Anti-DDoS Premium offers the Insurance Plan and Unlimited Plan.

Advanced mitigation feature of Anti-DDoS Premium

Integrating all mitigation capacities of Alibaba Cloud Anti-DDoS scrubbing centers around the world, Anti-DDoS Premium defends against DDoS attacks to secure your workloads.

Statistics show that workloads protected by Anti-DDoS Premium are less likely to be attacked. Typically, attackers launch DDoS attacks to cause financial loss to the target workloads. Due to the cost of launching DDoS attacks, repeated failures will cause the attackers to stop. The advanced mitigation feature of Anti-DDoS Premium provides unlimited mitigation capacities and can integrate all mitigation capacities of Alibaba Cloud Anti-DDoS scrubbing centers around the world to secure your workloads.

Notice If the attacks targeting your workloads impact the infrastructure of Alibaba Cloud Anti-DDoS scrubbing centers, Alibaba Cloud reserves the right to throttle the traffic. If traffic throttling is triggered on your Anti-DDoS Premium instance, the protected workloads may be affected. For example, user traffic may also be throttled or even routed to a black hole.

Plans of Anti-DDoS Premium

  • Insurance Plan
    Each month, Anti-DDoS Premium Insurance Plan offers two free advanced mitigation sessions, featuring unlimited mitigation capabilities. When your workloads receive HTTP flood attacks, Anti-DDoS Premium provides unlimited mitigation capacities to protect your workloads within the following 24 hours. This consumes one mitigation session. The number of advanced mitigation sessions is reset to two at the beginning of every month during the service period.
    Note To purchase more advanced mitigation sessions, see Global advanced mitigation.
    For example, a protected IP address suffers DDoS attacks at 11:20:00 (UTC+8), September 12, and an advanced mitigation session is triggered. Within 24 hours, Anti-DDoS Premium provides unlimited mitigation capacities for this IP address. The protected IP address suffers another DDoS attack at 18:50:00 (UTC+8), September 13, and an advanced mitigation session is triggered again. After 24 hours, the advanced mitigation stops and the two advanced mitigation sessions of the Anti-DDoS Premium Insurance plan in September are exhausted. The advanced mitigation sessions are automatically reset to two at the beginning of the following month, which is October 1.

    Insurance Plan is a basic solution of Anti-DDoS Premium and applies to users who are less vulnerable to attacks.

  • Unlimited Plan

    Anti-DDoS Premium Unlimited Plan provides unlimited advanced mitigation capabilities for your workloads. After you purchase the Unlimited plan, Anti-DDoS Premium provides an unlimited number of mitigation sessions to protect your workloads against DDoS attacks.

Pricing of Anti-DDoS Premium

The following table lists the prices of different Anti-DDoS Premium specifications.
Plan Clean bandwidth Advanced mitigation Price (USD/month)
Insurance 100 Mbit/s 2 sessions/month 2,630
Unlimited Unlimited 11,560
Insurance 150 Mbit/s 2 sessions/month 3,420
Unlimited Unlimited 12,610
Insurance 200 Mbit/s 2 sessions/month 4,210
Unlimited Unlimited 13,660
Insurance 250 Mbit/s 2 sessions/month 5,000
Unlimited Unlimited 14,720
Insurance 300 Mbit/s 2 sessions/month 5,570
Unlimited Unlimited 15,770
Note If you need a higher clean bandwidth, contact Alibaba Cloud technical support.
Note Clean bandwidth refers to the maximum bandwidth that can be used by an Anti-DDoS Premium instance to handle workloads when no attack is launched to the workloads. Make sure that the clean bandwidth of the instance is higher than the greater of the inbound and outbound traffic peaks of all workloads connected to the Anti-DDoS Premium instance. For more information about the clean bandwidth, see Bandwidth sizing.

If the actual traffic volume exceeds the clean bandwidth, your workloads may experience traffic throttling or random packet loss, and your normal workloads may be unavailable, slowed down, or delayed for a certain period of time.

