All Products
Search
Document Center

Anti-DDoS:Anti-DDoS Origin 2.0 (Subscription)

Last Updated:Oct 14, 2024

This topic describes the billable items and the relevant rules for overdue payments, expiration, and refunds of Anti-DDoS Origin 2.0 (Subscription).

Instance types and selection instructions

Anti-DDoS Origin 2.0 provides best-effort protection for assets that are assigned public IP addresses. You can select one of the following instance types:

  • Anti-DDoS Origin 2.0 instance of Inclusive Edition for Small and Medium Enterprises: If you have no more than 30 assets that are assigned public IP addresses, the assets reside in the same region, and no more than two DDoS attacks occur on the assets per month, you can select this instance type.

  • Anti-DDoS Origin 2.0 Enterprise instance: If you have more than 30 assets that are assigned public IP addresses, the assets reside in multiple regions, and both IPv4 addresses and IPv6 addresses are used, you can select this instance type.

The instance types support both the Insurance and Unlimited protection modes. The following table describes the differences in the mitigation sessions and supported network protocols of the two instance types.

Item

Inclusive Edition for Small and Medium Enterprises

Anti-DDoS Origin Enterprise

Mitigation capabilities

The mitigation capabilities vary based on regions. For more information, see Mitigation capabilities.

Best-effort protection.

Mitigation sessions

Insurance: two sessions per month.

Note

After the mitigation sessions are exhausted, only the basic mitigation capability is provided. For more information, see View the thresholds that trigger blackhole filtering in Anti-DDoS Basic.

Unlimited: unlimited sessions.

Network protocol

An instance can protect only assets that are assigned IPv4 addresses or IPv6 addresses.

An instance can protect assets that are assigned both IPv4 addresses and IPv6 addresses.

Supported regions

An instance can protect only assets that are assigned public IP addresses and that reside in the same region.

An instance can protect assets that are assigned public IP addresses and that reside in any region in the Chinese mainland.

Important

If your service is deployed outside the Chinese mainland, we recommend that you purchase an elastic IP address (EIP) with Anti-DDoS (Enhanced) enabled or an Anti-DDoS Proxy (Outside Chinese Mainland) instance. If you want to use an Anti-DDoS Origin 2.0 (Subscription) instance, contact us. For more information, see Contact us.

Number of protected assets that are assigned public IP addresses

No more than 30.

Unlimited.

Clean bandwidth

You can specify a bandwidth of up to 1,000 Mbit/s.

Unlimited.

Metering Method of 95th Percentile Burstable Clean Bandwidth

Not supported.

Supported. When enabled, the total of the clean bandwidth and the burstable clean bandwidth is five times the clean bandwidth.

Mitigation logs feature

Not supported.

Supported.

Scenarios in which you can upgrade specifications

The following section describes the scenarios in which you can increase the number of mitigation sessions and supported regions. You can also increase the clean bandwidth and the number of assets that are assigned public IP addresses based on your business requirements.

  • Inclusive Edition for Small and Medium Enterprises (Insurance)

    • If you require more than two mitigation sessions per month, you can upgrade your instance to Inclusive Edition for Small and Medium Enterprises (Unlimited).

    • If you want to protect assets that are assigned public IP addresses and reside in multiple regions, you can upgrade your instance to Anti-DDoS Origin 2.0 Enterprise (Insurance) or Anti-DDoS Origin 2.0 Enterprise (Unlimited).

  • Inclusive Edition for Small and Medium Enterprises (Unlimited)

    If you want to protect assets that are assigned public IP addresses and reside in multiple regions, you can upgrade your instance to Anti-DDoS Origin 2.0 Enterprise (Unlimited).

  • Anti-DDoS Origin 2.0 Enterprise (Insurance)

    If you require more than two mitigation sessions per month, you can upgrade your instance to Anti-DDoS Origin 2.0 Enterprise (Unlimited).

Note

You can select Inclusive Edition for Small and Medium Enterprises (Unlimited) or Anti-DDoS Origin 2.0 Enterprise (Insurance) only during instance upgrade. You cannot select the instance types when you purchase a new instance.

Billable items

Total fee for an instance = Fee for the protection mode + Fee for the clean bandwidth + Fee for protected assets that are assigned public IP addresses

Fee for the protection mode

The basic protection fee of the instance. The fee varies based on the protection mode of the instance.

Protection mode

Unit price (USD per month)

Inclusive Edition for Small and Medium Enterprises (Insurance)

1,950

Anti-DDoS Origin 2.0 Enterprise (Unlimited)

6,000

Fee for the clean bandwidth

You are charged based on the clean bandwidth. The actual fee is calculated based on the tiered prices and varies based on the protection mode of the instance. If the clean bandwidth values that are listed in the following table cannot meet your business requirements, contact us. For more information, see Contact us.

