This topic describes how to purchase mitigation plans for different types of Anti-DDoS instances. You can purchase professional plans for Anti-DDoS Pro instances. You can also purchase insurance plans, unlimited plans, Mainland China Acceleration (MCA) plans, or Secured Mainland China Acceleration (Sec-MCA) plans for Anti-DDoS Premium instances.
Select an instance type
- If your workloads are deployed in mainland China, you must purchase a professional plan for an Anti-DDoS Pro instance.
Notice You cannot use Anti-DDoS Pro instances to protect domain names that do not have Internet Content Provider (ICP) numbers. Before you use an Anti-DDoS Pro instance to protect your website, apply for an ICP number for the domain name of your website.
- If your workloads are deployed outside mainland China and and your services are provided to users who are located outside mainland China, you must purchase an insurance plan or unlimited plan for an Anti-DDoS Premium instances.
- If your workloads are deployed outside mainland China and you purchase an Anti-DDoS Premium instance that uses an insurance or unlimited
plan, users in mainland China experience a high network latency. The average network latency is about 300 milliseconds.
We recommend that you consider the following solution:
- If you only need to ensure stable and fast access for users in mainland China, purchase
a Sec-MCA plan for an Anti-DDoS Premium instance. This solution is not applicable
to China Mobile users in mainland China.
Note Sec-MCA provides DDoS scrubbing capabilities and access acceleration. Therefore, you must purchase only a Sec-MCA plan for the Anti-DDoS Premium instance. For more information, see Configure Anti-DDoS Premium Sec-MCA.
- If the preceding solution cannot meet your requirements, we recommend that you purchase
an insurance or unlimited plan and an MCA plan for the Anti-DDoS Premium instance.
Note You must use Sec-Traffic Manager to configure network acceleration rules for the Anti-DDoS Premium instance. If no DDoS attacks are detected, MCA accelerates requests that are destined for protected services. If DDoS attacks are detected, the Anti-DDoS Premium instance that uses an insurance plan or unlimited plan protects the services against DDoS attacks. For more information, see Overview.
- If you only need to ensure stable and fast access for users in mainland China, purchase
a Sec-MCA plan for an Anti-DDoS Premium instance. This solution is not applicable
to China Mobile users in mainland China.
Purchase an Anti-DDoS Pro instance
Purchase an insurance plan or unlimited plan for an Anti-DDoS Premium instance
Purchase an MCA plan for an Anti-DDoS Premium instance
Purchase a Sec-MCA plan for an Anti-DDoS Premium instance
Select the clean bandwidth
You can select an appropriate clean bandwidth value based on the daily inbound and outbound traffic peaks of your workloads that are protected or to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher.
You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using other monitoring tools on your origin server. The traffic described here refers to the normal traffic generated by your workloads.
For example, you use Anti-DDoS Pro or Anti-DDoS Premium to protect your website. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards user traffic to the origin server. However, if your website is under attack, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only user traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound user traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must calculate the sum of the traffic volumes on all origin servers.

For example, you want to connect three websites to an Anti-DDoS Pro or Anti-DDoS Premium instance. The peak of the outbound user traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.