This topic describes the billing methods of Anti-DDoS Premium.


Anti-DDoS Premium provides Advanced Mitigation to defend against DDoS attacks for instances deployed outside mainland China.The number of advanced mitigation sessions that you can use depends on the mitigation plan that you purchase: Insurance Plan and Unlimited Plan .

Anti-DDoS Premium is charged only in the subscription billing method. To use Anti-DDoS Premium to protect your workload, you must first purchase an Anti-DDoS Premium instance, and specify the mitigation plan, instance specifications, and subscription duration. The instance is ready for use after you complete the payment. An Anti-DDoS Premium instance provides advanced mitigation services within the subscription duration.

Advanced mitigation
Advanced mitigation protects your workload against DDoS attacks by integrating with Alibaba Cloud Anti-DDoS scrubbing centers outside mainland China.

Services protected by Anti-DDoS Premium are less likely to be attacked. In most cases, attackers launch DDoS attacks to cause financial loss of the victims. Considering the costs of launching DDoS attacks, the attackers stop the DDoS attacks when they fail to reach the target.

Anti-DDoS Premium provides unlimited advanced mitigation sessions, and integrates with all Alibaba Cloud Anti-DDoS scrubbing centers outside mainland China to safeguard your workload.

Notice If the attacks launched to your workload threaten the infrastructure of Anti-DDoS scrubbing centers, Alibaba Cloud reserves the right to throttle the network traffic. When traffic throttling is triggered for your Anti-DDoS Premium instance, your workload may be adversely affected. For example, user traffic may be throttled or even routed to a black hole.
Insurance plan
Insurance plan is a starter mitigation plan of Anti-DDoS Premium. Two advanced mitigation sessions are provided monthly in this plan to protect users that are less likely to be attacked. Advanced mitigation is automatically triggered when a DDoS attack targeting your workload is detected. Then, an advanced mitigation session is consumed to provide unlimited mitigation the next 24 hours. The number of available advanced mitigation sessions is automatically reset at the first day of each month.

For example, a protected IP address receives a volumetric DDoS attack at 11:20:00 (UTC+8), September 12, 2019, and an advanced mitigation is triggered. Anti-DDoS Premium then consumes one mitigation session to offer unlimited protection for the IP address the next 24 hours. Then, the IP address suffers another volumetric DDoS attack at 18:50:00 (UTC+8), September 13, 2019, and advanced mitigation is triggered again. After 24 hours, the advanced mitigation stops. The two advanced mitigation sessions of Anti-DDoS Premium Insurance Plan for September are exhausted. The number of available advanced mitigation sessions is reset to two on October 1, 2019.

Billing example
Note If the two advanced mitigation sessions provided per month cannot meet your business needs, we recommend that you can purchase global advanced mitigation. For more information, see Global advanced mitigation.
Unlimited Plan
Anti-DDoS Premium Unlimited Plan provides unlimited mitigation sessions. If you purchase Unlimited Plan, Anti-DDoS Premium provides unlimited mitigation sessions to protect your workloads against DDoS attacks.


The table below lists prices of Anti-DDoS Premium based on different clean bandwidth values. Anti-DDoS Premium provides standard function and enhanced function plans. Fees vary based on the function plan that you choose. For more information, see Function plan.

Clean bandwidth
Clean bandwidth refers to the maximum bandwidth that an Anti-DDoS Premium instance can use to handle workloads when no attacks are detected. The clean bandwidth of an instance must be greater than the peak volume of the inbound or outbound traffic of the protected workload, whichever is higher.
Warning If the actual bandwidth exceeds the clean bandwidth of the instance, traffic throttling and packet loss may occur. As a result, your workload may become unavailable or respond slowly within a period of time.

For more information about clean bandwidth and how to select the clean bandwidth, see Clean bandwidth.

Note If the specifications of clean bandwidth listed below cannot meet your business needs, submit a ticket to contact us.
Mitigation plan Clean bandwidth Unit price of standard function (USD/month) Unit price of enhanced function (USD/month)
Insurance Plan

Two advanced mitigation sessions/month

100 Mbps 2,630 3,830
150 Mbps 3,420 4,620
200 Mbps 4,210 5,410
250 Mbps 5,000 6,200
300 Mbps 5,570 6,770
Unlimited Plan

Unlimited advanced mitigation sessions

100 Mbps 11,560 12,760
150 Mbps 12,610 13,810
200 Mbps 13,660 14,860
250 Mbps 14,720 15,920
300 Mbps 15,770 16,970

The table below lists the default specifications of an Anti-DDoS Premium instance and the prices for upgrades. If the default specifications cannot meet your needs, specify higher specifications when you purchase the instance or upgrade the instance after you purchase it.

Specification Description Default Price for upgrades
Number of protected ports The number of TCP and UDP ports that the instance protects. 5 Every 5 ports: USD 150/month
Number of protected domains The number of HTTP and HTTPS domains that the instance protects. 10
Note The 10 domains can correspond to only one top-level domain. This means that the domains protected by an instance must belong to the same top-level domain. For more information, see Domains.
  • Standard function plan: USD 45/month for every 10 domains
  • Enhanced function plan: USD 75/month for every 10 domains
Note For every 10 domains added, the total number of supported top-level domains increases by one.
QPS The maximum number of HTTP and HTTPS requests that the instance can concurrently process per second if no attacks are detected
  • Insurance plan: 500 QPS
  • Unlimited plan: 1,000 QPS
Every 100 QPS: USD 150/month

Instance expiration

Instance status Description
Before expiration Alibaba Cloud reminds you through SMS messages, emails, and internal messages seven, three, and one day before the expiration date.
Within 30 days after expiration
  • Impact on mitigations:

    If an Anti-DDoS premium instance is not renewed before the expiration date, the instance stops protecting your workload after it expires. The mitigation capacity is restored to the default free protection capacity.

  • Impact on configurations:

    After an Anti-DDoS Premium instance expires, the configurations are retained for a month (30 days). If you renew the instance within 30 days, you can still use the instance.

30 days after expiration If you do not renew an Anti-DDoS Premium instance within 30 days after the instance expires, the instance and its configurations are automatically released. If you want to continue using Anti-DDoS Premium, you must purchase another Anti-DDoS Premium instance and complete the configurations.


The subscription fees paid for an Anti-DDoS Premium instance cannot be refunded after you purchase the instance.

Related topics