Current Location: Blog >
Singapore server
1.
overall risk assessment and grading strategy
1) inventory assets: list all ecs, slb, rds, oss, public network bandwidth and other resources running in the alibaba cloud singapore computer room.2) risk classification: divided into three levels: p0 (payment/logout), p1 (transaction), and p2 (display) according to business importance.
3) single point identification: identify and label single points of failure such as single hosts, single switching links, and single bgp clusters.
4) sla and rto/rpo: define sla (availability), rto (recovery time objective) and rpo (data loss tolerance) for different levels of business. for example, p0 rto≤5min, rpo≤1min.
5) risk matrix: prioritize issues with high impact and probability based on impact and probability scores.
2.
network and redundant architecture design
1) multi-availability zone deployment: deploy key services in at least two availability zones (az) or two regions (such as singapore and hong kong) to avoid computer room-level failures.2) bgp and multi-exit: use bgp multi-link outbound network or alibaba cloud enterprise network to access two isps, and the public network bandwidth is used for link redundancy.
3) load balancing: slb or nginx cluster is used for both internal and external networks, the front end is connected to multiple nodes, and the back end is distributed across azs.
4) cdn and near-origin back-to-origin strategy: put static and hotspot interfaces on cdn (including back-to-origin health check), and automatically switch back to other regions when the singapore archive is abnormal.
5) dns intelligent scheduling: configure dns health check (such as alibaba cloud dns + weight/link awareness), and switch to the backup computer room ip or the weight decreases when abnormality occurs.
3.
monitoring indicators and alarm strategies (including specific thresholds)
1) basic network: if the ping packet loss rate is >1% and lasts for >2 minutes, an alarm will be triggered; the average delay will be >200ms and if it lasts for >3 minutes, the alarm will be triggered.2) bandwidth and traffic: if the public network egress utilization is >75%, an alarm will occur for 5 minutes; a sudden traffic increase >3x the baseline and lasts for >1 minute is considered abnormal.
3) host resources: cpu>80% for 10 minutes, memory>85%, disk io wait higher than 20ms alarm.
4) application layer health: http 5xx ratio >1% will alert for 3 minutes; median response time >500ms will alert for 5 minutes.
5) ddos/abnormal traffic: if the syn/udp abnormal packet rate exceeds 5 times the baseline or exceeds 100k packets per second, the ddos protection policy will be automatically triggered and an alarm will be issued.
4.
automated response process and alarm linkage
1) level one automation: cloudmonitor or prometheus detects the threshold and immediately triggers automation scripts through webhook (restarting services, adjusting routing, switching backends).2) second-level manual intervention: when automation has not been restored, notify the engineer on duty (phone + text message + dingtalk) and initiate an emergency response order.
3) level 3 upgrade: if it is not restored within 30 minutes, report it to the operation and maintenance manager and start a cross-region switching or grayscale migration plan.
4) recording and traceback: each event automatically generates event records (including packet capture, traffic curves, and kernel logs) for subsequent analysis.
5) drills and sops: drill dns/traffic switching and backup machine startup every quarter, and keep sops (including recovery steps, person in charge, and contact information) up to date.
5.
best practices for ddos defense, cdn and waf
1) enable alibaba cloud ddos advanced defense or cloud shield basic protection, and set the automatic cleaning threshold (such as traffic >200mbps or concurrent connections >200k to trigger cleaning).2) connect to cdn and enable http/https caching, dynamic acceleration and return-to-origin speed limiting to reduce the pressure on the origin site.
3) waf rules: enable common attack rules, ip black and white lists, rate limits and verification code policies to tighten protection for login, order and other interfaces.
4) session and connection control: set timeout limits for long connections, and temporarily ban ip addresses with abnormally frequent connections.
5) cooperate with isp: when a large traffic attack occurs, link with alibaba cloud/bandwidth provider and apply for upstream traffic blackhole or traffic cleaning services.
6.
real cases and server configuration examples
1) case (desensitized): during the promotion period of an e-commerce company, a sudden routing change in the main site in singapore caused the edge node return-to-origin delay to soar, causing orders to be interrupted for 40 minutes, and the loss was estimated to be about rmb 120,000. afterwards, cross-region double writing and dns switching are adopted to reduce risks.2) configuration example a (lightweight): ecs type: ecs.c6.large, 2vcpu/8gb memory, system disk 40gb ssd, public network bandwidth 200mbps, deployed across two azs, slb front-end.
