Anti-DDoS packages are a value-added service. They can be used to offset the bandwdith fees charged for protecting your workloads against volumetric DDoS attacks when the basic protection bandwidth is exhausted.

What are anti-DDoS packages

In most cases, when the peak volume of DDoS attacks exceeds the basic protection bandwidth, you can use burstable protection to protect your workloads, or deactivate black holes.
  • If you use burstable protection, you can adjust the bandwidth based on the peak attack volume. Fees are charged based on the addition bandwidth (compared with the basic protection bandwidth) used to protect your workloads against the DDoS attacks. For more information, see Billing and metering. This protection approach incurs additional fees.
  • If you do not use burstable protection, the bandwidth of burstable protection equals the basic protection bandwidth. In this case, a black hole is triggered when the attack volume exceeds the basic protection bandwidth. When the attacks stop, you need to deactivate the black hole to recover your workloads. This approach has negative impacts on your workloads because the user traffic is rerouted to the blackhole resulting in service disruption. However, no additional fees are charged.
Anti-DDoS packages can be used to protect your workloads without incurring additional fees when the attack volume exceeds the bandwidth of basic protection. The specification of an anti-DDoS package consists of the size of the package and the number of protection requests. In the following example, the size of the package is 300 Gbit/s and the number of protection requests is three.
  • 300 Gbit/s: The package can be used to offset the fees charged for up to 300 Gbit/s of bandwidth when the basic protection bandwidth is exhausted. If the attack volume is greater than the basic protection bandwidth plus 300 Gbit/s, you cannot use the package to offset the protection fees. In this case, fees are charged based on the actual usage described in Billing and metering.
  • Three protection requests: The package can be used three times. No matter how many attacks occur within one day, only one protection request is consumed.
When you use anti-DDoS packages, pay attention to the following considerations.
  • Anti-DDoS packages do not improve the protection capacity. You can only use an anti-DDoS package to offset the fees incurred by burstabe protection within the package specification. The protection capacity is based on the basic protection bandwidth and burstable bandwidth.

    We recommend that you manually adjust the burstable protection bandwidth to use anti-DDoS package more efficiently. You can adjust the maximum bandwidth of burstable protection to the total amount of the basic protection bandwidth plus the size of the anti-DDoS package.

    For example, the basic protection bandwidth is 30 Gbit/s, and the size of the package is 300 Gbit/s. In this case, you can set the burstable protection bandwidth to 330 Gbit/s. However, the actual bandwidth must be within the supported bandwidth range.The actual burstable protection bandwidth
  • You can use a package to offset burstable protection fees only when: Peak attack volume - Basic protection bandwidth ≤ Anti-DDoS package size.
  • After you have used all the protection requests in your anti-DDoS package, we recommend that you set the burstable protection bandwidth to the basic protection bandwidth promptly. This avoids incurring unexpected burstable protection fees.
  • You cannot apply a package to bills that are already generated. You can use it to offset protection fees charged on the purchase date or later.
Table 1. Differences of anti-DDoS packages between the current (BGP bandwidth) and previous versions
Item Previous version New version (BGP bandwidth)
Usage requirements You must associate the package to an Anti-DDoS Pro instance IP address. You do not need to associate the package to a specific Anti-DDoS Pro instance IP address. Anti-DDoS Pro instances automatically select the package that has the nearest expiration time.
Deductible fees Offsets pay-as-you-go bills generated upon burstable protection within the package specification. Offsets pay-as-you-go bills generated by the amount calculated as follows: Peak attack volume - Basic protection bandwidth.

Get an anti-DDoS package

Currently, anti-DDoS packages are a value-added service. If you meet one of the following requirements, contact the sales manager or customer service in the DingTalk service group, or submit a ticket to apply for this service for free.
  • This is your first time activating Anti-DDoS Pro.
  • You have been using Anti-DDoS Pro more than three months.
  • The Anti-DDoS Pro instance is billed on an annual subscription basis.

Use an anti-DDoS package

After you have access to anti-DDoS packages, they are automatically applied when DDoS attacks occur and the conditions are met. You can check the details of anti-DDoS packages and usage records in the Anti-DDoS Pro console. An anti-DDoS package is effective only within its validity period and it still has protection requests remained.

  1. Log on to the Anti-DDoS Pro console.
  2. In the left-side navigation pane, choose Assets > Anti-DDoS Package.
  3. On the Anti-DDoS Package page, you can view details of all packages.
    • Anti-DDoS Package ID: The unique identifier of each anti-DDoS package.
    • Size: The size of the package.
    • Expire Time: The time when the package expires.
    • Status: The status of the package. Statuses include valid, exhausted, and expired.
    • Available Protections: The number of remaining protection requests.
    Anti-DDoS packages
  4. You can click View Log of a package to view the records of operations.