All Products
Search
Document Center

Anti-DDoS:Manage instances

Last Updated:Feb 22, 2024

This topic describes how to manage Anti-DDoS Pro and Anti-DDoS Premium instances. For example, you can modify the burstable protection bandwidth, configure the burstable clean bandwidth, and configure the burstable queries per second (QPS) of instances. You can also upgrade and renew instances.

Overview

The following table describes the operations that are supported by Anti-DDoS Pro instances and Anti-DDoS Premium instances.

Instance type

Supported operation

Description

Anti-DDoS Pro

Modify the burstable protection bandwidth of an instance

The burstable protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate. For more information, see Burstable protection bandwidth.

Configure the burstable clean bandwidth of an instance

After you enable the burstable clean bandwidth feature, you can specify a burstable clean bandwidth to increase the upper limit of the total bandwidth that is supported by the instance. You are charged for the burstable clean bandwidth that is consumed when your peak service traffic exceeds the clean bandwidth. For more information, see Billing of the burstable clean bandwidth feature.

Configure the burstable QPS of an instance

After you enable the burstable QPS feature, you can specify a burstable clean QPS to increase the upper limit of the total QPS that is supported by the instance. You are charged for the burstable QPS that is consumed when your peak service QPS exceeds the clean QPS. For more information, see Billing of the burstable QPS feature.

Upgrade an instance

If the specifications of the instance cannot meet your business requirements, you can upgrade the specifications of the instance in the Anti-DDoS Pro console. The specifications include the function plan, clean bandwidth, and the numbers of protected domain names and ports.

Renew an instance

If the instance expires, the instance is released. We recommend that you manually renew the instance before the expiration date or enable auto-renewal.

Purchase global advanced mitigation sessions

Only Anti-DDoS Pro instances of the Advanced mitigation plan support global advanced mitigation sessions.

If the number of advanced mitigation sessions that are provided free of charge by an Anti-DDoS Pro instance of the Advanced mitigation plan per month cannot meet your business requirements, you can purchase global advanced mitigation sessions. For more information, see Billing of advanced mitigation sessions.

Manage tags of instances

After you create a custom tag, you can add the tag to instances that have the same purpose or attribute. This allows you to classify instances and query multiple instances at a time.

Anti-DDoS Premium

Configure the burstable QPS of an instance

After you enable the burstable QPS feature, you can specify a burstable clean QPS to increase the upper limit of the total QPS that is supported by the instance. You are charged for the burstable QPS that is consumed when your peak service QPS exceeds the clean QPS. For more information, see Billing of the burstable QPS feature.

Upgrade an instance

If the specifications of the instance cannot meet your business requirements, you can upgrade the specifications of the instance in the Anti-DDoS Premium console. The specifications include the function plan, clean bandwidth, and the numbers of protected domain names and ports.

Renew an instance

If the instance expires, the instance is released. We recommend that you manually renew the instance before the expiration date or enable auto-renewal.

Purchase global advanced mitigation sessions

Only Anti-DDoS Premium instances of the Insurance, Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans support global advanced mitigation sessions.

If the number of advanced mitigation sessions that are provided free of charge by instances of the preceding types per month cannot meet your business requirements, you can purchase global advanced mitigation sessions. For more information, see Billing of advanced mitigation sessions.

Modify the burstable protection bandwidth of an instance

You can specify the basic protection bandwidth and burstable protection bandwidth for an Anti-DDoS Pro instance. The burstable protection bandwidth must be greater than or equal to the basic protection bandwidth.

If you do not specify the burstable protection bandwidth, the basic protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate. If you specify the burstable protection bandwidth, the burstable protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate.

Note

To modify the basic protection bandwidth, you must upgrade your instance. To modify the burstable protection bandwidth, you can change the bandwidth value in the Anti-DDoS Pro console or upgrade your instance at any time.

  1. Log on to the Anti-DDoS Pro console.

  2. In the left-side navigation pane, choose Assets > Instances.

  3. Find the instance that you want to manage and click the image..png icon to the right of Protection Bandwidth: in the Instance Status column.

