Forum Discussion
CirrusCan I use XC as a TCP proxy and DDoS Protection?
EmployeeTCP LBs in XC can be unique ip:port combinations or can be routed by domain using SNI (assuming the traffic is TLS). Your XC tenant has a single default "tenant IP" that is advertised via anycast globally (you can purchase additional IPs or BYO routed block if you need to).
Re: DDOS
There's platform level DDOS applied to all internet advertised VIPs in XC -- but I wouldn't consider this a "DDOS service". Like all cloud vendors, this is largely a platform protection mechanism and it's not configurable. For HTTP LBs XC offers "L7 DDOS" which is behavioral based but this, obviously, isn't applicable to TCP LBs as the platform is not doing protocol parsing.
XC offers a routed DDOS solution (ie. a newer incarnation of the "Silverline" platform). For this service you'd route your ARIN allocation to the service via BGP (either conditionally or always-on) and we'd scrub the traffic and redeliver it via GRE tunnels to your DCs. This is outside the scope of advertising a handful of TCP LBs to the internet (ie. we'd not carve out network space inside your routed block for XC LBs).
Let us know what you're trying to do and maybe someone here can make a more informed recommendation.
AantatHi,
1. Seems like TCP LB will work perfectly in my case with IP:port combination. So on my origin side, requests will come from tenant IP or from this list? If yes, what about custom ports?
2. Routed DDoS solution is not fitting in this case, so VIP is basically protected from DDoS, but I don't have any chance to configure it?