3) configuration example b (critical business): main database: rds.mysql.s8.large, master-slave remote disaster recovery; application: ecs.g6.4xlarge, 8vcpu/32gb, gigabit intranet; cdn+ddos high defense and waf enabled.
4) backup strategy: the database binlog is copied to an off-site database in real time, rds is fully prepared every day and retained for 7 days, and important files are synchronized to oss and replicated across regions.
5) post-event improvements: prometheus+grafana real-time panel, cloudmonitor alarm and pagerduty access were introduced, and the threshold and automated response process will take effect within 30 days.
7.
monitoring thresholds and response action example table
| index | threshold | detection frequency | first response action | upgrade action |
|---|---|---|---|---|
| ping packet loss rate | >1% and lasts >2min | 30s | trigger retest + slb health check | switch dns or start an off-site line |
| average delay | >200ms lasting >3min | 30s | back-to-origin detection + rollback recently released | traffic is switched to the backup region |
| public network bandwidth | >75% utilization | 1min | expanding bandwidth/limiting speed for non-critical traffic | enable traffic cleaning or ddos anti-ddos high |
| http 5xx ratio | >1% lasts >3min | 1min | roll back the release and restart the service | trigger emergency drills and call in development |
| ddos traffic | >200mbps or concurrency >200k | 15s | automatically switch to ddos cleaning | linkage with alibaba cloud for upstream cleaning |
- Latest articles
- Best Practices For Data Synchronization And DNS Switching During The Migration Of Native Vietnamese IP VPS
- Key Compliance And Privacy Protection Considerations When Choosing Original IPs For Taiwan Services
- Strategies For Negotiating Discounts On Bulk Purchases Of Korean Original IPs, Along With Recommendations For Long-term Maintenance Agreements
- Bandwidth Optimization: How To Configure The Network Of Japanese Cloud Servers For Instant Response To Reduce Latency
- Potential Service Risks And Assessment Checklist Behind The Low Prices Of High-security Servers In The United States
- Comparison Of Latency Between Alibaba Cloud Hong Kong CN2 And Routes In Other Regions, Along With Selection Recommendations
- Practical Tips: Use FIFA With A Hong Kong VPS To Connect To The US And Achieve Low-latency Multiplayer Gameplay
- How To Set Up A Taiwan Proxy IP Server: Detailed Steps And Common Error Troubleshooting
- An Operator’s Perspective On Why Alibaba Cloud Japan Doesn’t Use CN2 And An Assessment Of Its Impact On Access Speed
- What’s Vultr’s Korean VPS Like? An Honest Review On Latency And Stability
- Popular tags
Us Cn2 Dedicated Line
Best Server
Novel
Cloud Transformation
CERACN2GIA
Sanctions
Proxy Server
Hybrid Cloud Architecture
Choose Vps
Us Server Recommendation
Efficient Connection
Selection Factors
US CN2
High-defense Server With Instant Resolution
User Feedback
Free Trial
Value Of Use
Speed
Multi-line Redundancy
American Space
Data Protection
Server Selection Guide
Small And Medium-sized Enterprises
Server Account Purchase Steps
E-commerce Promotion
Domain Name Registration
Speed Test
Route Optimization
Us Server Rental
Discount Code
Related Articles
-
Website Operators Ask Whether Singapore Cloud Servers Need To Be Registered. Icp And International Hosting Faqs
answers common questions from website operators about whether icp filing is required to use singapore cloud servers, when is required, how to apply, and optimization of international host access, including filing types, processing locations and times, alternatives, and compliance risk tips. -
Analysis Of Transmission Speed From Xiaomi Server To Singapore
this article analyzes the transmission speed from xiaomi servers to singapore, and provides detailed practical steps and guidelines to help users understand how to optimize the transmission speed. -
Why Can’t I Access The Dota2 Singapore Server? Solution
this article analyzes in detail the problem of being unable to connect to the dota2 singapore server and its solution, and provides a practical step-by-step guide to help players successfully enter the game.