Current Location: Blog >
Singapore server
1.
overall risk assessment and grading strategy
1) inventory assets: list all ecs, slb, rds, oss, public network bandwidth and other resources running in the alibaba cloud singapore computer room.2) risk classification: divided into three levels: p0 (payment/logout), p1 (transaction), and p2 (display) according to business importance.
3) single point identification: identify and label single points of failure such as single hosts, single switching links, and single bgp clusters.
4) sla and rto/rpo: define sla (availability), rto (recovery time objective) and rpo (data loss tolerance) for different levels of business. for example, p0 rto≤5min, rpo≤1min.
5) risk matrix: prioritize issues with high impact and probability based on impact and probability scores.
2.
network and redundant architecture design
1) multi-availability zone deployment: deploy key services in at least two availability zones (az) or two regions (such as singapore and hong kong) to avoid computer room-level failures.2) bgp and multi-exit: use bgp multi-link outbound network or alibaba cloud enterprise network to access two isps, and the public network bandwidth is used for link redundancy.
3) load balancing: slb or nginx cluster is used for both internal and external networks, the front end is connected to multiple nodes, and the back end is distributed across azs.
4) cdn and near-origin back-to-origin strategy: put static and hotspot interfaces on cdn (including back-to-origin health check), and automatically switch back to other regions when the singapore archive is abnormal.
5) dns intelligent scheduling: configure dns health check (such as alibaba cloud dns + weight/link awareness), and switch to the backup computer room ip or the weight decreases when abnormality occurs.
3.
monitoring indicators and alarm strategies (including specific thresholds)
1) basic network: if the ping packet loss rate is >1% and lasts for >2 minutes, an alarm will be triggered; the average delay will be >200ms and if it lasts for >3 minutes, the alarm will be triggered.2) bandwidth and traffic: if the public network egress utilization is >75%, an alarm will occur for 5 minutes; a sudden traffic increase >3x the baseline and lasts for >1 minute is considered abnormal.
3) host resources: cpu>80% for 10 minutes, memory>85%, disk io wait higher than 20ms alarm.
4) application layer health: http 5xx ratio >1% will alert for 3 minutes; median response time >500ms will alert for 5 minutes.
5) ddos/abnormal traffic: if the syn/udp abnormal packet rate exceeds 5 times the baseline or exceeds 100k packets per second, the ddos protection policy will be automatically triggered and an alarm will be issued.
4.
automated response process and alarm linkage
1) level one automation: cloudmonitor or prometheus detects the threshold and immediately triggers automation scripts through webhook (restarting services, adjusting routing, switching backends).2) second-level manual intervention: when automation has not been restored, notify the engineer on duty (phone + text message + dingtalk) and initiate an emergency response order.
3) level 3 upgrade: if it is not restored within 30 minutes, report it to the operation and maintenance manager and start a cross-region switching or grayscale migration plan.
4) recording and traceback: each event automatically generates event records (including packet capture, traffic curves, and kernel logs) for subsequent analysis.
5) drills and sops: drill dns/traffic switching and backup machine startup every quarter, and keep sops (including recovery steps, person in charge, and contact information) up to date.
5.
best practices for ddos defense, cdn and waf
1) enable alibaba cloud ddos advanced defense or cloud shield basic protection, and set the automatic cleaning threshold (such as traffic >200mbps or concurrent connections >200k to trigger cleaning).2) connect to cdn and enable http/https caching, dynamic acceleration and return-to-origin speed limiting to reduce the pressure on the origin site.
3) waf rules: enable common attack rules, ip black and white lists, rate limits and verification code policies to tighten protection for login, order and other interfaces.
4) session and connection control: set timeout limits for long connections, and temporarily ban ip addresses with abnormally frequent connections.
5) cooperate with isp: when a large traffic attack occurs, link with alibaba cloud/bandwidth provider and apply for upstream traffic blackhole or traffic cleaning services.
