This topic describes how to purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Instance types

  • Anti-DDoS Pro: Profession and Advanced mitigation plans
  • Anti-DDoS Premium: Insurance, Unlimited, Chinese Mainland Acceleration (CMA), CMA 2.0, Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans.
Note To purchase an Anti-DDoS Pro instance of the Advanced mitigation plan or an Anti-DDoS Premium instance of the Sec-CMA (Basic) mitigation plan, submit a ticket to contact a pre-sales business development manager.

How to select an instance type

You can purchase an Anti-DDoS instance based on the regions where your servers are deployed and where your users are located. The following list describes the different scenarios:
Region in which your servers resideRegion in which your users residePurchase suggestion
Regions in the Chinese mainland
Regions in the Chinese mainland or outside the Chinese mainland
We recommend that you purchase an Anti-DDoS Pro instance of the Profession or Advanced mitigation plan.
Important You cannot use Anti-DDoS Pro instances to protect the domains for which you do not complete Internet Content Provider (ICP) filing. Before you use an Anti-DDoS Pro instance to protect your website, you must complete ICP filing for the domain of your website.
Regions outside the Chinese mainlandRegions outside the Chinese mainland
We recommend that you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan.
Regions outside the Chinese mainlandRegions in the Chinese mainland
If you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan, users in the Chinese mainland experience network latency. The average network latency is approximately 300 milliseconds. We recommend that you consider the following solution:
  • If you need to only ensure stable and fast access for users in the Chinese mainland, purchase an Anti-DDoS Premium instance of the Sec-MCA or Sec-MCA (Basic) mitigation plan. This solution is not applicable to China Mobile users in the Chinese mainland.
    Note The Sec-CMA and Sec-MCA (Basic) mitigation plans can be used to mitigate DDoS attacks and accelerate service access. You do not need to purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan. For more information, see Configure Anti-DDoS Premium Sec-CMA.
  • If the preceding solution cannot meet your business requirements, we recommend that you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan and an Anti-DDoS Premium instance of the CMA or CMA 2.0 mitigation plan.
    Note You must use Sec-Traffic Manager to configure network acceleration rules for the Anti-DDoS Premium instance. If no DDoS attacks are detected, the Anti-DDoS Premium instance of the CMA mitigation plan accelerates requests that are destined for protected services. If DDoS attacks are detected, the Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan protects the services against DDoS attacks. For more information, see Overview.

Supported connections

The following table describes the mapping relationships between the maximum number of connections that are supported by an Anti-DDoS Pro or Anti-DDoS Premium instance and the clean query per second (QPS) of the instance:
Clean QPSNumber of new connectionsNumber of concurrent connections
3,000 < QPS ≤ 5,0005,000100,000
5,000 < QPS ≤ 10,00010,000200,000
10,000 < QPS ≤ 30,00030,000500,000
30,000 < QPS ≤ 50,00050,0001,000,000
50,000 < QPS ≤ 100,00080,0001,500,000
100,000 < QPS ≤ 150,000100,0002,000,000
Note If your service requires higher specifications for new connections or concurrent connections, contact your account manager by using ticket.

Procedure

Important After you purchase an Anti-DDoS Pro or Anti-DDoS Premium instance, you cannot request a refund. Evaluate your business requirements before you purchase an instance.
  1. Go to the Anti-DDoS Pro buy page or Anti-DDoS Premium buy page based on your business requirements.
  2. Configure the following parameters.

    The following table describes all parameters of Anti-DDoS Pro and Anti-DDoS Premium instances. For more information about the parameters of an Anti-DDoS Pro or Anti-DDoS Premium instance, see the buy page of each instance type.

