This topic describes how to purchase an Anti-DDoS Pro instance of the Profession mitigation plan, Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan, Anti-DDoS Premium instance of the Mainland China Acceleration (MCA) mitigation plan, and Anti-DDoS Premium instance of the Secure Mainland China Acceleration (Sec-MCA) mitigation plan.

Select an instance type

You can purchase an Anti-DDoS instance based on the regions where your servers are deployed and where your users are located. The following list describes the different scenarios:
  • If your servers are deployed in the Chinese mainland, you must purchase an Anti-DDoS Pro instance of the Profession mitigation plan.
    Notice
    • You cannot use Anti-DDoS Pro instances to protect the domains for which you do not complete Internet Content Provider (ICP) filing. Before you use an Anti-DDoS Pro instance to protect your website, you must complete ICP filing for the domain of your website.
    • By default, an Anti-DDoS Pro instance uses IPv4 addresses to forward access requests. If you require an instance to forward access requests by using IPv6 addresses, submit a ticket or contact sales personnel.

      If you use an instance to forward access requests from clients that use IPv6 addresses, the destination varies based on the methods that are used to add your services to Anti-DDoS Pro or Anti-DDoS Premium. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.

  • If your servers are deployed outside the Chinese mainland and your services are provided to users who reside outside the Chinese mainland, you must purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan.
  • If your servers are deployed outside the Chinese mainland and you purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan, your users in the Chinese mainland may encounter a high network latency. The average network latency is about 300 milliseconds. We recommend that you use the following solution:
    • If you need only to ensure stable and fast access for users in the Chinese mainland, purchase an Anti-DDoS Premium instance of the Sec-MCA mitigation plan. This solution is not applicable to China Mobile users in the Chinese mainland.
      Note The Sec-MCA mitigation plan can be used to mitigate DDoS attacks and accelerate access. Therefore, you do not need to purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan. For more information, see Configure Anti-DDoS Premium Sec-MCA.
    • If the preceding solution cannot meet your requirements, we recommend that you purchase both an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan and an Anti-DDoS Premium instance of the MCA mitigation plan. An Anti-DDoS Premium instance of the MCA mitigation plan does not provide mitigation capabilities.
      Note You must use Sec-Traffic Manager to configure network acceleration rules for the Anti-DDoS Premium instance. If no DDoS attacks are detected, the Anti-DDoS Premium instance of the MCA mitigation plan accelerates requests that are destined for protected services. If DDoS attacks are detected, the Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan protects the services against DDoS attacks. For more information, see Overview

Supported connections

The following list describes the default number of connections that is supported by an Anti-DDoS Pro or Anti-DDoS Premium instance:
  • New connections: no more than 100,000 connections per instance
  • Concurrent connections: no more than 1,000,000 per instance
Note The new and concurrent connections to an Anti-DDoS Pro instance are evenly distributed to the lines of China Telecom, China Mobile, and China Unicom.

Purchase an Anti-DDoS Pro instance

You can obtain the information about the billing methods for Anti-DDoS Pro instance from Billing methods of Anti-DDoS Pro.

Notice After you purchase an Anti-DDoS Pro instance, you cannot request a refund.

To purchase an Anti-DDoS Pro instance, perform the following steps:

  1. Go to the Anti-DDoS Pro buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Pro (Mainland China).
    Mitigation Plan By default, Professional is selected.
    Basic Bandwidth Specify the basic protection bandwidth for the instance. Valid values: 30Gb, 60Gb, 100Gb, 300Gb, 400Gb, 500Gb, and 600Gb.

    Basic protection is billed on a subscription basis and enabled after you complete the payment. The total instance cost increases based on the basic protection bandwidth that you select.

