This topic explains how to query the usage details for Anti-DDoS Origin 2.0 instances.
Usage notes
In scenarios involving multi-account management, protection details for public IP assets under member accounts can only be queried through the management account. Member accounts do not support this query function. For more information, see Use the multi-account management feature.
Pay-as-you-go instances
Query usage details
Go to the Billing Management page of the Traffic Security console.
On the Pay-as-you-go Instances tab, view the usage overview and details for the current month.
Usage details
Description
Feature Enabling
Charged based on the number of days the feature is enabled. The fee varies depending on the region where your protected assets reside.
Protected IP Address
Includes the number of IP addresses of regular Alibaba Cloud services and EIPs with Anti-DDoS (Enhanced) enabled.
Charged based on the number of protected IP addresses. The actual fee is calculated based on the tiered prices.
The number of IP addresses on Day T is collected on Day T+1. The number of IP addresses at approximately 23:00 (UTC+8) on Day T is used for billing.
In multi-account management scenarios, the numbers of protected IP addresses in the current Alibaba Cloud account and member accounts are separately displayed.
Clean Bandwidth
Clean bandwidth refers to the normal service traffic generated by cloud services, excluding the attack traffic. You can query the traffic usage and billing for a specified date. Detailed traffic data can also be viewed by region and asset IP address. For more information, see the Query traffic usage section below.
To simplify and unify the billing model, the service traffic of a cloud service is calculated based on the larger value between the inbound and outbound service traffic.
Service traffic protection unit prices differ for regular Alibaba Cloud services and EIPs with Anti-DDoS (Enhanced). Billing for each is separate.
Service traffic from regions in and outside the Chinese mainland is separately billed based on the tiered prices.
The service traffic protection usage on Day T is calculated on Day T+1.
If the multi-account management feature is enabled, the service traffic protection usage in the current Alibaba Cloud account and the members is separately displayed.
Query traffic usage
A minimum traffic mechanism is employed when calculating traffic. If daily service traffic falls below the daily minimum threshold, billing will reflect the daily minimum traffic amount.
Asset type | Region of the IP addresses | Number of IP addresses | Minimum service traffic of each IP address |
Regular Alibaba Cloud service | Regions in the Chinese mainland | No minimum service traffic mechanism is used. The actual service traffic is used for billing. | |
Regions outside the Chinese mainland | |||
EIP with Anti-DDoS (Enhanced) enabled | Regions in the Chinese mainland | [0, 30] | 0 GB |
[31, 99] | 20 GB | ||
[100, +∞) | 40 GB | ||
Regions outside the Chinese mainland | No minimum service traffic mechanism is used. The actual service traffic is used for billing. | ||
Example 1: The EIP with Anti-DDoS (Enhanced) enabled has 32 IP addresses, where 12 IPs have a daily traffic of 10 GB each, and 20 IPs have a daily traffic of 15 GB each.
The daily traffic billing is 32*20=640 GB.
Example 2: The EIP with Anti-DDoS (Enhanced) enabled has 32 IPs, where 12 IPs have a daily traffic of 30 GB each, and 20 IPs have a daily traffic of 15 GB each.
The daily traffic billing is 30*12+20*20=760 GB.
Go to the Billing Management page of the Traffic Security console.
On the Pay-as-you-go Instances tab, view the traffic usage for regular Alibaba Cloud services and EIPs with Anti-DDoS (Enhanced) enabled.
Data description:
①: Displays the billing of service traffic for the current month. Data can also be viewed by region.
②: Displays the billing of service traffic for a specified date.
③: Displays the traffic usage and billing for a specified date. Detailed traffic usage can also be viewed by region and IP address.
Usage by Region: Click Details in the Usage by Region column to view traffic usage by region.
Usage by Asset: Click Details in the Usage by Asset column to view traffic usage and billing by asset IP address. You can also click Export at the bottom of the Usage by Asset tab to export all content in XLSX format.
Query bandwidth limits on EIPs with Anti-DDoS (Enhanced) enabled
The bandwidth limit applies only to EIPs with Anti-DDoS (Enhanced) enabled. Regular Alibaba Cloud services are not affected. The following rules apply based on the region of the protected public IP assets. Click Details to request an adjustment to the peak bandwidth.
Peak inbound bandwidth for local access: If a client and an EIP with Anti-DDoS (Enhanced) enabled are in the same region outside the Chinese mainland, the peak inbound bandwidth is 2 Gbit/s. For the same region within the Chinese mainland, it is 20 Gbit/s.
