This topic describes how to purchase an Anti-DDoS Proxy instance.
Instance types
Anti-DDoS Proxy (Chinese Mainland): Profession and Advanced mitigation plans
Anti-DDoS Proxy (Outside Chinese Mainland): Insurance, Unlimited, Chinese Mainland Acceleration (CMA), CMA 2.0, Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans
To purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Advanced mitigation plan or an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Sec-CMA (Basic) mitigation plan, submit a ticket to contact a pre-sales account manager.
How to select an instance type
You can purchase an Anti-DDoS Proxy instance based on the regions where your servers are deployed and where your users are located. The following list describes the different scenarios:
Region where your servers are deployed | Region where your users are located | Purchase suggestion |
Regions in the Chinese mainland | Regions in the Chinese mainland or outside the Chinese mainland | We recommend that you purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession or Advanced mitigation plan. Important Anti-DDoS Proxy (Chinese Mainland) instances can protect domains only after Internet Content Provider (ICP) filing is complete for the domains. Before you use an Anti-DDoS Proxy (Chinese Mainland) instance to protect your website, you must complete ICP filing for the domain of your website. |
Regions outside the Chinese mainland | Regions outside the Chinese mainland | We recommend that you purchase an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance or Unlimited mitigation plan. |
Regions outside the Chinese mainland | Regions in the Chinese mainland | If you use only an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance or Unlimited mitigation plan, users in the Chinese mainland experience network latency. The average network latency is approximately 300 milliseconds. We recommend that you consider the following solution:
|
Supported clean QPS and connections
The following table describes the mappings between the numbers of connections that are supported by an Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance and the clean queries per second (QPS) of the instance when the burstable QPS feature is disabled for the instance.
Clean QPS
Number of new connections
Number of concurrent connections
0 < QPS ≤ 5,000
5,000
100,000
5,000 < QPS ≤ 10,000
10,000
200,000
10,000 < QPS ≤ 30,000
30,000
500,000
30,000 < QPS ≤ 50,000
50,000
1,000,000
50,000 < QPS ≤ 100,000
80,000
1,500,000
100,000 < QPS ≤ 150,000
100,000
2,000,000
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Chinese Mainland) instance:
If the instance uses an IPv4 address, the burstable QPS for the instance is 300,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
If the instance uses an IPv6 address, the burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Outside Chinese Mainland) instance:
The burstable QPS for the instance is 100,001, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
If your service requires higher specifications for new connections or concurrent connections, submit a ticket to contact your account manager.
Procedure
After you purchase an instance, you cannot request a refund. Evaluate your business requirements before you purchase an instance.
Visit the Anti-DDoS Proxy (Chinese Mainland) buy page or Anti-DDoS Proxy (Outside Chinese Mainland) buy page based on your business requirements.
Configure the following parameters.
The following table describes all parameters of Anti-DDoS Proxy (Chinese Mainland) and Anti-DDoS Proxy (Outside Chinese Mainland) instances. For more information about the parameters of an Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance, see the buy page of each instance type.
Parameter
Description
Product Type
Select Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland).
IP Version
Select the IP protocol that is supported by the instance. Valid values: IPv4 and IPv6.
ImportantFor more information, see Differences between the features of Anti-DDoS Proxy (Chinese Mainland) instances that use IPv4 addresses and Anti-DDoS Proxy (Chinese Mainland) instances that use IPv6 addresses.
If you use an instance to forward access requests from clients that use IPv6 addresses, the supported destination varies based on the methods that are used to add your services to Anti-DDoS Proxy. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.
Mitigation Plan or Plan
Select a mitigation plan.
Basic Bandwidth
Specify the basic protection bandwidth for the instance. The basic protection bandwidth specifies the threshold of attack traffic that the instance can mitigate.
Burstable Bandwidth
Specify the burstable protection bandwidth for the instance. The burstable protection bandwidth specifies the maximum mitigation capacity that is provided by the instance. For more information, see Billing of the burstable protection bandwidth feature.
If you set Burstable Bandwidth and Basic Bandwidth to the same value, the maximum mitigation capacity is equal to the specified basic protection bandwidth. In this case, you are charged only for basic protection.
If you set Burstable Bandwidth to a value greater than the value of Basic Bandwidth and attack traffic is between the specified basic protection bandwidth and the specified burstable protection bandwidth, burstable protection is triggered to defend against the attack. Pay-as-you-go bills are generated for the attack traffic that exceeds the value of Basic Bandwidth.