    Burstable Bandwidth Specify the burstable protection bandwidth for the instance. The burstable protection bandwidth must be greater than or equal to the basic protection bandwidth. You can select a burstable protection bandwidth based on the basic protection bandwidth. Valid values:
    • If you set Basic Bandwidth to 30Gb, you can set this parameter to 30Gb, 40Gb, 50Gb, 60Gb, 70Gb, 80Gb, 100Gb, 150Gb, 200Gb, or 300Gb.
    • If you set Basic Bandwidth to 60Gb, you can set this parameter to 60Gb, 70Gb, 80Gb, 100Gb, 150Gb, 200Gb, 300Gb, 400Gb, 500Gb, or 600Gb.
    • If you set Basic Bandwidth to 100Gb, you can set this parameter to 100Gb, 150Gb, 200 Gb, 300 Gb, 400 Gb, 500 Gb, or 600 Gb.
    • If you set Basic Bandwidth to 300Gb, you can set this parameter to 300Gb, 400Gb, 500Gb, 600Gb, or Unlimited Protection.
    • If you set Basic Bandwidth to 400Gb, you can set this parameter to 400Gb, 500Gb, 600Gb, or Unlimited Protection.
    • If you set Basic Bandwidth to 500Gb, you can set this parameter to 500Gb, 600Gb or Unlimited Protection.
    • If you set Basic Bandwidth to 600Gb, you can set this parameter to 600Gb or Unlimited Protection.
    Burstable protection is billed on a pay-as-you-go basis. The burstable protection bandwidth determines the maximum mitigation capacity provided by the instance.
    • If you set Burstable Bandwidth and Basic Bandwidth to the same value, the maximum mitigation capacity equals the specified basic protection bandwidth. In this case, you are charged only for basic protection.
    • If you set Burstable Bandwidth to a value greater than the value of Basic Bandwidth and attack traffic is between the specified basic protection bandwidth and the specified burstable protection bandwidth, burstable protection is triggered to defend against the attack. If the peak bandwidth of attacks exceeds the value of Basic Bandwidth, a pay-as-you-go bill is generated based on the difference between the basic protection bandwidth and burstable protection bandwidth.

    After you purchase an instance, you can modify the burstable protection bandwidth of the instance in the console based on your business requirements. For more information, see Modify the burstable protection bandwidth of an instance.

    Resource Group Select the resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.

    For more information about resource groups, see Create a resource group.

    Service Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 100 to 5000. Unit: Mbit/s.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Functional package Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 50 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 50. If you use the default value, you can specify only up to five second-level domains. You can also specify subdomains and wildcard domains corresponding to the second-level domains. The total number cannot exceed 50.

    If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomains such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domains *.aliyundoc.com and *.aliyun.com.

    If you want to specify more than 50 domains or enable protection for more than 5 second-level domains, we recommend that you set Domains to an appropriate value based on your business requirements.

    Request Rate Specify the number of concurrent queries per second (QPS) that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values: 3000 to 100000.
    Warning If the QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher QPS.
    Ports Specify the number of TCP and UDP ports for which you can configure forwarding rules. Valid values: 50 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Duration Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan from Billing methods of the Insurance and Unlimited mitigation plans.

Notice After you purchase an Anti-DDoS Premium instance, you cannot request a refund.

To purchase an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan, perform the following steps:

  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Plan Select Insurance or Unlimited based on your requirements. If you select Insurance, the instance that you purchase uses the Insurance mitigation plan. If you select Unlimited, the instance that you purchase uses the Unlimited mitigation plan.

    For information about the differences between the Insurance and Unlimited mitigation plans, see Billing methods of the Insurance and Unlimited mitigation plans.

    Note
    Clean Bandwidth Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 100Mbps, 150Mbps, 200Mbps, 250Mbps, and 300Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Function Plan Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 10 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 10. If you use the default value, you can specify only one second-level domain. You can also specify subdomains and wildcard domains corresponding to the second-level domain. The total number cannot exceed 10.

    If you want to enable protection for aliyundoc.com, you can specify subdomains such as www.aliyundoc.com and abc.aliyundoc.com. You can also specify the wildcard domain *.aliyundoc.com.

    If you want to specify more than 10 domains or enable protection for more than 1 second-level domain, we recommend that you set Domains to an appropriate value based on your business requirements.

    Clean QPS Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values:
    • Insurance mitigation plan: 500 to 100000
    • Unlimited mitigation plan: 1000 to 100000
    Warning If the QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher QPS.
    Ports Specify the number of TCP and UDP ports for which you can configure forwarding rules. Valid values: 5 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the MCA mitigation plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the MCA mitigation plan from Mainland China Acceleration billing methods.