6.
real cases and server configuration examples
1) case (desensitized): during the promotion period of an e-commerce company, a sudden routing change in the main site in singapore caused the edge node return-to-origin delay to soar, causing orders to be interrupted for 40 minutes, and the loss was estimated to be about rmb 120,000. afterwards, cross-region double writing and dns switching are adopted to reduce risks.2) configuration example a (lightweight): ecs type: ecs.c6.large, 2vcpu/8gb memory, system disk 40gb ssd, public network bandwidth 200mbps, deployed across two azs, slb front-end.
3) configuration example b (critical business): main database: rds.mysql.s8.large, master-slave remote disaster recovery; application: ecs.g6.4xlarge, 8vcpu/32gb, gigabit intranet; cdn+ddos high defense and waf enabled.
4) backup strategy: the database binlog is copied to an off-site database in real time, rds is fully prepared every day and retained for 7 days, and important files are synchronized to oss and replicated across regions.
5) post-event improvements: prometheus+grafana real-time panel, cloudmonitor alarm and pagerduty access were introduced, and the threshold and automated response process will take effect within 30 days.
7.
monitoring thresholds and response action example table
| index | threshold | detection frequency | first response action | upgrade action |
|---|---|---|---|---|
| ping packet loss rate | >1% and lasts >2min | 30s | trigger retest + slb health check | switch dns or start an off-site line |
| average delay | >200ms lasting >3min | 30s | back-to-origin detection + rollback recently released | traffic is switched to the backup region |
| public network bandwidth | >75% utilization | 1min | expanding bandwidth/limiting speed for non-critical traffic | enable traffic cleaning or ddos anti-ddos high |
| http 5xx ratio | >1% lasts >3min | 1min | roll back the release and restart the service | trigger emergency drills and call in development |
| ddos traffic | >200mbps or concurrency >200k | 15s | automatically switch to ddos cleaning | linkage with alibaba cloud for upstream cleaning |
- Latest articles
- How To Set Up A Taiwan Proxy IP Server: Detailed Steps And Common Error Troubleshooting
- An Operator’s Perspective On Why Alibaba Cloud Japan Doesn’t Use CN2 And An Assessment Of Its Impact On Access Speed
- What’s Vultr’s Korean VPS Like? An Honest Review On Latency And Stability
- Avoiding Misleading Ads: Tips For Hong Kong’s High-Performance Server Review Websites To Identify Paid Reviews
- A Comparative Study On The Costs And Effects Of US CN2 Streaming VPS And Self-Hosted Relay Services
- Detailed Guide To Recommended CN2 Server Configurations In Vietnam For E-commerce And Real-time Communication
- Cost And Performance Evaluation Of Malaysian VPS CN2 GIA For Small And Medium-Sized Enterprises
- Comparison Of The Advantages Of Malaysian Cloud Servers Versus Self-built Data Centers From A Cost And Operational Perspective
- How To Set Up Database Synchronization And Disaster Recovery Configuration For Alibaba Servers In Malaysia
- Practical Tips For Saving Costs While Ensuring Stability With Broadband And VPS In Hong Kong
- Popular tags
Vietnam Native Ip Verification
Package Analysis
Service
Vietnam Computer Room
Haproxy
Routing
Computer Room Selection
Server Factors
One Piece Game
Compliance
Select Service Provider
Database Replication
Service Features
User Experience
Compliant Hosting
Server Acceleration
Hong Kong Node
Recommended Cloud Server
Cs Games
Native Proxy Ip
Data
Cheap Vps
Devops
Statistics
Vps Quick Test
Application
Ha
Management
Features
Game News
Related Articles
-
How To Monitor The Bandwidth And Performance Status Of Domestically Operated Servers In Singapore
introduces how to monitor the bandwidth and performance of servers hosted in singapore but facing domestic users, including monitoring indicators, tool selection, cross-border network optimization, cdn acceleration and high-defense ddos protection recommendations, and recommends reliable service providers. -
Which Singapore Server Is Better? User Review Summary
this article summarizes the user reviews of singapore servers and recommends dexun telecom as a high-quality choice. -
Discuss Common Problems And Solutions For Singapore Servers
this article discusses common problems and solutions for singapore servers, including server selection, network stability, data security, etc.