  4. In the Modify Burstable Clean Bandwidth dialog box, select a value and click OK.

    The maximum burstable protection bandwidth that you can specify varies based on the basic protection bandwidth of the instance. If the maximum burstable protection bandwidth that you specified cannot meet your business requirements, we recommend that you increase the basic protection bandwidth of the instance. For more information, see Upgrade an instance.

Configure the burstable clean bandwidth

If your service traffic occasionally spikes, we recommend that you enable the burstable clean bandwidth feature for your instance. This helps prevent packet loss when the peak service traffic exceeds the clean bandwidth of your instance.

Precautions

The maximum clean bandwidth is equal to the sum of the clean bandwidth and the burstable clean bandwidth. The following list describes the maximum clean bandwidth that is supported by each type of instance:

  • Anti-DDoS Pro of the Profession and Advanced mitigation plans: 20 Gbit/s.

  • Anti-DDoS Premium of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Premium of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Premium of the CMA 2.0 mitigation plan: 2 Gbit/s. Anti-DDoS Premium of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.

The burstable clean bandwidth cannot exceed nine times the clean bandwidth of an instance, and the sum of the clean bandwidth and the burstable clean bandwidth cannot exceed the maximum clean bandwidth that is supported by an instance. In the following examples, an Anti-DDoS Pro instance of the Profession mitigation plan is used, and the instance supports a maximum clean bandwidth of 20 Gbit/s.

  • If the product of the clean bandwidth and 10 is less than or equal to the maximum clean bandwidth that is supported by the instance, the maximum burstable clean bandwidth is the product of the clean bandwidth and 9.

    For example, if the clean bandwidth of the instance is 100 Mbit/s, the maximum burstable clean bandwidth is 900 Mbit/s. In this case, the instance can process service traffic of up to 1 Gbit/s.

  • If the product of the clean bandwidth and 10 is greater than the maximum clean bandwidth that is supported by the instance, the maximum burstable clean bandwidth is the difference between the maximum clean bandwidth that is supported by the instance and the clean bandwidth.

    For example, if the clean bandwidth of the instance is 3 Gbit/s, the maximum burstable clean bandwidth is 17 Gbit/s. In this case, the instance can process service traffic of up to 20 Gbit/s.

  • If the clean bandwidth of the instance is greater than the maximum clean bandwidth that is supported by the instance, you cannot enable the burstable clean bandwidth feature for the instance.

Procedure

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Assets > Instances.

  4. Find the instance that you want to manage and click the 铅笔图标 icon to the right of Instance Specification in the Burstable Clean Bandwidth column.

  5. In the dialog box, configure the parameters and click OK.

    Operation

    Procedure

    Enable the burstable clean bandwidth feature

    Turn on Enable Burstable Clean Bandwidth and configure the Metering Method and Burstable Clean Bandwidth parameters.

    Modify the burstable clean bandwidth

    • Change the value of the Metering Method parameter

      After the change, the new value of the Metering Method parameter is displayed, and the message "(The metering method is changed and the new metering method takes effect next month.)" is displayed. The new metering method takes effect at 00:00 on the first day of the next month. You can change the metering method up to three times each calendar month. The last metering method that you select takes effect in the next month. You cannot change the metering method on the last day of a calendar month.

    • Change the value of the Burstable Clean Bandwidth parameter

    Disable the burstable clean bandwidth feature

    Turn off Enable Burstable Clean Bandwidth. You can disable the burstable clean bandwidth feature only once a month.

    Important

    The burstable clean bandwidth feature is automatically disabled in the following scenarios:

    • Your instance expires. Expired instances do not provide services.

    • Your Alibaba Cloud account has an overdue payment. In this case, all services that are charged based on the pay-as-you-go billing method become unavailable.

    To continue using the burstable clean bandwidth feature, you must renew your instance, or settle the overdue payment and enable the feature.