Anti-DDoS Premium instances provide the following specifications by default:
Note If your workloads require a specification higher than the default specification, you can upgrade the instance or choose a higher specification when you make the purchase.
Specification Description Default Unit price for capacity expansion (USD/month)
Number of protected ports The number of TCP/UDP ports that can be protected by the instance. 5 Every 5 ports: USD 150/month
Number of protected domain names The number of HTTP/HTTPS domain names that can be protected by the instance. 10
Note Supports one top-level domain only. The subdomains that you add to the instance must belong to the same top-level domain.
  • Every 10 additional domain names (standard function): USD 45/month
  • Every 10 additional domain names (enhanced function): USD 75/month
Note For every 10 additional protected domain names, the total number of supported top-level domains is increased by one.
Workload QPS The maximum concurrent HTTP/HTTPS requests per second supported when your workloads are not under attack.
  • Insurance Plan: 500 QPS
  • Unlimited Plan: 1,000 QPS
Every 100 QPS: USD 150/month

Service expiration

  • You will receive SMS messages or emails that remind you of service expiration and renewals 29, 27, 3, and 1 day before the service expires.
  • If you do not renew the service after it expires, Anti-DDoS Premium only provides the basic mitigation capabilities.
  • After Anti-DDoS Premium expires, it retains the configurations for 30 days. If you renew the service within the 30 days, you can continue to use the DDoS Premium instance. After the 30 days, the Anti-DDoS Premium instance is released and all services are unavailable.

Refunding

Subscription-based Anti-DDoS Premium instances do not support refunding. After you start using a subscription-based Anti-DDoS Premium instance, you cannot cancel the subscription.

Related information

Bandwidth sizing

You can select an appropriate bandwidth specification based on the daily inbound and outbound traffic peaks of all workloads that have or will be connected to the Anti-DDoS Premium instance. Make sure that the maximum bandwidth of the instance is higher than the larger of the inbound and outbound traffic peaks.
Note In most cases, the peak of the outbound traffic is higher than that of the inbound traffic.
You can estimate the actual bandwidth according to the traffic statistics in the ECS console or other monitoring tools on your origin server.
Note Traffic refers to the normal workload traffic.
For example, you can direct all external access requests to an Anti-DDoS Premium instance to secure your workloads. Anti-DDoS Premium can reroute normal access requests to the origin server when your workloads are not under attack. When your workloads are under attack, Anti-DDoS Premium filters and blocks malicious traffic, and only reroutes the normal traffic to the origin server. Therefore, the inbound and outbound traffic displayed in the ECS console is normal traffic. If your workloads are deployed on multiple origin servers, you need to calculate the total traffic volume of all origin servers.

Assume that you need to connect the workloads of three websites to an Anti-DDoS Premium instance, the normal outbound traffic peak of each website does not exceed 50 Mbit/s, and the total workload traffic does not exceed 150 Mbit/s. In this case, you only need to make sure that the maximum bandwidth of the purchased instance is higher than 150 Mbit/s.

Choose a domain protection specification

For every 10 additional protected domain names, the total number of supported top-level domains is increased by one. By default, an Anti-DDoS Pro instance supports a maximum of 10 domain names. In this case, only one top-level domain is supported.

For example, you add the top-level domain abc.com to the instance, and then add 9 subdomains or wildcard domains, such as www.abc.com, *.abc.com, mail.abc.com, user.pay.abc.com, and x.y.z.abc.com.

Note All the domain names, including the top-level domain abc.com, consume the quota.
If you want to connect two different top-level domains or their subdomains to the Anti-DDoS Premium instance, you need to increase the quota. Assume that you have added abc.com or its subdomains to an Anti-Premium instance, and try to add another top-level domain xyz.com or its subdomains, the following message appears:
The quota of top-level domains has been exceeded. Upgrade the instance to increase the quota.

In this case, you must upgrade the instance to support an additional 10 domains.