When a DDoS attack pushes traffic above your basic protection bandwidth, Anti-DDoS Pro and Anti-DDoS Premium (the Chinese mainland) charge pay-as-you-go burstable protection fees for that day. Anti-DDoS plans are free credits that absorb those burst charges — so you are not billed when attacks temporarily exceed your baseline.
Anti-DDoS plans apply only to Anti-DDoS Pro and Anti-DDoS Premium (the Chinese mainland). Instances outside the Chinese mainland are not supported. Contact your account manager for alternatives.
How plans work
A plan offsets burstable protection fees automatically — no manual action is required.
When a plan offsets fees
A plan offsets the burstable protection fees for that day when inbound traffic exceeds your basic protection bandwidth but stays within the combined limit:
basic protection bandwidth < inbound traffic ≤ basic protection bandwidth + plan specificationIf multiple DDoS attacks occur in one day and the peak inbound traffic meets the conditions for using the plan, only one mitigation session is consumed for that day.
When a plan does not offset fees
| Condition | Result |
|---|---|
| Inbound traffic ≤ basic protection bandwidth | No burstable fees are generated; the plan is not used |
| Inbound traffic > basic protection bandwidth + plan specification | The plan cannot offset fees; the instance is billed as usual |
| Fees already billed before you obtained the plan | The plan cannot offset retroactively |
Anti-DDoS plans do not increase your mitigation capability. Your actual protection ceiling is determined by your basic protection bandwidth and burstable protection bandwidth — not by the plan. If inbound traffic exceeds the basic protection bandwidth, blackhole filtering may be triggered and affect your services.
Obtain a plan
Plans are granted automatically — no request is needed. You receive a plan when either of the following is true:
You activate Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) for the first time.
You purchase or renew a subscription Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) instance.
Set your burstable protection bandwidth
To get the most out of a plan, set your burstable protection bandwidth to match the plan's protection specification. The maximum configurable value is the sum of your basic protection bandwidth and the plan specification, subject to the overall burstable bandwidth cap.
For a basic protection bandwidth of 30 Gbps:
| Plan specification | Recommended setting | Calculation |
|---|---|---|
| 20 Gbps | 50 Gbps | 30 + 20 = 50 Gbps |
| 300 Gbps | 300 Gbps | 30 + 300 = 330 Gbps, but capped at the 300 Gbps maximum |
For instructions, see Modify the burstable protection bandwidth.

When all mitigation sessions in a plan are used up, set the burstable protection bandwidth equal to the basic protection bandwidth to avoid unexpected burstable protection fees.
View plan details
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the Chinese Mainland region.
In the left-side navigation pane, choose Assets > Anti-DDoS Plans.
On the Anti-DDoS Plans page, review your plan details.

Column Description Specification The plan's protection specification in Gbps. For example, a 100 Gbps plan on an instance with 30 Gbps basic protection bandwidth offsets fees when inbound traffic is between 30 Gbps and 130 Gbps. If traffic exceeds 130 Gbps, the plan cannot offset fees and the instance is billed as usual. Expiration Time The date the plan expires. Status Valid: the plan has available mitigation sessions and can be used. Exhausted: all mitigation sessions are used up. Expired: the plan has passed its expiration date. Available protection The number of mitigation sessions remaining. (Optional) In the Actions column, click View Logs to open the Operation Logs page and review the plan's usage history. For more information, see Operation logs.