Current Location: Blog >
Singapore server
1.
overall risk assessment and grading strategy
1) inventory assets: list all ecs, slb, rds, oss, public network bandwidth and other resources running in the alibaba cloud singapore computer room.2) risk classification: divided into three levels: p0 (payment/logout), p1 (transaction), and p2 (display) according to business importance.
3) single point identification: identify and label single points of failure such as single hosts, single switching links, and single bgp clusters.
4) sla and rto/rpo: define sla (availability), rto (recovery time objective) and rpo (data loss tolerance) for different levels of business. for example, p0 rto≤5min, rpo≤1min.
5) risk matrix: prioritize issues with high impact and probability based on impact and probability scores.
2.
network and redundant architecture design
1) multi-availability zone deployment: deploy key services in at least two availability zones (az) or two regions (such as singapore and hong kong) to avoid computer room-level failures.2) bgp and multi-exit: use bgp multi-link outbound network or alibaba cloud enterprise network to access two isps, and the public network bandwidth is used for link redundancy.
3) load balancing: slb or nginx cluster is used for both internal and external networks, the front end is connected to multiple nodes, and the back end is distributed across azs.
4) cdn and near-origin back-to-origin strategy: put static and hotspot interfaces on cdn (including back-to-origin health check), and automatically switch back to other regions when the singapore archive is abnormal.
5) dns intelligent scheduling: configure dns health check (such as alibaba cloud dns + weight/link awareness), and switch to the backup computer room ip or the weight decreases when abnormality occurs.
3.
monitoring indicators and alarm strategies (including specific thresholds)
1) basic network: if the ping packet loss rate is >1% and lasts for >2 minutes, an alarm will be triggered; the average delay will be >200ms and if it lasts for >3 minutes, the alarm will be triggered.2) bandwidth and traffic: if the public network egress utilization is >75%, an alarm will occur for 5 minutes; a sudden traffic increase >3x the baseline and lasts for >1 minute is considered abnormal.
3) host resources: cpu>80% for 10 minutes, memory>85%, disk io wait higher than 20ms alarm.
4) application layer health: http 5xx ratio >1% will alert for 3 minutes; median response time >500ms will alert for 5 minutes.
5) ddos/abnormal traffic: if the syn/udp abnormal packet rate exceeds 5 times the baseline or exceeds 100k packets per second, the ddos protection policy will be automatically triggered and an alarm will be issued.
4.
automated response process and alarm linkage
1) level one automation: cloudmonitor or prometheus detects the threshold and immediately triggers automation scripts through webhook (restarting services, adjusting routing, switching backends).2) second-level manual intervention: when automation has not been restored, notify the engineer on duty (phone + text message + dingtalk) and initiate an emergency response order.
3) level 3 upgrade: if it is not restored within 30 minutes, report it to the operation and maintenance manager and start a cross-region switching or grayscale migration plan.
4) recording and traceback: each event automatically generates event records (including packet capture, traffic curves, and kernel logs) for subsequent analysis.
5) drills and sops: drill dns/traffic switching and backup machine startup every quarter, and keep sops (including recovery steps, person in charge, and contact information) up to date.
5.
best practices for ddos defense, cdn and waf
1) enable alibaba cloud ddos advanced defense or cloud shield basic protection, and set the automatic cleaning threshold (such as traffic >200mbps or concurrent connections >200k to trigger cleaning).2) connect to cdn and enable http/https caching, dynamic acceleration and return-to-origin speed limiting to reduce the pressure on the origin site.
3) waf rules: enable common attack rules, ip black and white lists, rate limits and verification code policies to tighten protection for login, order and other interfaces.
4) session and connection control: set timeout limits for long connections, and temporarily ban ip addresses with abnormally frequent connections.
5) cooperate with isp: when a large traffic attack occurs, link with alibaba cloud/bandwidth provider and apply for upstream traffic blackhole or traffic cleaning services.
