How to Use Layer 4 Network on VergeCloud for Improved Website Performance

Using Layer 4 Network on VergeCloud: A Guide to Enhancing Website Performance and Security

Using Layer 4 Network on VergeCloud

Introduction

The VergeCloud Layer 4 Proxy feature enables enhanced security and performance for applications that use TCP or UDP protocols. This feature is designed to route non-web protocols, such as email, SSH, FTP, and gaming, through TCP or UDP on VergeCloud's network. By routing traffic through VergeCloud, you can conceal the origin server's address, protecting it from potential DDoS attacks.

Upon setting up a Layer 4 proxy, VergeCloud assigns a dedicated IP address from its own IP range, or you may opt to transfer your own IP for exclusive use within VergeCloud’s Anycast network. This functionality ensures that your applications and websites operate with increased security and optimized traffic handling.

Glossary

  • Anycast: A network addressing and routing method where incoming requests are routed to the closest or best-performing server based on the client’s location. Learn more
  • Proxy Protocol: A protocol that preserves the client’s IP address during forwarding to the origin server, enabling accurate tracking of user data. Learn more
  • Round Robin: A load balancing technique that distributes requests across servers in a sequential, circular manner. Learn more

Real Usage Scenarios

VergeCloud's Layer 4 Proxy can be effectively utilized by organizations hosting high-demand TCP/UDP applications, such as email servers, gaming platforms, or financial transaction systems. For instance, a gaming platform could leverage Layer 4 Proxy to enhance security against DDoS attacks, ensure low latency, and maintain secure, consistent connections for players around the globe.

How to Set Up and Use VergeCloud Layer 4 Proxy

1st Step: Application Settings

In the Application Settings section, start by entering a name and description for your application. Choose the subdomain where you want the Layer 4 proxy to be active. Note: Ensure that the subdomain you select is not in use by any other application.

Application Settings Image Placeholder

Protocol

Select the protocol (TCP or UDP) based on your application’s requirements. Once selected, this cannot be modified.

Port

Choose a unique port for the CDN network to host user requests. Each application must have a distinct port, and the selection cannot be edited afterward.

PROXY PROTOCOL Support

To see the user's real IP in your logs, you can activate the PROXY PROTOCOL, which forwards the user’s IP to your service. VergeCloud supports:

  • Proxy Protocol v1: Sends user IP and port in plain text headers.
  • Proxy Protocol v2: Adds a binary header with user IP and port, ideal for TCP connections.
Proxy Protocol Image Placeholder

2nd Step: Load Balancing Settings

Create a cluster by entering the IP addresses of multiple origin servers. Define how requests are distributed across these servers using Load Balancing algorithms:

  • Round Robin: Distributes requests equally among servers.
  • Weighted Round Robin: Assigns more load to stronger servers.
  • Source Algorithm: Directs requests based on user IP consistency.
  • Least Connection: Sends traffic to the server with the fewest active connections.
Load Balancing Settings Image Placeholder

3rd Step: Monitoring Settings

VergeCloud monitors your cluster servers and can temporarily disable any server experiencing repeated errors. Set the Repetition Interval to define how frequently VergeCloud checks server status, and configure the Number of Tolerable Errors to specify how many errors trigger server exclusion.

Monitoring Settings Image Placeholder

4th Step: Firewall Settings

Configure firewall settings to block specific IP addresses or restrict access by country. VergeCloud's Layer 4 Proxy provides DDoS protection, redirecting potential SYN and SYN-ACK attacks to VergeCloud’s edge servers and shielding your origin server’s IP from exposure. We recommend restricting IP access to only the VergeCloud IP range.

Firewall Settings Image Placeholder

Final Step: Submitting Request

Contact VergeCloud support through tickets or organizational support groups to complete the activation of your Layer 4 Proxy setup.

API Example

curl -X POST https://api.vergecloud.com/v1/layer4proxy \
 -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 -d '{
       "name": "MyApplication",
       "subdomain": "example.myapp.com",
       "protocol": "TCP",
       "port": 12345,
       "proxy_protocol": "v1"
     }'

Testing and Validation

To validate the Layer 4 Proxy setup, you can test using the following tools and methods:

  • Using curl: Run a curl request to the application’s IP and check for the expected response.
  • Using dig: Use the dig command to verify DNS resolution to the correct IP.
  • Browser-based Testing: Access the application through the specified subdomain in a browser to confirm connectivity.