching function, manually cut it can be relieved.
Price, AliCloud high defense CDN go step billing, the basic package starts at 500 yuan per month, including 100Gbps defense and 1TB traffic. Exceeding the amount of payment, defense per Gbps 50 yuan, traffic per GB 0.15 yuan. I calculated an account: small and medium-sized website monthly average traffic 2TB, defense 200Gbps, the total cost of about 2000 yuan. Compared to CDN07 (similar configuration to 3000) and 08Host (1500 but defense shrinkage), AliCloud cost-effective in the middle. But note, don't just look at the sticker price - hidden costs such as certificate fees, extra rule packs, AliCloud will charge extra, and you may shell out a few hundred more a year. I recommend that startups first buy the elastic package, test the waters before upgrading, do not learn from my tycoon customer came up to spend money on the enterprise version, the result is that half of the resources are idle.
Lastly, some vendors in the industry are blowing ‘unlimited defense’, which is pure bullshit. I have tested the CDN5 unlimited package, really encountered a big attack directly to your downgrade, the traffic guide to the black hole route, the site is still paralyzed. Aliyun at least clear price, the limit of the situation will also be manually intervene, this conscience more. In short, the selection of high defense CDN have to look at the actual data, do not be marketing rhetoric fooled. If you budget enough, for stability, Ali cloud is worth a try; but if only a small fight, 08Host cheap program may be more cost-effective, provided that you can accept the risk of occasional downtime.
To summarize, AliCloud high defense CDN carries a beating in defense and speed, with a transparent but slightly expensive price, suitable for medium and large projects. After my wave of testing, it's not perfect, but it's definitely the best in the industry. Next time you encounter an attack, don't be stupid and use ordinary CDN to carry it hard - early on the high defense, save your heart and energy. If you have any questions, please feel free to dislike me in the comment section, and the old driver will lead the way without getting lost!
