This topic describes how to purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.
Instance types
- Anti-DDoS Pro: Profession and Advanced mitigation plans
- Anti-DDoS Premium: Insurance, Unlimited, Chinese Mainland Acceleration (CMA), CMA 2.0, Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans.
How to select an instance type
Region in which your servers reside | Region in which your users reside | Purchase suggestion |
---|---|---|
Regions in the Chinese mainland | Regions in the Chinese mainland or outside the Chinese mainland | We recommend that you purchase an Anti-DDoS Pro instance of the Profession or Advanced mitigation plan. Important You cannot use Anti-DDoS Pro instances to protect the domains for which you do not complete Internet Content Provider (ICP) filing. Before you use an Anti-DDoS Pro instance to protect your website, you must complete ICP filing for the domain of your website. |
Regions outside the Chinese mainland | Regions outside the Chinese mainland | We recommend that you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan. |
Regions outside the Chinese mainland | Regions in the Chinese mainland | If you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan, users in the Chinese mainland experience network latency. The average network latency is approximately 300 milliseconds. We recommend that you consider the following solution:
|
Supported connections
Clean QPS | Number of new connections | Number of concurrent connections |
---|---|---|
3,000 < QPS ≤ 5,000 | 5,000 | 100,000 |
5,000 < QPS ≤ 10,000 | 10,000 | 200,000 |
10,000 < QPS ≤ 30,000 | 30,000 | 500,000 |
30,000 < QPS ≤ 50,000 | 50,000 | 1,000,000 |
50,000 < QPS ≤ 100,000 | 80,000 | 1,500,000 |
100,000 < QPS ≤ 150,000 | 100,000 | 2,000,000 |
Procedure
- Go to the Anti-DDoS Pro buy page or Anti-DDoS Premium buy page based on your business requirements.
- Configure the following parameters.
The following table describes all parameters of Anti-DDoS Pro and Anti-DDoS Premium instances. For more information about the parameters of an Anti-DDoS Pro or Anti-DDoS Premium instance, see the buy page of each instance type.
Parameter Description Product Type Select Anti-DDoS Premium or Anti-DDoS Pro (Mainland China).Network Type Select the IP protocol that is supported by the instance. Valid values: IPv4 and IPv6.Important- For more information about the differences between the features of Anti-DDoS Pro instances that use IPv4 addresses and Anti-DDoS Pro instances that use IPv6 addresses, see Differences between the features of Anti-DDoS Pro instances that use IPv4 addresses and Anti-DDoS Pro instances that use IPv6 addresses.
- If you use an instance to forward access requests from clients that use IPv6 addresses, the supported destination varies based on the methods that are used to add your services to Anti-DDoS Pro or Anti-DDoS Premium. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.
Mitigation Plan or PlanSelect a mitigation plan. Basic Bandwidth Specify the basic protection bandwidth for the instance.Burstable Bandwidth Specify the burstable protection bandwidth for the instance. The burstable protection bandwidth specifies the maximum mitigation capacity that is provided by the instance.- If you set Burstable Bandwidth and Basic Bandwidth to the same value, the maximum mitigation capacity is equal to the specified basic protection bandwidth. In this case, you are charged only for basic protection.
- If you set Burstable Bandwidth to a value that is greater than the value of Basic Bandwidth and attack traffic is between the specified basic protection bandwidth and the specified burstable protection bandwidth, burstable protection is triggered to defend against the attack. If the bandwidth of attacks exceeds the value of Basic Bandwidth, a pay-as-you-go bill is generated based on the difference between the basic protection bandwidth and burstable protection bandwidth.
After you purchase an instance, you can modify the burstable protection bandwidth of the instance in the console based on your business requirements. For more information, see Modify the burstable protection bandwidth of an instance.
Service Bandwidth or Clean BandwidthSelect the clean bandwidth of normal workloads that you want the instance to protect.You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that you want the instance to protect. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of outbound traffic is higher than that of inbound traffic.Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources. For more information, see Upgrade an instance.You can estimate the actual bandwidth usage based on the traffic statistics that are collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the service traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards service traffic to the origin server. If your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only service traffic to the origin server. The ECS console displays only the statistics about inbound and outbound service traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. For example, you want to connect three websites to an Anti-DDoS Pro or Anti-DDoS Premium instance. The peak of outbound service traffic on each website is 50 Mbit/s or lower. The total bandwidth that is required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.95th Percentile Burstable Clean Bandwidth Specify whether to enable the burstable clean bandwidth feature. Valid values:- Disable: disables the burstable clean bandwidth feature.
- Daily 95th Percentile: enables the burstable clean bandwidth feature and uses the daily 95th percentile metering method.
- Monthly 95th Percentile: enables the burstable clean bandwidth feature and uses the monthly 95th percentile metering method.
- Anti-DDoS Pro of the Profession and Advanced mitigation plans: 5 Gbit/s.
- Anti-DDoS Premium of the Insurance, Unlimited, and CMA mitigation plans: 1 Gbit/s. Anti-DDoS Premium of the CMA 2.0 mitigation plan: 2 Gbit/s. Anti-DDoS Premium of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
Important- If you select Daily 95th Percentile or Monthly 95th Percentile for the 95th Percentile Burstable Clean Bandwidth parameter, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance by default, and the sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.
For example, you purchase an Anti-DDoS Pro instance of the Profession mitigation plan, set the clean bandwidth to 1 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 5 Gbit/s. In this case, the burstable clean bandwidth is 4 Gbit/s.
- If you set the Service Bandwidth or Clean Bandwidth parameter to a value that is greater than the supported maximum clean bandwidth, and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is disabled.
- If you disable the burstable clean bandwidth feature when you purchase an instance, you can still enable the feature in the Anti-DDoS Pro or Anti-DDoS Premium console. For more information, see Enable the burstable clean bandwidth feature.
Functional package or Function PlanSelect a function plan for the instance. Valid values: Standard Function and Enhanced Function.For more information, see Function plan.
Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10.The domains that are specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains cannot exceed "Domains/10".
For an Anti-DDoS Pro instance of the Profession mitigation plan, the default value of the Domains parameter is 50. If you use the default value, you can specify only up to five second-level domains. You can also specify subdomains and wildcard domains that correspond to the second-level domains. The total number cannot exceed 50.
If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomains, such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domains, such as *.aliyundoc.com and *.aliyun.com.
Clean QPS or Request RateSpecify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported.Warning If the QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher QPS.Ports Specify the number of TCP and UDP ports for which you can configure forwarding rules.Resource Group Select the resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.For more information about resource groups, see Create a resource group.
Quantity Specify the number of instances that you want to purchase.Duration or SubscriptionSelect a subscription period for the instance.If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:- Monthly subscription: The instance is automatically renewed for one month.
- Annual subscription: The instance is automatically renewed for one year.
- Click Buy Now and complete the payment.
Was this helpful?