6.
real cases and server configuration examples
1) case (desensitized): during the promotion period of an e-commerce company, a sudden routing change in the main site in singapore caused the edge node return-to-origin delay to soar, causing orders to be interrupted for 40 minutes, and the loss was estimated to be about rmb 120,000. afterwards, cross-region double writing and dns switching are adopted to reduce risks.2) configuration example a (lightweight): ecs type: ecs.c6.large, 2vcpu/8gb memory, system disk 40gb ssd, public network bandwidth 200mbps, deployed across two azs, slb front-end.
3) configuration example b (critical business): main database: rds.mysql.s8.large, master-slave remote disaster recovery; application: ecs.g6.4xlarge, 8vcpu/32gb, gigabit intranet; cdn+ddos high defense and waf enabled.
4) backup strategy: the database binlog is copied to an off-site database in real time, rds is fully prepared every day and retained for 7 days, and important files are synchronized to oss and replicated across regions.
5) post-event improvements: prometheus+grafana real-time panel, cloudmonitor alarm and pagerduty access were introduced, and the threshold and automated response process will take effect within 30 days.
7.
monitoring thresholds and response action example table
| index | threshold | detection frequency | first response action | upgrade action |
|---|---|---|---|---|
| ping packet loss rate | >1% and lasts >2min | 30s | trigger retest + slb health check | switch dns or start an off-site line |
| average delay | >200ms lasting >3min | 30s | back-to-origin detection + rollback recently released | traffic is switched to the backup region |
| public network bandwidth | >75% utilization | 1min | expanding bandwidth/limiting speed for non-critical traffic | enable traffic cleaning or ddos anti-ddos high |
| http 5xx ratio | >1% lasts >3min | 1min | roll back the release and restart the service | trigger emergency drills and call in development |
| ddos traffic | >200mbps or concurrency >200k | 15s | automatically switch to ddos cleaning | linkage with alibaba cloud for upstream cleaning |
- Latest articles
- The Technical Implementation Path Explains In Detail The Construction Process Of Malaysia’s Tik Tok Self-built Server.
- Migration Guide For Small And Medium Enterprises Alibaba Cloud’s Singapore Cn2 Instance Configuration Recommendations
- How To Find The Most Suitable Model And Bandwidth On The Singapore Cloud Server Purchase Website
- Steps To Use Japanese Proxy Server Address Query To Optimize Overseas Seo And Access Speed
- Vietnam Vps Illegal Production Case Review And Prevention And Control Strategies Provide Executable Suggestions For Enterprises
- Domestic Vps Setting Us Ip Application Scenarios In Mail Delivery And Third-party Interface Testing
- The Technical Team Practices The Rapid Location And Repair Process Of Us Space Cn2 Link Faults
- Compare The Advantages And Disadvantages Of Exclusive And Korean Vps Sharing In Terms Of Cost And Flexibility
- Taiwan Server Vps Performance Comparison And Price/performance Evaluation Report
- How To Deploy A High-availability Load Balancing Architecture On Vietnam's Native Ip Cloud Server
- Popular tags
Person Count
Compliance
Peak Traffic
Static Ip
Enterprise Cloud Services
Hoyoverse
Cheapest Cloud Server
Southeast Asia Host
Data Recovery
Getting Started With VPS
Cloud Communication
Port Management
Pop
Elastic Expansion
Native Architecture
Prospect
Network Test
Compliance
Promotional Information
Cheap Server
Advantages
Big Data
Serverless
Bbr
Server Misunderstandings
Migration Project
Malaysian Server
Lightweight Applications
Market Performance
Vps 50 Yuan A Month
Related Articles
-
How Can Sydney Users Effectively Connect To Singapore Servers?
this article details how sydney users can effectively connect to a singapore server, covering the best and cheapest options. -
Singapore Server Buying Guide Allows You To Play Dota2 And Lol Easily
learn about the singapore server buying guide to help you play dota2 and lol easily, providing detailed reviews and introductions. -
Tips On How To Rent A Singapore Server And Increase Game Speed
this article introduces tips on how to rent a singapore server and increase game speed to help players improve their gaming experience.