Anti-DDoS plans are a value-added feature that is provided by Anti-DDoS Pro. The plans can be used to offset the bandwidth fees that are charged for protecting your workloads against volumetric DDoS attacks after the basic protection bandwidth is exhausted.

What are Anti-DDoS plans

In most cases, if the peak throughput of DDoS attacks exceeds the basic protection bandwidth, you can use burstable protection to protect your workloads or deactivate blackhole filtering.
  • If you use burstable protection, you can adjust the bandwidth based on the peak throughput. Fees are charged based on the difference between the basic protection bandwidth and the bandwidth used to protect your workloads against DDoS attacks. For more information, see Anti-DDoS Pro billing methods. If you adopt this protection approach, additional fees are charged
  • If you do not use burstable protection, the bandwidth of burstable protection equals the basic protection bandwidth. In this case, if the attack throughput exceeds the basic protection bandwidth, blackhole filtering is triggered. After the attacks stop, you must deactivate blackhole filtering to recover your workloads. This protection approach has negative impacts on your workloads. However, no additional fees are charged.
If the attack throughput exceeds the basic protection bandwidth, you can use an Anti-DDoS plan to protect your workloads without paying additional fees.
Note Only Anti-DDoS Pro supports Anti-DDoS plans. If you use Anti-DDoS Premium, you cannot use Anti-DDoS plans.
An Anti-DDoS plan consists of the protection bandwidth and the mitigation sessions. In this example, you have an Anti-DDoS plan that provides up to three mitigation sessions and can be used to offset the fees that are charged for up to 300 Gbit/s of protection bandwidth.
  • 300 Gbit/s: If the basic protection bandwidth is exhausted, the plan can be used to offset the fees that are charged for up to 300 Gbit/s of protection bandwidth. If the attack throughput is greater than the basic protection bandwidth plus 300 Gbit/s, you cannot use the plan to offset the protection fees. In this case, fees are charged based on the actual usage. For more information, see Anti-DDoS Pro billing methods.
  • Three mitigation sessions: The plan can be used three times. No matter how many attacks occur within one day, only one mitigation session is consumed.
If you use Anti-DDoS plans, take note of the following items:
  • Anti-DDoS plans do not improve protection capacity. You can use a plan to offset only the fees that are charged for burstable protection within the protection bandwidth of the plan. The protection capacity is based on the basic protection bandwidth and burstable protection bandwidth.

    We recommend that you adjust the burstable protection bandwidth to use a plan in a more efficient manner. You can change the maximum bandwidth of burstable protection to the total amount of the basic protection bandwidth plus the protection bandwidth of the plan.

    For example, if the basic protection bandwidth is 30 Gbit/s and the protection bandwidth of the plan is 300 Gbit/s, you can set the burstable protection bandwidth to 330 Gbit/s. The actual bandwidth must be within the supported bandwidth range.The actual burstable protection bandwidth
  • If the difference between the peak attack throughput and the basic protection bandwidth equals to or is smaller than the protection bandwidth of a plan, you can use the plan to offset burstable protection fees.
  • If you consume all the mitigation sessions of the plan, we recommend that you set the burstable protection bandwidth to the basic protection bandwidth at the first opportunity to avoid unexpected burstable protection fees.
  • You can use the plan to offset fees that are charged for burstable protection bandwidth only on or after the day you obtain the plan. However, if the bills for burstable protection bandwidth are generated, you cannot use the plan.
Table 1. Differences of Anti-DDoS plans between Anti-DDoS Pro and Anti-DDoS Pro of the previous version
Item Anti-DDoS Pro of the previous version Anti-DDoS Pro
Prerequisites You must associate a plan with the IP address of an Anti-DDoS Pro instance. You do not need to associate a plan with the IP address of an Anti-DDoS Pro instance. Anti-DDoS Pro instances automatically select the plan that has the earliest expiration time.
Deductible fees Offsets pay-as-you-go bills generated upon burstable protection within the protection bandwidth of the plan. Offsets pay-as-you-go bills generated by the amount calculated based on the following formula: Peak attack throughput - Basic protection bandwidth.

Apply for Anti-DDoS plans

Anti-DDoS plans are a free value-added feature. If you meet one of the following requirements, contact the sales manager or customer service in the DingTalk service group or submit a ticket to apply for this feature.
  • You have purchased an Anti-DDoS Pro instance for the first time.
  • You have been using Anti-DDoS Pro for more than three months.
  • You have purchased an Anti-DDoS Pro instance on an annual subscription basis.

Use Anti-DDoS plans

After you obtain an Anti-DDoS plan, the plan is automatically applied if DDoS attacks occur and the conditions of applying the plan are met. You can check the details of the plan and usage records in the Anti-DDoS Pro console. A plan is effective only within its validity period and if the plan still has remaining mitigation sessions.

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. In the left-side navigation pane, choose Assets > Global Advanced Mitigation.
  4. On the Anti-DDoS Package page, view details of all plans.
    • Anti-DDoS Package ID: the unique identifier of a plan.
    • Size: the size of a plan.
    • Expire Time: the time when a plan expires.
    • Status: the status of a plan. Valid values: Valid, Exhausted, and Expired.
    • Available Protections: the number of remaining mitigation sessions.
    Anti-DDoS Package
  5. Click View Log in the Actions column to view the records of operations.