    ParameterDescription
    Product Type
    Select Anti-DDoS Premium or Anti-DDoS Pro (Mainland China).
    Network Type
    Select the IP protocol that is supported by the instance. Valid values: IPv4 and IPv6.
    Important
    • For more information about the differences between the features of Anti-DDoS Pro instances that use IPv4 addresses and Anti-DDoS Pro instances that use IPv6 addresses, see Differences between the features of Anti-DDoS Pro instances that use IPv4 addresses and Anti-DDoS Pro instances that use IPv6 addresses.
    • If you use an instance to forward access requests from clients that use IPv6 addresses, the supported destination varies based on the methods that are used to add your services to Anti-DDoS Pro or Anti-DDoS Premium. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.
    Mitigation Plan or Plan
    Select a mitigation plan.
    Basic Bandwidth
    Specify the basic protection bandwidth for the instance.
    Burstable Bandwidth
    Specify the burstable protection bandwidth for the instance. The burstable protection bandwidth specifies the maximum mitigation capacity that is provided by the instance.
    • If you set Burstable Bandwidth and Basic Bandwidth to the same value, the maximum mitigation capacity is equal to the specified basic protection bandwidth. In this case, you are charged only for basic protection.
    • If you set Burstable Bandwidth to a value that is greater than the value of Basic Bandwidth and attack traffic is between the specified basic protection bandwidth and the specified burstable protection bandwidth, burstable protection is triggered to defend against the attack. If the bandwidth of attacks exceeds the value of Basic Bandwidth, a pay-as-you-go bill is generated based on the difference between the basic protection bandwidth and burstable protection bandwidth.

    After you purchase an instance, you can modify the burstable protection bandwidth of the instance in the console based on your business requirements. For more information, see Modify the burstable protection bandwidth of an instance.

    Service Bandwidth or Clean Bandwidth
    Select the clean bandwidth of normal workloads that you want the instance to protect.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that you want the instance to protect. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of outbound traffic is higher than that of inbound traffic.
    Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources. For more information, see Upgrade an instance.
    You can estimate the actual bandwidth usage based on the traffic statistics that are collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the service traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards service traffic to the origin server. If your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only service traffic to the origin server. The ECS console displays only the statistics about inbound and outbound service traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Service trafficFor example, you want to connect three websites to an Anti-DDoS Pro or Anti-DDoS Premium instance. The peak of outbound service traffic on each website is 50 Mbit/s or lower. The total bandwidth that is required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    95th Percentile Burstable Clean Bandwidth
    Specify whether to enable the burstable clean bandwidth feature. Valid values:
    • Disable: disables the burstable clean bandwidth feature.
    • Daily 95th Percentile: enables the burstable clean bandwidth feature and uses the daily 95th percentile metering method.
    • Monthly 95th Percentile: enables the burstable clean bandwidth feature and uses the monthly 95th percentile metering method.
    The maximum clean bandwidth is equal to the sum of the clean bandwidth and the burstable clean bandwidth. The following list describes the maximum clean bandwidth that is supported by each type of instance:
    • Anti-DDoS Pro of the Profession and Advanced mitigation plans: 5 Gbit/s.
    • Anti-DDoS Premium of the Insurance, Unlimited, and CMA mitigation plans: 1 Gbit/s. Anti-DDoS Premium of the CMA 2.0 mitigation plan: 2 Gbit/s. Anti-DDoS Premium of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
    Enable the burstable clean bandwidth feature
    Important
    • If you select Daily 95th Percentile or Monthly 95th Percentile for the 95th Percentile Burstable Clean Bandwidth parameter, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance by default, and the sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.

      For example, you purchase an Anti-DDoS Pro instance of the Profession mitigation plan, set the clean bandwidth to 1 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 5 Gbit/s. In this case, the burstable clean bandwidth is 4 Gbit/s.

    • If you set the Service Bandwidth or Clean Bandwidth parameter to a value that is greater than the supported maximum clean bandwidth, and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is disabled.
    • If you disable the burstable clean bandwidth feature when you purchase an instance, you can still enable the feature in the Anti-DDoS Pro or Anti-DDoS Premium console. For more information, see Enable the burstable clean bandwidth feature.
    Functional package or Function Plan
    Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains
    Specify the number of domains that the instance can protect. The value must be an integer multiple of 10.

    The domains that are specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains cannot exceed "Domains/10".

    For an Anti-DDoS Pro instance of the Profession mitigation plan, the default value of the Domains parameter is 50. If you use the default value, you can specify only up to five second-level domains. You can also specify subdomains and wildcard domains that correspond to the second-level domains. The total number cannot exceed 50.

    If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomains, such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domains, such as *.aliyundoc.com and *.aliyun.com.

    Clean QPS or Request Rate
    Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported.
    Warning If the QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher QPS.
    Ports
    Specify the number of TCP and UDP ports for which you can configure forwarding rules.
    Resource Group
    Select the resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.

    For more information about resource groups, see Create a resource group.

    Quantity
    Specify the number of instances that you want to purchase.
    Duration or Subscription
    Select a subscription period for the instance.
    If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Click Buy Now and complete the payment.

References