Anti-DDoS plans are a value-added feature that is provided by Anti-DDoS Pro. The plans can be used to offset the bandwidth fees that are charged for protecting your workloads against volumetric DDoS attacks after the basic protection bandwidth is exhausted.

Apply for Anti-DDoS plans

Anti-DDoS plans are a free value-added feature. If you meet one of the following requirements, you can contact your sales manager or customer service in the DingTalk service group to apply for this feature. You can click Meet Expert in the lower-left corner of the Anti-DDoS Pro console. Then, scan the quick response (QR) code to join the DingTalk service group.
  • This is the first time you purchase an Anti-DDoS Pro instance.
  • You have been using Anti-DDoS Pro for more than three months.
  • You have purchased an Anti-DDoS Pro instance on an annual subscription basis.
Note Only Anti-DDoS Pro supports Anti-DDoS plans. If you use Anti-DDoS Premium, Anti-DDoS plans cannot be used.

What are Anti-DDoS plans?

In most cases, if the peak throughput of DDoS attacks exceeds the basic protection bandwidth, you can use one of the following protection approaches:
  • If you use burstable protection, you can adjust the bandwidth based on the peak throughput. Fees are charged based on the difference between the basic protection bandwidth and the bandwidth used to protect your workloads against DDoS attacks. For more information, see Anti-DDoS Pro billing methods. If you adopt this protection approach, additional fees are charged.
  • If you do not use burstable protection, the bandwidth of burstable protection equals the basic protection bandwidth. In this case, if the attack throughput exceeds the basic protection bandwidth, blackhole filtering is triggered. After the attacks stop, you must deactivate blackhole filtering to recover your workloads. This protection approach has negative impacts on your workloads. However, no additional fees are charged.

If you use burstable protection and the peak attack throughput on a day is smaller than or equal to the basic protection bandwidth plus the protection bandwidth of a plan, the plan can be used to offset burstable protection fees of the day. If the peak attack throughput on a day is larger than the basic protection bandwidth plus the protection bandwidth of a plan, the plan cannot be used to offset the burstable protection fees of the day.

In this case, fees are charged based on the actual usage. For more information, see Anti-DDoS Pro billing methods.

The specification of an Anti-DDoS plan consists of Size, Expire Time, and Available Protections. In this example, you have an Anti-DDoS plan that provides one mitigation session and can be used to offset the fee that is charged for up to 100 Gbit/s of protection bandwidth.|Anti-DDoS plan_cn
  • Size: If the basic protection bandwidth is exhausted, the plan can be used to offset the fee that is charged for up to 100 Gbit/s of protection bandwidth. If your basic protection bandwidth is 30 Gbit/s and the peak attack throughput on a day is smaller than or equal to the basic protection bandwidth (30 Gbit/s) plus the protection bandwidth of the plan (100 Gbit/s), which is 130 Gbit/s, the plan can be used to offset the burstable protection fee of the day. If the peak attack throughput on a day is larger than 130 Gbit/s, the plan cannot be used to offset the burstable protection fee. In this case, the fee is charged based on the actual usage. For more information, see Anti-DDoS Pro billing methods.
  • Expire Time: The time when the plan expires.
  • Available Protections: The plan can be used one time. If multiple attacks occur on a day and the maximum attack throughput meets the conditions of applying the plan, one mitigation session of the plan is consumed to offset the burstable protection fee of the day. No matter how many attacks occur within one day, only one mitigation session is consumed.
  • Actions: You can click View Log in the Actions column to view the records of operations of the plan.
If you use Anti-DDoS plans, take note of the following items:
  • Anti-DDoS plans do not improve protection capacity. If DDoS attacks occur on a day and the conditions of applying a plan are met, the plan can be used to offset only the burstable protection fees of your Anti-DDoS Pro instance of the day. The number of times for which a plan can be used is determined by the available mitigation sessions of the plan. The protection capacity is based on the basic protection bandwidth and burstable protection bandwidth.

    We recommend that you adjust the burstable protection bandwidth to use a plan in a more efficient manner. You can change the maximum bandwidth of burstable protection to the total amount of the basic protection bandwidth plus the protection bandwidth of the plan. The actual bandwidth must be within the supported bandwidth range.

    Assume that the basic protection bandwidth is 30 Gbit/s.
    • If the protection bandwidth of your plan is 20 Gbit/s, you can set the burstable protection bandwidth to 50 Gbit/s, which is calculated based on the following formula: Basic protection bandwidth (30 Gbit/s) + Protection bandwidth of your plan (20 Gbit/s).
    • If the protection bandwidth of your plan is 300 Gbit/s, the basic protection bandwidth (30 Gbit/s) plus the protection bandwidth of your plan (300 Gbit/s) is 330 Gbit/s, which is larger than the maximum burstable protection bandwidth (300 Gbit/s) that you can set. In this case, you can set the burstable protection bandwidth to 300 Gbit/s.
    The actual burstable protection bandwidth
  • If you consume all the mitigation sessions of the plan, we recommend that you set the burstable protection bandwidth to the basic protection bandwidth at the first opportunity to avoid unexpected burstable protection fees. If the attack throughput exceeds the basic protection bandwidth, blackhole filtering is triggered, and your workloads are adversely affected.
  • A plan can be used to offset fees that are charged for burstable protection bandwidth only on or after the day you obtain the plan. However, if the bills for burstable protection bandwidth are generated, the plan cannot be used.

Use Anti-DDoS plans

After you obtain an Anti-DDoS plan, the plan is automatically applied if DDoS attacks occur and the conditions of applying the plan are met. You can check the details of the plan and usage records in the Anti-DDoS Pro console. A plan is effective only within its validity period and if the plan still has remaining mitigation sessions.

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. In the left-side navigation pane, choose Assets > Global Advanced Mitigation.
  4. On the Global Advanced Mitigation page, view details of all plans.
    Valid values of the status of a plan: Valid, Exhausted, and Expired.
    • Valid: indicates that the plan can be used.
    • Exhausted: indicates that the mitigation sessions of the plan are used up.
    • Expired: indicates that the plan expires.
    Anti-DDoS plan
  5. Click View Log in the Actions column of a plan to view the records of operations.