Recently helped a friend to deal with a DDoS event, found that their company used high defense CDN is a single node architecture, the attack came to the entire business directly paralyzed for three days. This matter reminds me of many enterprises choose high defense program did not get the list of nodes and multi-node essential difference, always think “there is a protection on the line”. The result is that the attack came to cry father and mother, after the recovery of business continue to use the old program, with the opening of a blind box like.
A single-node high-defense CDN, to put it bluntly, is all the traffic is centralized in a cleaning center to deal with. It sounds like a big savings, right? But you think ah, the whole country or even the world's user requests have to go around to this point, high latency, not to mention, once encountered a large-scale DDoS, regardless of whether you 100G or 500G defense bandwidth, hit the full direct collapse. I have tested a vendor's single node program, 300Gbps SYN Flood over, not only the business card death, even the management background can not log on - because the control surface and data surface is not separated.
Multi-node architecture is the right answer for modern high defense CDN. Like CDN5 such service providers have long been engaged in distributed cleaning, hundreds of nodes around the world intelligent scheduling traffic. Attacks come automatically to the traffic guide to the nearest cleaning center, after the dirty data and then let the clean traffic back to the source. Do not say 300G, is doubled can also carry, because the traffic was disassembled to different nodes in parallel processing.
The speed is even better than a single node. Last year, an e-commerce platform to do migration testing, from a single node to switch to CDN07 multi-node program, the average delay from 180ms down to 40ms. why? Because users no longer have to go all the way to the only node to go, directly near the access. Especially for multinational business, with 08Host's Asia-Pacific multi-node network, Hong Kong, Singapore, Tokyo, three lines of scheduling, overseas users access speed increase of 60% or more.
There is also a small detail that many people ignore: once the single node program to expand the capacity of the whole downtime upgrade, and multi-node support gray-scale switching. Last week to help a game company to add nodes, directly to the CDN5 load balancing pool threw the new server, the traffic is automatically distributed according to the weight, the user is completely unaware. This flexibility is a lifesaver during peak business periods.
The defenses are even more different. Single nodes are like putting eggs in a basket, while multiple nodes are a typical divide-and-conquer strategy. I have encountered a situation: a financial APP is targeted to hit the geographical traffic, the source of the attack is concentrated in East China. If it is a single node must be paralyzed, but with a multi-node program, the system automatically schedules the East China traffic to the cleaning center in Nanjing and Hangzhou, and other regional users are not affected at all. This kind of fine-grained prevention and control of single nodes simply can not do.
Configuration is not as complicated as imagined. Multi-node programs are now basically API-enabled operations, such as using 08Host's scheduling system, write a simple weight configuration to control the direction of traffic:
Never believe those rumors that say the cost of multiple nodes is high. Now CDN07 this kind of vendor by flexible bandwidth billing, usually use how much counts how much, the attack automatically expand capacity. On the contrary, a single node in order to reserve bandwidth for defense, perennial idle 80% capacity, which is a real waste.
Finally, a lesson in tears: some small factories boast of “super node” essence or single architecture, but the machine configuration stacked high only. Really encountered mixed attacks (CC + DDoS + slow connection), the CPU is full of direct crash. The regular multi-node program like CDN5 has done seven layers of protection linkage, each node can independently complete the HTTP anomaly detection and challenge response.
So don't be fooled by those “ultra-high defense value” advertisements. The number of nodes is the hard indicators of high-defense CDN, distributed architecture brings not only the depth of defense, but also real business continuity protection. These days even the CDN have to “defense teammates” - the defense is that those who cut corners on the program providers.
