DDoS attacks are mainly in bandwidth consumption for the attack signatures of network attacks, the attacker generally difficult to separate by the defense, we must find a third-party DDoS protection services to assist in the defense. At present, there are two kinds of protection programs on the market, one is carried out DDoS defense based CDN, referred to as high anti CDN protection program, the other is based on a high anti-node high-bandwidth DDoS cleaning ability and large carried out DDoS defense, referred to as high anti-IP protection program. Herein, these characteristics of the two protection schemes detailed analysis and comparison, specifically below.
First, the anti-high IP protection program analysis
High anti-IP Protection Scheme (hereinafter referred to as high anti-IP) is the use of high-bandwidth nodes in DDoS protection and protective ability of the regional construction to achieve DDoS protection, in general, the number of nodes in the high country of protective anti-IP vendors of 2 -10 DDoS protection capability, a single node is generally between 300-1000Gbps.
High anti-IP protection have the following three characteristics:
1, DDoS protection good effect:
For different customer needs, high anti-IP vendors generally provide one or more high anti-nodes for protection of the client's business, customers all traffic will converge to the high anti-nodes and anti-nodes usually have high protection capability of 300-1000Gbps as long as the attack traffic is less than the maximum protective capacity nodes, the nodes can easily deal with.
2, site acceleration weaker:
High anti-IP nodes generally less than 10, the same can not be as high anti CDN, CDN node provided by the provinces to speed up the site, but high anti-IP can also provide multiple nodes large area of static resources and accelerate business cache a DNS scheduled in line or region, which can effectively reduce the use of bandwidth resources of the source station, and the ability to achieve near-by region or source line access.
3, support hidden source station:
High anti-IP is independent of external exposure to high anti-IP nodes, the business forward to achieve independence through every high anti-IP node, an attacker can not get the real source of user interaction through the service station, in order to protect the safety of the source station.
Second, the high anti CDN protection program analysis
High anti CDN protection program (known under the high anti CDN) is the use of distributed enough CDN CDN node and single-node all have a certain ability to achieve DDoS protection DDoS protection. In general, high anti CDN CDN node number of vendors are greater than 50, single CDN nodes are DDoS protection capability between 20-100Gbps.
High anti CDN protection have the following five characteristics:
1, the site acceleration better:
CDN node will generally carried out in line distribution by province, traffic will generally be dispatched by the intelligent DNS resolution, users can access the service through the website optimized CDN node, CDN node can accelerate business website static resources, user access latency will be greatly reduced, the experience would be better.
2, seven better protection capabilities:
Since the main function of CDN node is accelerated and seven forwards, so a single CDN node has some processing capability, plus a lot of distributed nodes, so when DDoS attacks against a URL, DNS traffic is scheduled to disperse each CDN node, make full use of the entire network bandwidth, to achieve effective protection.
3, can not be defended targeted DDoS attacks:
Due to the high anti CDN node protection capability is generally between 20-100Gbps, if the attacker HOST bind to a specified node attack, attack or take turns for each node IP, as long as the attack traffic over a single CDN node protection capability, it will resulting in a single CDN node all business service interruption, if the attacker in turn launched attacks against large flow CDN node, will result in the user's business kept switching (single switching time of approximately 2-5 minutes) between nodes, and even cause the entire service interruption.
4, shared IP can not distinguish between specific attack:
CDN nodes are generally used to share IP segment approach to distribution service, an IP service may be loaded multiple domain names, so if an IP from DDoS attacks, attacks which can not be distinguished because the domain name business from the general practice of manufacturers of high anti CDN All IP traffic is carried back to the source associated with domain names, this way will lead the attack traffic directly to the source station traction, or expose the source station to the attacker, pose a safety risk source station has increased dramatically.
5, support hidden source station:
High anti CDN Foreign exposure is shared IP addresses of each node, CDN node IP achieved by forwarding business source station, an attacker can not get the real source of user interaction through the service station, in order to protect the safety of the source station.
Based on previous customer data, high anti-DDoS protection capability of CDN weaker than high anti-IP, but the site acceleration dominant. Therefore suitable for demanding site acceleration, DDoS defense requires the user to less than 100Gbps, such as the large portals and other services. The high anti-IP is suitable for less demanding website acceleration, DDoS attack threat is not clear, and there are frequent users to dynamically interact with the source station, such as gaming services, Internet banking services, the promotion of small sites, foreign business systems. Companies can reasonably choose according to their needs.
