FIG. 1 is a schematic diagram of a DDoS attack. Referring to FIG. 1, a primary implementation principle of a DDoS attack is that an attacker uses one or more main control hosts as a jump host to control massive infected controlled hosts in order to establish an attack network to implement a large-scale denial-of-service attack on a victim host. The attack may usually enlarge, in a form of grade, an attack result of a single attacker, causing severe impact on the victim host and resulting in serious network congestion. In the DDoS attack, the attack network is used to launch, on the victim host, multiple types of attacks such as an Internet Control Message Protocol (ICMP) flood attack, a synchronous (SYN) flood attack, and a User Datagram Protocol (UDP) flood attack. As a result, the victim host consumes a large quantity of processing resources to process these burst requests and cannot normally respond to an authorized user request, causing breakdown.
In a DDoS prevention solution in other approaches, a cleaning device is generally deployed at a network convergence node, and DDoS attack traffic converged at the node is cleaned using the cleaning device, thereby implementing DDoS prevention. The network convergence node may be an interworking gateway, an egress device of a metropolitan area network in China, an egress device of a data center, or the like. However, for a backbone network without an obvious network convergence node, there is a relatively large quantity of nodes in the network. In this case, in other approaches, a cleaning device is generally deployed for a specific Internet Protocol (IP) address, that is, the cleaning device is deployed on a traffic convergence node connected to a host having the specific IP address. The specific IP address may be set according to a customer requirement and a customer priority. For example, if a customer needs to protect an IP address or an IP address segment of a server, a traffic convergence node connected to the server is used as a node on which the cleaning device is deployed.
In the foregoing scenario of the backbone network without an obvious convergence node, although a cleaning device is deployed for a specific IP address, when a DDoS attack occurs, no matter whether an IP address of a victim host is the specific IP address, DDoS attack traffic for the victim host needs to be diverted to the cleaning device. In this case, the traffic of the victim host whose IP address is not the specific IP address can be diverted to the cleaning device only after passing through multiple routing and forwarding nodes in the network. As a result, network resources of these routing and forwarding nodes are occupied, impact of the DDoS attack on the backbone network is increased, and network security is reduced.