Notice After you purchase an Anti-DDoS Premium instance of the MCA mitigation plan, you cannot request a refund.

To purchase an Anti-DDoS Premium instance of the MCA mitigation plan, perform the following steps:

  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Plan Select MCA.
    Clean Bandwidth. Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 10Mbps, 20Mbps, 30Mbps, 40Mbps, 50Mbps, 60Mbps, 70Mbps, 80Mbps, 90Mbps, and 100Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.

Purchase an Anti-DDoS Premium instance of the Sec-MCA mitigation plan

You can obtain the information about the billing methods for an Anti-DDoS Premium instance of the Sec-MCA mitigation plan from Sec-MCA billing methods.

Notice After you purchase an Anti-DDoS Premium instance of the Sec-MCA mitigation plan, you cannot request a refund.

To purchase an Anti-DDoS Premium instance of the Sec-MCA mitigation plan, perform the following steps:

  1. Go to the Anti-DDoS Premium buy page by using your Alibaba Cloud account.
  2. Configure the parameters based on your business requirements. Buy page
    Parameter Description
    Product Type Select Anti-DDoS Premium.
    Mitigation Plan Select Sec-MCA.
    Clean Bandwidth. Select the clean bandwidth of normal workloads that are to be protected by the instance. Valid values: 10Mbps, 20Mbps, 30Mbps, 40Mbps, 50Mbps, 60Mbps, 70Mbps, 80Mbps, 90Mbps, 100Mbps, 150Mbps, and 200Mbps.
    You can select an appropriate clean bandwidth based on the daily inbound and outbound traffic peaks of your workloads that are to be protected by the instance. Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of the inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of the outbound traffic is higher than that of the inbound traffic.
    Warning If the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources.
    You can estimate the actual bandwidth usage based on the traffic statistics collected in the Elastic Compute Service (ECS) console or by using monitoring tools on your origin server. The traffic refers to the normal traffic of your workloads. For example, you can add your website to Anti-DDoS Pro or Anti-DDoS Premium for protection. If no attacks are launched against your website, Anti-DDoS Pro or Anti-DDoS Premium forwards normal traffic to the origin server. However, if your website is attacked, Anti-DDoS Pro or Anti-DDoS Premium blocks malicious traffic and forwards only normal traffic to the origin server. Therefore, the ECS console displays only statistics about inbound and outbound normal traffic that flows through the origin server. If your workloads are deployed on multiple origin servers, you must sum up the traffic volumes on all origin servers. Normal trafficAssume that you need to connect three websites to an Anti-DDoS Pro instance. The peak of the outbound normal traffic on each website is 50 Mbit/s or lower. The total bandwidth required by the three websites is 150 Mbit/s or lower. In this case, make sure that the clean bandwidth of the purchased instance is higher than 150 Mbit/s.
    Function Plan Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.

    For more information, see Function plan.

    Domains Specify the number of domains that the instance can protect. The value must be an integer multiple of 10. Valid values: 10 to 200.

    The domains specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains must not exceed "Domains/10".

    The default value of the Domains parameter is 10. If you use the default value, you can specify only one second-level domain. You can also specify subdomains and wildcard domains corresponding to the second-level domain. The total number cannot exceed 10.

    If you want to enable protection for aliyundoc.com, you can specify subdomains such as www.aliyundoc.com and abc.aliyundoc.com. You can also specify the wildcard domain *.aliyundoc.com.

    If you want to specify more than 10 domains or enable protection for more than 1 second-level domain, we recommend that you set Domains to an appropriate value based on your business requirements.

    Clean QPS Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported. Valid values:500 to 100000.
    Warning If the QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher QPS.
    Ports Specify the number of TCP and UDP ports for which you can configure forwarding rules. Valid values: 5 to 400.
    Quantity Specify the number of instances that you want to purchase.
    Subscription Select a subscription period for the instance. Valid values: 1 Month, 2 Months, 3 Months, 4 Months, 5 Months, 6 Months, 1 Year, and 2 Years.
    If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
    • Monthly subscription: The instance is automatically renewed for one month.
    • Annual subscription: The instance is automatically renewed for one year.
    For more information, see Enable auto-renewal.
  3. Confirm the configurations and click Buy Now.
  4. Confirm your order and complete the payment.