Configure the burstable QPS of an instance

If your service QPS occasionally spikes, we recommend that you enable the burstable QPS feature for your instance. This helps prevent packet loss when the peak service QPS exceeds the clean QPS of your instance.

  • The following table describes the mappings between the numbers of connections that are supported by an Anti-DDoS Pro or Anti-DDoS Premium instance and the clean queries per second (QPS) of the instance when the burstable QPS feature is disabled for the instance.

    Clean QPS

    Number of new connections

    Number of concurrent connections

    0 < QPS ≤ 5,000

    5,000

    100,000

    5,000 < QPS ≤ 10,000

    10,000

    200,000

    10,000 < QPS ≤ 30,000

    30,000

    500,000

    30,000 < QPS ≤ 50,000

    50,000

    1,000,000

    50,000 < QPS ≤ 100,000

    80,000

    1,500,000

    100,000 < QPS ≤ 150,000

    100,000

    2,000,000

  • The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Pro instance:

    • If the instance uses an IPv4 address, the burstable QPS for the instance is 300,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.

    • If the instance uses an IPv6 address, the burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.

  • The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Premium instance:

    The burstable QPS for the instance is 100,001, the number of new connections 100,000, and the number of concurrent connections 2,000,000.

Important

The following section describes the scenarios in which the burstable QPS feature is not supported:

  • An Anti-DDoS Pro instance uses an IPv4 address and the clean QPS of the instance is greater than 300,000.

  • An Anti-DDoS Pro instance uses an IPv6 address and the clean QPS of the instance is greater than 150,000.

  • The clean QPS of an Anti-DDoS Premium instance is greater than 100,001.

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Assets > Instances.

  4. Find the instance that you want to manage and click the 铅笔图标 icon to the right of Instance Specification in the Burstable QPS column.

  5. In the Burstable QPS dialog box, configure the parameters and click OK.

    Operation

    Procedure

    Enable the burstable QPS feature

    Turn on Enable Burstable QPS and configure the Metering Method parameter. You cannot change the value of the Burstable QPS Specifications parameter.

    Modify the settings of the burstable QPS feature

    You can change only the value of the Metering Method parameter.

    After the change, the new value of the Metering Method parameter is displayed, and the message "(The metering method is changed and the new metering method takes effect next month.)" is displayed. The new metering method takes effect at 00:00 on the first day of the next month. You cannot change the metering method on the last day of a calendar month.

    Disable the burstable QPS feature

    Turn off Enable Burstable QPS. You can disable the burstable QPS feature only once in a month.

    Important

    The burstable QPS feature is automatically disabled in the following scenarios:

    • Your instance expires. Expired instances do not provide services.

    • Your Alibaba Cloud account has an overdue payment. In this case, all services that are charged based on the pay-as-you-go billing method become unavailable.

    To continue using the burstable QPS feature, you must renew your instance or settle the overdue payment and enable the feature.

Upgrade an instance

An instance upgrade indicates an upgrade of the instance specifications. After you upgrade your instance, you must pay the price difference for the remaining validity period of the instance.

Important

After you upgrade your instance, you cannot downgrade the instance.

Procedure

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Assets > Instances.

  4. Find the instance that you want to upgrade and click Upgrade in the Actions column.

  5. On the Upgrade/Downgrade page, increase the specifications based on your business requirements. Read and select Terms of Service, click Buy Now, and then complete the payment.

Renew an instance

Before your instance is released, you can manually renew the instance to extend the subscription duration. To avoid the adverse effects of instance expiration on your services, you can also enable auto-renewal before your instance expires. This way, Alibaba Cloud automatically renews the instance when the instance is about to expire.

Manually renew the instance

Before your instance is released, you can manually renew the instance and retain the original configurations of the instance. After the instance is released, you cannot manually renew the instance.

We recommend that you manually renew your instance based on the following suggestions:

  • Anti-DDoS Pro instance: Renew your Anti-DDoS Pro instance any time before the expiration date or within seven calendar days after the expiration date. This prevents adverse effects on service traffic forwarding.

