This topic describes the billing methods of the Anti-DDoS Premium Insurance and Unlimited mitigation plans.
Anti-DDoS Premium provides advanced mitigation1 to protect your services that are deployed in regions outside mainland China against DDoS attacks. The number of advanced mitigation sessions that you can use varies based on the mitigation plan that you purchase: Insurance2 or Unlimited3.
Anti-DDoS Premium supports only the subscription billing method. Before you use Anti-DDoS Premium, you must purchase an Anti-DDoS Premium instance. When you purchase an Anti-DDoS Premium instance, you must specify the mitigation plan, instance specifications, and subscription period and complete the payment. The Anti-DDoS Premium instance provides advanced mitigation within the specified subscription period.
- 1Advanced mitigation
- Advanced mitigation integrates with all Alibaba Cloud Anti-DDoS scrubbing centers
outside mainland China to protect your services against DDoS attacks. Advanced mitigation
provides unlimited protection.
Services protected by Anti-DDoS Premium are less vulnerable to DDoS attacks. In most cases, the goal of DDoS attacks is to disrupt your services. The cost of launching a DDoS attack is relatively high. If attackers cannot achieve their goal within the time frame, they stop their attacks.
Anti-DDoS Premium provides unlimited advanced mitigation and integrates with all Alibaba Cloud Anti-DDoS scrubbing centers outside mainland China to protect your services.Notice If attacks launched against your services threaten the infrastructure of the Anti-DDoS scrubbing centers, Alibaba Cloud reserves the rights to throttle network traffic. If throttling is triggered for your Anti-DDoS Premium instance, your services may be adversely affected. For example, the network traffic may be throttled, or blackhole filtering is triggered.
- 2Insurance mitigation plan
- The Insurance mitigation plan is a basic mitigation plan for Anti-DDoS Premium. The
Insurance mitigation plan provides two advanced mitigation sessions per month and
is suitable for users who are less likely to be targeted. If DDoS attacks are detected,
advanced mitigation is triggered and one advanced mitigation session is consumed to
provide unlimited protection over the next 24 hours. The number of advanced mitigation
sessions that are available is automatically reset to two on the first day of each
For example, a volumetric DDoS attack was detected on a protected IP address at 11:20:00 on September 12 (UTC+8), and advanced mitigation was triggered. One advanced mitigation session was consumed to provide unlimited protection for the IP address over the next 24 hours. Then, another volumetric DDoS attack was detected on the same IP address at 18:50:00 on September 13 (UTC+8), and advanced mitigation is triggered. Another advanced mitigation session was consumed because this attack happened 24 hours after the first attack. In this case, the two sessions included in the Insurance mitigation plan were exhausted for September. The number of advanced mitigation sessions that are available is reset to two on October 1.Note If the two advanced mitigation sessions that are provided per month cannot meet your business needs, we recommend that you also purchase global advanced mitigation. For more information, see Billing methods for global advanced mitigation.
- 3Unlimited mitigation plan
- The Unlimited mitigation plan provides unlimited advanced mitigation sessions. If you purchase the Unlimited mitigation plan, Anti-DDoS Premium provides unlimited protection to protect your services against DDoS attacks all the time.
The following table lists the prices of an Anti-DDoS Premium instance based on different clean bandwidths4 when the default specifications are used. Anti-DDoS Premium provides the Standard and Enhanced function plans. The prices vary based on the function plan. For more information about the Standard and Enhanced function plans, see Function plan.
- 4Clean bandwidth
Clean bandwidth specifies the maximum bandwidth that an Anti-DDoS Premium instance can use to manage service traffic if no attacks occur. The clean bandwidth of an instance must be greater than the peak volume between the inbound and outbound traffic of protected services.Warning If the actual bandwidth exceeds the clean bandwidth of the instance, throttling and packet loss may occur. In this case, your services may become unavailable, freeze, or slow down for a period of time.
|Mitigation plan||Clean bandwidth||Unit price of the Standard function plan (USD/month)||Unit price of the Enhanced function plan (USD/month)|
Two advanced mitigation sessions per month
Unlimited advanced mitigation sessions
The following table lists the default specifications of an Anti-DDoS Premium instance and the prices for upgrades. If the default specifications cannot meet your business needs, you can choose higher specifications when you purchase the instance. You can also upgrade the instance after you purchase it.
|Item||Description||Default value||Price for upgrades|
|Number of protected ports||The number of TCP and UDP ports that the instance can protect||5||Price for every five ports: USD 150/month|
|Number of protected domain names||The number of HTTP and HTTPS domain names that the instance can protect||10
Note You can add one second-level domain name and nine subdomains of this second-level domain name. Alternatively, you can add 10 domain names that belong to a second-level domain name.
Note For every 10 additional domain names, the total number of second-level domain names that are supported is increased by one.
|Queries per second (QPS)||The maximum number of HTTP and HTTPS requests that the instance can concurrently process per second if no attacks occur||
||Price for every 100 QPS: USD 150/month|
|Time period||Protection capability||Traffic forwarding||Instance configuration|
|From the expiration date to 30 (excluded) calendar days after the expiration date||The instance provides only the basic protection against attacks of 5 Gbit/s.
If you renew your instance within this time period, the instance continues to provide the protection capabilities based on the plan that you purchased.
|The instance still forwards service traffic.||Instance configurations are retained.|
|30 (included) calendar days after the expiration date to later points in time||The instance provides only the basic protection against attacks of 5 Gbit/s.||The instance no longer forwards service traffic.
Warning If you no longer need Anti-DDoS Premium, you must switch service traffic from the Anti-DDoS Premium instance to the origin server 30 calendar days before the expiration date. Otherwise, access to your services may be adversely affected. If you want to switch service traffic, make sure that the domain name of your website does not map to the CNAME assigned by Anti-DDoS Premium. You must also make sure that your non-website service does not use an exclusive IP address provided by the instance.
|The Anti-DDoS Premium instance is released, and the configurations of the instance,
such as access configurations, mitigation settings, and reports, are permanently deleted.
If you want to use Anti-DDoS Premium again, you must purchase and configure another Anti-DDoS Premium instance.
The subscription of a subscription Anti-DDoS Premium instance cannot be canceled before the expiration date. The 5-day money-back guarantee is not provided for the subscription. After an Anti-DDoS Premium instance is created, the fees you paid cannot be refunded.