Protection mode

Clean bandwidth

Unit price (USD per month per Mbit/s)

Inclusive Edition for Small and Medium Enterprises (Insurance) and Anti-DDoS Origin 2.0 Enterprise (Insurance)

[0,800]

10

(800,4000]

8

(4000,8000]

6

(8000,12000]

4

Inclusive Edition for Small and Medium Enterprises (Unlimited) and Anti-DDoS Origin 2.0 Enterprise (Unlimited)

[0,800]

5

(800,4000]

4

(4000,8000]

3

(8000,12000]

2

For example, you purchase an Anti-DDoS Origin 2.0 Enterprise (Unlimited) instance and select 1,000 Mbit/s for the clean bandwidth. You can calculate the fee for the clean bandwidth by performing the following steps:

  • The fee for 800 Mbit/s of clean bandwidth is calculated based on the pricing tier [0,800]. The monthly fee is calculated by using the following formula: 5 x 800 = USD 4,000.

  • The fee for the additional 200 Mbit/s of clean bandwidth is calculated based on the pricing tier (800,4000]. The monthly fee is calculated by using the following formula: 4 x 200 = USD 800.

The total monthly fee for the clean bandwidth is calculated by using the following formula: 4,000 + 800 = USD 4,800.

Fee for the protected assets that are assigned public IP addresses

You are charged based on the number of protected assets that are assigned public IP addresses. The actual fee is calculated based on the tiered prices and varies based on the protection mode of the instance. If the numbers of protected assets that are assigned public IP addresses listed in the following table cannot meet your business requirements, contact us. For more information, see Contact us.

Protection mode

Number of protected assets that are assigned public IP addresses

Unit price (USD per month per asset)

Inclusive Edition for Small and Medium Enterprises (Insurance) and Inclusive Edition for Small and Medium Enterprises (Unlimited)

[0,100]

24

Anti-DDoS Origin 2.0 Enterprise (Insurance) and Anti-DDoS Origin 2.0 Enterprise (Unlimited)

[0,30]

0

(30,100]

24

(100,300]

19.2

(300,500]

14.4

(500,700]

12

(700,1000]

9.6

For example, you purchase an Anti-DDoS Origin 2.0 Enterprise (Unlimited) instance and select 200 protected assets. You can calculate the fee for the protected assets by performing the following steps:

  • The fee for the 30 protected assets is calculated based on the pricing tier [0,30]. The monthly fee is USD 0.

  • The fee for the 70 protected assets is calculated based on the pricing tier (30,100]. The monthly fee is calculated by using the following formula: 24 x 70 = USD 1,680.

  • The fee for the additional 100 protected assets is calculated based on the pricing tier (100,300]. The monthly fee is calculated by using the following formula: 19.2 x 100 = USD 1,920.

The total monthly fee for the protected assets is calculated by using the following formula: 1,680 + 1,920 = USD 3,600.

Definition of mitigation sessions

The system records the attack traffic every 5 seconds and a total of 12 records are generated in 1 minute. When the attack traffic exceeds N Gbit/s, the system calculates the period of time during which the attack traffic exceeds N Gbit/s. The period of time is calculated by adding the values of X and Y, as shown in the following figure. When the period of time reaches 15 minutes, one mitigation session of best-effort protection is consumed. The system generates 180 records in 15 minutes.

image.png

The red curve in the preceding figure indicates the inbound bandwidth of an asset that is assigned a public IP address.

  • If the asset resides in the Chinese mainland, N is equal to 20 Gbit/s.

  • If the asset resides outside the Chinese mainland, N is equal to 10 Gbit/s.

For more information about how to view the number of remaining mitigation sessions, see Query the number of remaining mitigation sessions for an instance of Inclusive Edition for Small and Medium Enterprises.

Business scale estimation

You can estimate your business scale by using the following method:

Sample inbound and outbound bandwidth at five-minute intervals. Calculate the average inbound and outbound bandwidth. Use the greater average value as the bandwidth of the sample point. At the end of each month, sort all sample points in descending order, ignore the top 5% of sample points, and then use the first value of the remaining 95% of sample points as the 95th percentile bandwidth.

Bandwidth overuse

Anti-DDoS Origin allows your clean bandwidth to exceed the clean bandwidth of your Anti-DDoS Origin instance for a short period of time. If the period exceeds 36 hours, the Anti-DDoS Origin mitigation becomes invalid and only basic mitigation capabilities are provided. You can view the details of the overuse in the Billing Center. For more information, see Query usage details on the Billing Management page.

There are two ways to restore Anti-DDoS Origin mitigation capabilities:

  1. Wait for automatic restoration in the next billing cycle.

  2. Upgrade the Anti-DDoS Origin instance's bandwidth. Once upgraded, protection will automatically restore, and the overuse time will reset.

Overdue payments

Anti-DDoS Origin 2.0 (Subscription) instances use the subscription billing method. Therefore, no overdue payments occur for Anti-DDoS Origin 2.0 (Subscription) instances. Before you can purchase, upgrade, or renew an instance, make sure that your account balance is sufficient. To prevent your services from being adversely affected by instance expiration, we recommend that you enable auto-renewal for your instance.

Expiration

Days after the expiration date

Impact of expiration

Solution

Within seven days after the instance expires

After the instance expires, the instance is suspended. After you renew the instance, the instance is restored.

Renew an instance

More than seven days after the instance expires

On the eighth day after the instance expires, the instance is released and cannot be restored.

None

Refunds

After you purchase an Anti-DDoS Origin 2.0 (Subscription) instance, you cannot request a refund for the instance.

Bill query

You can query bills in the Expenses and Costs console. For more information, see Overview of Monthly Bill.