After you purchase an instance, you can modify the burstable protection bandwidth of the instance in the console based on your business requirements. For more information, see Modify the burstable protection bandwidth of an instance.
Service Bandwidth or Clean Bandwidth
Select the clean bandwidth of normal workloads that you want the instance to protect.
WarningIf the bandwidth resources that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you purchase more bandwidth resources. For more information, see Upgrade an instance.
95th Percentile Burstable Clean Bandwidth
Specify whether to enable the burstable clean bandwidth feature. For more information, see Billing of the burstable clean bandwidth feature. Valid values:
Disable: disables the burstable clean bandwidth feature.
Daily 95th Percentile: enables the burstable clean bandwidth feature and uses the daily 95th percentile metering method.
Monthly 95th Percentile: enables the burstable clean bandwidth feature and uses the monthly 95th percentile metering method.
The maximum clean bandwidth is equal to the sum of the clean bandwidth and the burstable clean bandwidth. The following list describes the maximum clean bandwidth that is supported by each type of instance:
Anti-DDoS Proxy (Chinese Mainland) of the Profession and Advanced mitigation plans: 20 Gbit/s.
Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA 2.0 mitigation plan: 2 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
ImportantBy default, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance. The sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.
For example, you purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan, set the clean bandwidth to 3 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 20 Gbit/s. In this case, the burstable clean bandwidth is 17 Gbit/s.
If you set the Service Bandwidth or Clean Bandwidth parameter to a value that is greater than the supported maximum clean bandwidth and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is automatically disabled.
If you disable the burstable clean bandwidth feature when you purchase an instance, you can still enable the feature in the console. For more information, see Configure the burstable clean bandwidth.
Functional package or Function Plan
Select a function plan for the instance. Valid values: Standard Function and Enhanced Function.
For more information, see Function plans of Anti-DDoS Proxy.
Domains
Specify the number of domains that the instance can protect. The value must be an integer multiple of 10.
The domains that are specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains or wildcard domains cannot exceed the quotient obtained by dividing the value of the Domains parameter by 10.
For an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan, the default value of the Domains parameter is 50. If you use the default value, you can specify only up to five second-level domains. You can also specify subdomains and wildcard domains that correspond to the second-level domains. The total number cannot exceed 50.
If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomains, such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domains, such as *.aliyundoc.com and *.aliyun.com.
Clean QPS or Request Rate
Specify the number of concurrent QPS that the instance can process when no attacks occur. HTTP and HTTPS requests are supported.
For more information about the mappings between the clean QPS and the numbers of connections that are supported, see Supported clean QPS and connections.
WarningIf the clean QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher clean QPS or enable the burstable QPS feature.
95th Percentile Burstable QPS
Specify whether to enable the burstable QPS feature. For more information about the billing of the burstable QPS feature, see Billing of the burstable QPS feature. Valid values:
Disable: disables the burstable QPS feature.
Daily 95th Percentile: enables the burstable QPS feature and uses the daily 95th percentile metering method.
Monthly 95th Percentile: enables the burstable QPS feature and uses the monthly 95th percentile metering method.
For more information about the mappings between the clean QPS and the numbers of connections that are supported, see Supported clean QPS and connections.
ImportantThe following section describes the scenarios in which the burstable QPS feature is not supported:
An Anti-DDoS Proxy (Chinese Mainland) instance uses an IPv4 address and the clean QPS of the instance is greater than 300,000.
An Anti-DDoS Proxy (Chinese Mainland) instance uses an IPv6 address and the clean QPS of the instance is greater than 150,000.
The clean QPS of an Anti-DDoS Proxy (Outside Chinese Mainland) instance is greater than 100,001.
If you disable the burstable QPS feature when you purchase an instance, you can still enable the feature in the console. For more information, see Configure the burstable QPS.
Ports
Specify the number of TCP and UDP ports for which you can configure forwarding rules.
Resource Group
Select the resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.
For more information about resource groups, see Create a resource group.
Quantity
Specify the number of instances that you want to purchase.
Duration or Subscription
Select a subscription duration for the instance.
If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
Monthly subscription: The instance is automatically renewed for one month.
Annual subscription: The instance is automatically renewed for one year.
For more information, see Renew an instance.
Confirm your configurations and click Buy Now. Read and select Terms of Service. Then, click Pay to complete the purchase.