  • Anti-DDoS Premium instance: Renew your Anti-DDoS Premium instance any time before the expiration date or within 30 calendar days after the expiration date. This prevents adverse effects on service traffic forwarding.

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Assets > Instances.

  4. Find the instance that you want to renew and click Actions in the Renew column.

  5. On the Renew page, configure the Subscription parameter, which specifies the duration of the renewal subscription. Read and select Terms of Service, click Buy Now, and then complete the payment.

Enable auto-renewal

You can enable auto-renewal only within two or more calendar days before the instance expires. If your instance is about to expire on the following day, you must manually renew the instance.

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, choose Expenses > Renewal Management.续费管理

  3. On the Manual tab, find the instance that you want to renew and click Enable Auto Renewal in the Actions column.

  4. In the Enable Auto Renewal dialog box, configure the Unified Auto Renewal Cycle parameter and click Auto Renew.

After you enable auto-renewal for the instance, you can view the auto-renewal settings of the instance on the Auto tab. Alibaba Cloud automatically deducts fees from your account balance to renew your instance nine calendar days before the expiration date. If you no longer require auto-renewal for your instance, you can enable manual renewal for your instance on the Auto tab.

Purchase global advanced mitigation sessions

After you purchase global advanced mitigation sessions, the system uses the global advanced mitigation sessions to defend against DDoS attacks if the provided advanced mitigation sessions are exhausted. This helps prevent service interruptions.

  • To purchase global advanced mitigation sessions for Anti-DDoS Pro instances of the Advanced mitigation plan, log on to the Anti-DDoS Pro console.

  • To purchase global advanced mitigation sessions for Anti-DDoS Premium instances of the Insurance and Sec-CMA mitigation plans, log on to the Anti-DDoS Premium console.

The following example describes how to purchase global advanced mitigation sessions for Anti-DDoS Premium instances of the Insurance or Sec-CMA mitigation plan.

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select Outside Chinese Mainland.

  3. In the left-side navigation pane, choose Assets > Instances.

  4. In the upper-right corner of the Instances page, click Purchase.

  5. On the Global Advanced Mitigation page, select Insurance or Sec-MCA for Product, and set Mitigation Quantity to the number of global advanced mitigation sessions that you want to purchase.

  6. Click Buy Now and complete the payment.

    After you purchase global advanced mitigation sessions, you can view the numbers of available advanced mitigation sessions for the instances of the Insurance and Sec-CMA mitigation plans above the instance list. You can also click Details to view the purchase time, expiration time, and usage of the global advanced mitigation sessions.高级防护次数展示

Manage tags of instances

A tag consists of a key and a value. You can use tags to group and search for instances.

  1. Log on to the Anti-DDoS Pro console.

  2. In the left-side navigation pane, choose Assets > Instances.

  3. On the Instances page, perform the following operations based on your business requirements.

    Operation

    Procedure

    Add a tag to an instance

    1. On the Instances page, find the instance that you want to manage and click the 编辑标签 icon in the Tag column.

    2. In the Edit Tag dialog box, add a tag to the instance and click OK. You can use one of the following methods to set this parameter:

      • To add an existing tag, you can click Select Tag and select a tag key and a tag value from the tag list.

      • To create a tag, you can click Add Tag, specify Tag Key and Tag Value, and then click OK.

    Note

    You can add up to 20 tags to an instance. The key of each tag that is added to an instance must be unique. If you add a tag that has the same key as an existing tag, the value of the new tag overwrites the value of the existing tag.

    Search for an instance by tag

    On the Instances page, select a tag key and a tag value in the Tag search box.

    Remove tags

    You can remove tags only from one instance at a time.

    1. On the Instances page, find the instance that you want to manage and click the 编辑标签 icon in the Tag column.

    2. In the Edit Tag dialog box, click the 删除 icon next to the tag that you want to remove and click OK.

    Note

    If you remove a tag from an instance and the tag is not added to other instances, the tag is deleted.

References