This topic describes how to purchase an Anti-DDoS Pro instance of the Profession plan, Anti-DDoS Premium instance of the Insurance or Unlimited plan, Anti-DDoS Premium instance of the MCA plan, and Anti-DDoS Premium instance of the Sec-MCA plan.

Select an instance type

You can purchase an Anti-DDoS instance based on the regions where your servers are deployed and where your users are located. The following list describes the different scenarios:
  • If your servers are deployed in mainland China, you must purchase an Anti-DDoS Pro instance of the Profession plan.
    Notice
    • You cannot use Anti-DDoS Pro instances to protect the domains for which you do not complete Internet Content Provider (ICP) filing. Before you use an Anti-DDoS Pro instance to protect your website, you must complete ICP filing for the domain of your website.
    • By default, an Anti-DDoS Pro instance uses IPv4 addresses to forwards access requests. If you require an instance to forward access requests by using IPv6 addresses, submit a ticket or contact sales personnel. Before you apply for such an instance, you must purchase an Anti-DDoS Pro instance of the Enhanced function plan.

      If you use an instance to forward access requests from clients that use IPv6 addresses, the destination varies based on the methods that are used to add your services to Anti-DDoS Pro or Anti-DDoS Premium. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.

  • If your servers are deployed outside mainland China and your services are provided to users who reside outside mainland China, you must purchase an Anti-DDoS Premium instance of the Insurance or Unlimited plan.
  • If your servers are deployed outside mainland China and you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited plan, users in mainland China to which your services are provided encounter a high network latency. The average network latency is about 300 milliseconds. We recommend that you use the following solution:
    • If you need only to ensure stable and fast access for users in mainland China, purchase an Anti-DDoS Premium instance of the Sec-MCA plan. This solution is not applicable to China Mobile users in mainland China.
      Note The Sec-MCA plan can be used to mitigate DDoS attacks and accelerate access. Therefore, you do not need to purchase an Anti-DDoS Premium instance of the Insurance or Unlimited plan. For more information, see Configure Anti-DDoS Premium Sec-MCA.
    • If the preceding solution cannot meet your requirements, we recommend that you purchase both an Anti-DDoS Premium instance of the Insurance or Unlimited plan and an Anti-DDoS Premium instance of the MCA plan. An Anti-DDoS Premium instance of the MCA plan does not provide mitigation capabilities.
      Note You must use Sec-Traffic Manager to configure network acceleration rules for the Anti-DDoS Premium instance. If no DDoS attacks are detected, the Anti-DDoS Premium instance of the MCA plan accelerates requests that are destined for protected services. If DDoS attacks are detected, the Anti-DDoS Premium instance of the Insurance or Unlimited plan protects the services against DDoS attacks. For more information, see Overview.

Purchase an Anti-DDoS Pro instance

You can obtain the information about the billing methods for Anti-DDoS Pro instance from Anti-DDoS Pro billing methods. To purchase an Anti-DDoS Pro instance, perform the following steps:

Notice After you purchase an Anti-DDoS Pro instance, you cannot request a refund.
  1. Go to the Anti-DDoS Pro buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Pro (Mainland China).
    Mitigation Plan By default, Profession is selected.
    Basic Protection Specify the basic protection bandwidth for the instance. Valid values: 30Gb, 60Gb, 100Gb, 300Gb, 400Gb, 500Gb, and 600Gb.

    Basic protection is billed on a subscription basis and enabled after you complete the payment. The total instance cost increases based on the basic protection bandwidth that you select.

    Burstable Protection Specify the burstable protection bandwidth for the instance. The burstable protection bandwidth must be greater than or equal to the basic protection bandwidth. You can select a burstable protection bandwidth based on the basic protection bandwidth.
    • If you set Basic Protection to 30Gb, you can set this parameter to 30 Gbit/s, 40 Gbit/s,50 Gbit/s, 60 Gbit/s, 70 Gbit/s, 80 Gbit/s, 100 Gbit/s, 150 Gbit/s, 200 Gbit/s, or 300 Gbit/s.
    • If you set Basic Protection to 60Gb, you can set this parameter to 60 Gbit/s, 70 Gbit/s, 80 Gbit/s, 100 Gbit/s, 150 Gbit/s, 200 Gbit/s, 300 Gbit/s, 400 Gbit/s, 500 Gbit/s, or 600 Gbit/s.
    • If you set Basic Protection to 100Gb, you can set this parameter to 100 Gbit/s, 150 Gbit/s, 200 Gbit/s, 300 Gbit/s, 400 Gbit/s, 500 Gbit/s, or 600 Gbit/s.
    • If you set Basic Protection to 300Gb, you can set this parameter to 300 Gbit/s, 400 Gbit/s, 500 Gbit/s, 600 Gbit/s, or Unlimited Protection.
    • If you set Basic Protection to 400Gb, you can set this parameter to 400 Gbit/s, 500 Gbit/s, 600 Gbit/s, or Unlimited Protection.
    • If you set Basic Protection to 500Gb, you can set this parameter to 500 Gbit/s, 600 Gbit/s, or Unlimited Protection.
    • If you set Basic Protection to 600Gb, you can set this parameter to 600 Gbit/s or Unlimited Protection.
    Burstable protection is billed on a pay-as-you-go basis. Burstable protection bandwidth determines the maximum mitigation capacity provided by the instance.
    • If you set Burstable Protection and Basic Protection to the same value, the maximum mitigation capacity equals the specified basic protection bandwidth. In this case, you are charged only for basic protection.
    • If you set Burstable Protection to a value greater than the value of Basic Protection and attack traffic is between the specified basic protection bandwidth and the specified burstable protection bandwidth, burstable protection is triggered to defend against the attack. If the peak bandwidth of attacks exceeds the value of Basic Protection, a pay-as-you-go bill is generated based on the difference between the basic protection bandwidth and burstable protection bandwidth.