Peak inbound bandwidth for cross-region access: If an EIP with Anti-DDoS (Enhanced) enabled is outside the Chinese mainland and the client is in a different region also outside the Chinese mainland, the peak inbound bandwidth is 100 Mbit/s. If both are in different regions within the Chinese mainland, the peak inbound bandwidth is unlimited.
Go to the Billing Management page of the Traffic Security console.
On the Pay-as-you-go Instances tab, view the traffic usage of the current month for EIPs with Anti-DDoS (Enhanced) enabled.
The bandwidth limits are based on the region of the protected public IP assets. Click Details in the upper-right corner of the Billing Management page to request an adjustment to the peak bandwidth.
Subscription instances
Query specification over-limit alerts
You can only query alerts generated within the last 30 days.
Anti-DDoS Origin allows your clean bandwidth to exceed the clean bandwidth of your Anti-DDoS Origin instance for a short period of time. If the period exceeds 36 hours, the Anti-DDoS Origin mitigation becomes invalid and only basic mitigation capabilities are provided. After exceeding the limit, Alibaba Cloud will send an over-limit notification through the channels you have configured in the message notifications.
To restore Anti-DDoS Origin mitigation capabilities, you can:
Wait for automatic restoration in the next month.
For Anti-DDoS Origin 2.0 (Subscription) Enterprise instances, you can enable the burstable clean bandwidth feature to restore the capabilities. This will increase the clean bandwidth by four times.
Upgrade the clean bandwidth of your Anti-DDoS Origin instance. Once upgraded, protection will automatically restore, and the overuse time will reset.
ImportantIf the clean bandwidth exceeded the limit for 36 hours before using Method 2 and 3, resulting in the Anti-DDoS Origin mitigation being disabled, any further overages that month will downgrade protection the next day.
If the clean bandwidth exceeded the limit but not yet 36 hours before using Method 2 and 3, the over-limit duration will continue to accumulate. Once the total reaches 36 hours, protection will downgrade the next day.
Go to the Billing Management page of the Traffic Security console.
On the Subscription Instances tab, select Alerts on Exceeded Upper Limits. You can also click Details in the Actions column to view the trends for inbound bandwidth, outbound bandwidth, and clean bandwidth.
Query usage of burstable clean bandwidth
The burstable clean bandwidth feature is available only for Enterprise Edition instances and offers two billing methods: Daily 95th Percentile and Monthly 95th Percentile. For more information, see Anti-DDoS Origin 2.0 (Subscription).
Go to the Billing Management page of the Traffic Security console.
On the Subscription Instances tab, select Daily 95th Percentile or Monthly 95th Percentile. You can also click View in the Actions column to view detailed information such as the total peak traffic.
Billing method
Data description
Daily 95th Percentile Bandwidth
The Total Peak Traffic is determined by recording the peak service traffic every five minutes within a calendar day, resulting in 288 values per day. Values recorded during DDoS attacks are excluded, and the top 5 values are discarded. The highest of the remaining values is used as the Total Peak Traffic.
The Exceeding Clean Bandwidth is the total peak traffic minus the clean bandwidth.
The 95th Percentile Bandwidth is the lower of the total peak traffic or total service bandwidth minus the clean bandwidth, where the total service bandwidth is five times the clean bandwidth.
Monthly 95th Percentile Bandwidth
The Total Peak Traffic is calculated as follows:
Daily bandwidth peaks are obtained by recording the peak service traffic every five minutes within a calendar day, resulting in 288 values per day. Values recorded during DDoS attacks are excluded, and the highest value among the remaining values is taken.
The daily bandwidth peaks within a calendar month are sorted in descending order. The average of the top 5 values is calculated as the total peak traffic.
The Exceeding Clean Bandwidth is calculated as the total peak traffic minus the clean bandwidth, where the clean bandwidth is the minimum service bandwidth on the last day of the month when the burstable clean bandwidth feature is enabled.
The 95th Percentile Bandwidth is the lesser of the total peak traffic or total service bandwidth minus the clean bandwidth.
The total service bandwidth is calculated as five times the highest value among the clean bandwidths corresponding to the top 5 daily bandwidth peaks.
The clean bandwidth is defined as the minimum service bandwidth recorded on the last day of the month when the burstable clean bandwidth feature is enabled.
References
For more information on the fees for Anti-DDoS Origin 2.0 instances, see Anti-DDoS Origin 2.0 (Subscription) and Anti-DDoS Origin 2.0 (Pay-as-you-go).