tencent cloud

Feedback

L4 Proxy

Last updated: 2022-08-26 11:45:48

    Overview

    L4 proxy provides customer-grade DDoS protection and layer-4 acceleration services for TCP/UDP applications. By leveraging widely distributed layer-4 proxy nodes, unique DDoS module, and smart routing technology, EdgeOne implements nearby access for end users, edge traffic cleansing, and port monitoring and forwarding. It thus offers high-availability and low-latency security and acceleration services for layer-4 applications.

    Note:

    • The EdgeOne console is not yet fully available. To access the console, please contact us for activation.
    • Only one L4 proxy can be created for each site. To create multiple proxies, please contact us.
    • L4 proxy provides customer-grade DDoS protection capability by default, which cannot be disabled.
    • L4 proxy currently doesn't support IPv6 origin servers.

    Creating a L4 proxy

    1. Log in to the EdgeOne console. Click L4 Proxy on the left sidebar.
    2. On the page that appears, select the target site and click Create L4 proxy.
    3. On the L4 proxy creation page, set Service configurations parameters.

    Parameter description:

    • Service name: Name of the layer-4 proxy instance. The number of instances that can be created is subject to the site package.

    • Scheduling mode: Select the method of connecting the layer-4 proxy service.

      • CNAME (recommended): A CNAME record is used as the connection address, which supports stronger DDoS protection, nearby access and acceleration as well as L4 forwarding and acceleration.
      • Anycast IP: An Anycast IP is used as the connection address, which supports DDoS protection and L4 forwarding and acceleration.
        Note:

        If site acceleration is also enabled for the host, the scheduling mode can only be set to "CNAME".

    • Proxy mode: Configure the layer-4 proxy mode.

      • DDoS protection: Enable layer-3 and layer-4 DDoS protection by default. To disable it, you can go to DDoS Protection to modify the default DDoS policy.
      • L4 acceleration: Provide L4 acceleration and reduce network transmission delay. You can choose to enable or disable it.
    1. On the L4 proxy service creation page, click Add rule and configure Forwarding rules parameters.

      Note:

      You can add up to 100 forwarding rules for each L4 proxy.

    Parameter description:

    • Forwarding protocol: TCP and UDP are supported.

    • Forwarding port: The supported port range is 1–64999, excluding 36000 and 56000. You can enter multiple ports separated with commas or use a hyphen to enter a port range. You can enter up to 20 ports in a forwarding rule.

      Note:

      If site acceleration is also enabled for the host, forwarding ports 80 and 443 are not supported.

    • Origin server type/information:

      • Single origin: You can enter one or more origin servers in the format of origin server address:port and separate them with commas.
      • Origin group: Select origin servers from an existing origin group. You can only select an origin group with origin-pull port information or create one here.
    • Pass client IP: Specify how real client IPs will be carried when layer-4 proxy nodes are used for origin-pull.

      • TOA: Pass client IPs via TCP Option (type 200), which only supports TCP protocols.
      • Proxy Protocol V1 (recommended): Pass client IPs as plaintext via the TCP header, which only supports TCP protocols.
      • Proxy Protocol V2: Client IPs will be transferred through the header. V2 uses the binary format and supports both TCP and UDP protocols. Each data packet carries a PPv2 header for TCP, while only the first data packet carries the header for UDP.
      • Not passed: Real client IPs will not be transferred.
    • Session persistence: As long as an origin server IP remains unchanged, traffic from the same client IP will always be forwarded to it.

    Importing Forwarding Rules in Batches

    When you create or view a L4 proxy, forwarding rules can be imported in batches.

    1. Log in to the EdgeOne console. Click L4 Proxy on the left sidebar.
    2. On the page that appears, select the target site and click Create L4 proxy.
    3. In the forwarding rules module of the L4 proxy creation page, click Batch import.
    4. In the batch import window, enter the required rules and click Submit.
    • Batch import format description:
      • Up to 100 forwarding rules can be entered, one rule per line.
      • Each line contains 4 fields that are space-separated and case-insensitive.
      • The fields from left to right are listed as below:
      • Forwarding protocol:Port: For example, tcp:123.
      • Origin server: Enter a single origin server in the format of test.origin.com:456, or an origin group in the format of og:OriginGroupName.
      • Session persistence status: on or off.
      • IP passing method: TOA, PPv1, PPv2, or off.
    • Sample request:
      tcp:123 test.origin.com:456 on ppv1
      udp:2330 og:l4testkb off ppv2
      

    The configuration is shown as below:

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support