    After you purchase an instance, you can modify the burstable protection bandwidth of the instance in the console based on your business requirements. For more information, see Modify the burstable protection bandwidth of an instance.

    Resource Group Select the resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.

    For more information about resource groups, see Create a resource group.

    Clean Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 100 to 5000. Unit: Mbit/s.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify are insufficient to meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Function Plan Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 50 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 50. If you use the default value, you can specify only up to five second-level domains. You can also specify subdomains and wildcard domains corresponding to the second-level domains. The total number cannot exceed 50.

    If you want to enable protection for example1.com and example2.com, you can specify their subdomains such as www.example1.com and abc.example2.com. You can also specify the wildcard domain *.example1.com.

    If you want to specify more than 50 domains or enable protection for more than 5 second-level domains, we recommend that you set Domains to an appropriate value based on your business requirements.

    QPS Specify the number of concurrent queries per second (QPS) that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values: 3000 to 100000.
    Ports Specify the number of TCP and UDP ports that are used to forward requests. Valid values: 50 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Plan Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the Insurance or Unlimited plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the Insurance or Unlimited plan from Billing methods of Insurance Plan and Unlimited Plan. To purchase an Anti-DDoS Premium instance of the Insurance or Unlimited plan, perform the following steps:

Notice After you purchase an Anti-DDoS Pro instance, you cannot request a refund.
  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Mitigation Plan Select Insurance or Unlimited based on your requirements. If you select Insurance, the instance that you purchase uses the Insurance plan. If you select Unlimited, the instance that you purchase uses the Unlimited plan.

    For information about the differences between the Insurance and Unlimited plans, see Billing methods of Insurance Plan and Unlimited Plan.

    Note
    Clean Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 100Mbps, 150Mbps, 200Mbps, 250Mbps, and 300Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify are insufficient to meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Function Plan Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 10 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 10. If you use the default value, you can specify only one second-level domain. You can also specify subdomains and wildcard domains corresponding to the second-level domain. The total number cannot exceed 10.

    If you want to enable protection for example.com, you can specify its subdomains such as www.example.com and abc.example.com. You can also specify the wildcard domain *.example.com.

    If you want to specify more than 10 domains or enable protection for more than 1 second-level domain, we recommend that you set Domains to an appropriate value based on your business requirements.

    Clean QPS Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values for each plan:
    • Insurance plan: 500 to 100000
    • Unlimited plan: 1000 to 100000
    Ports Specify the number of TCP and UDP ports that are used to forward requests. Valid values: 5 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the MCA plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the MCA plan from Mainland China Acceleration billing methods. To purchase an Anti-DDoS Premium instance of the MCA plan, perform the following steps:

Notice After you purchase an Anti-DDoS Pro instance, you cannot request a refund.
  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Mitigation Plan Select MCA.
    Clean Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 10Mbps, 20Mbps, 30Mbps, 40Mbps, 50Mbps, 60Mbps, 70Mbps, 80Mbps, 90Mbps, and 100Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify are insufficient to meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the Sec-MCA plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the Sec-MCA plan from Sec-MCA billing methods. To purchase an Anti-DDoS Premium instance of the Sec-MCA plan, perform the following steps:

Notice After you purchase an Anti-DDoS Pro instance, you cannot request a refund.
  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Mitigation Plan Select Sec-MCA.
    Clean Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 10Mbps, 20Mbps, 30Mbps, 40Mbps, 50Mbps, 60Mbps, 70Mbps, 80Mbps, 90Mbps, 100Mbps, 150Mbps, and 200Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify are insufficient to meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Function Plan Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 10 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 10. If you use the default value, you can specify only one second-level domain. You can also specify subdomains and wildcard domains corresponding to the second-level domain. The total number cannot exceed 10.

    If you want to enable protection for example.com, you can specify its subdomains such as www.example.com and abc.example.com. You can also specify the wildcard domain *.example.com.

    If you want to specify more than 10 domains or enable protection for more than 1 second-level domain, we recommend that you set Domains to an appropriate value based on your business requirements.

    Clean QPS Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values:500 to 100000.
    Ports Specify the number of TCP and UDP ports that are used to forward requests. Valid values: 5 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

What to do next

Create an Anti-DDoS Pro or Anti-DDoS Premium instance by calling an API operation