This topic describes how to purchase an Anti-DDoS Proxy instance.
Instance types
Alibaba Cloud provides the following types of Anti-DDoS Proxy instances. For more information about the instance types, see What is Anti-DDoS Proxy?
Anti-DDoS Proxy (Chinese Mainland): Profession and Advanced mitigation plans
Anti-DDoS Proxy (Outside Chinese Mainland): Insurance, Unlimited, Chinese Mainland Acceleration (CMA), Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans
To purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Advanced mitigation plan or an Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Sec-CMA (Basic) mitigation plan, contact a pre-sales account manager.
An Anti-DDoS Proxy (Outside Chinese Mainland) instance of the CMA mitigation plan supports a maximum of 2,000 domain names for domain name-based forwarding, and up to 200 second-level domain names can be added.
How to select an instance type
You can purchase an Anti-DDoS Proxy instance based on the regions where your servers are deployed and where your users are located.
Region where your servers are deployed | Region where your users are located | Purchase suggestion |
Regions in the Chinese mainland | Regions in the Chinese mainland or outside the Chinese mainland | An Anti-DDoS Proxy (Chinese Mainland) instance of the Profession or Advanced mitigation plan. Important Anti-DDoS Proxy (Chinese Mainland) instances can protect domain names only after Internet Content Provider (ICP) filing is complete for the domain names. Before you purchase an Anti-DDoS Proxy (Chinese Mainland) instance to protect your website, you must complete ICP filing for the domain name of your website. |
Regions outside the Chinese mainland | Regions outside the Chinese mainland | An Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance or Unlimited mitigation plan. |
Regions outside the Chinese mainland | Regions in the Chinese mainland |
|
Regions outside the Chinese mainland | Regions in the Chinese mainland and outside the Chinese mainland |
|
Purchase an Anti-DDoS Proxy instance
After you purchase an instance, you cannot request a refund. Evaluate your business requirements before you purchase an instance.
Visit the Anti-DDoS Proxy (Chinese Mainland) buy page or Anti-DDoS Proxy (Outside Chinese Mainland) buy page.
Configure the following parameters.
Anti-DDoS Proxy (Chinese Mainland) instance of the Profession or Advanced mitigation plan
Parameter
Description
IP Version
The IP protocol that is supported by the instance. Valid values: IPv4 and IPv6.
ImportantIf you use an Anti-DDoS Proxy (Chinese Mainland) instance to forward access requests from clients that use IPv6 addresses, the supported destination varies based on the methods that are used to add your services to the instance. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses. For more information, see Functions and features.
Mitigation Plan
The mitigation plan of the instance. The Profession and Advanced mitigation plans are available. To purchase an instance of the Advanced mitigation plan, contact the pre-sales account manager.
Basic Bandwidth
The basic protection bandwidth for the instance. The basic protection bandwidth specifies the threshold of attack traffic that the instance can mitigate.
Burstable Bandwidth
The burstable protection bandwidth. If the bandwidth of DDoS attacks is greater than the basic protection bandwidth but is less than the burstable protection bandwidth that you specify, burstable protection is triggered to mitigate the DDoS attacks. Pay-as-you-go bills are generated for the usage of burstable protection. For more information, see Billing of the burstable protection bandwidth feature.
If the bandwidth of DDoS attacks does not exceed the basic protection bandwidth, pay-as-you-go bills are not generated.
If the specified burstable protection bandwidth is the same as the specified basic protection bandwidth, pay-as-you-go bills are not generated. In this case, the maximum protection bandwidth is the specified basic protection bandwidth.
Protection Node
If IP Version is set to IPv4, you can set Protection Node to Default or China (Hangzhou). Otherwise, Protection Node is fixed as Default.
Clean Bandwidth
The clean bandwidth of normal workloads that you want the instance to protect.
WarningIf the clean bandwidth that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you increase the clean bandwidth or enable the burstable clean bandwidth feature. For more information, see Upgrade an instance.
Estimate the actual bandwidth usage
Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of outbound traffic is higher than that of inbound traffic. The traffic refers to the service traffic of your workloads. If multiple origin servers are used, the peak bandwidth of inbound or outbound traffic is calculated based on the total traffic of the origin servers.
For example, you want to add three websites to an instance. The peak bandwidth of outbound service traffic on each website is no greater than 50 Mbit/s. The total bandwidth that is required by the three websites is no greater than 150 Mbit/s. In this case, make sure that the clean bandwidth of the instance is greater than 150 Mbit/s.
For more information about how to view the traffic statistics of Elastic Compute Service (ECS) instances, see View the monitoring information of an ECS instance.
95th Percentile Burstable Clean Bandwidth
Specifies whether to enable the burstable clean bandwidth feature. If the feature is enabled and the service traffic of your website is greater than the clean bandwidth but is no greater than the burstable clean bandwidth, the instance can process the service traffic. In this case, pay-as-you-go bills are generated. The metering methods for the feature are Daily 95th Percentile or Monthly 95th Percentile. For more information about billing, see Billing of the burstable clean bandwidth feature.
NoteIf you set the Clean Bandwidth parameter to a value greater than the maximum clean bandwidth that is supported by the instance and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is automatically disabled.
Maximum clean bandwidth supported by each type of instance
Anti-DDoS Proxy (Chinese Mainland) of the Profession and Advanced mitigation plans: 20 Gbit/s.
Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
Description of the burstable clean bandwidth
By default, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance. The sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.
For example, you purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan, set the clean bandwidth to 3 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 20 Gbit/s. In this case, the burstable clean bandwidth is 17 Gbit/s.
Request Rate
The number of concurrent queries per second (QPS) that the instance can process when no attacks occur. HTTP and HTTPS requests are supported.
For more information about the mappings between the clean QPS and the numbers of connections that are supported, see Appendix 1: Supported clean QPS and connections.
WarningIf the clean QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher clean QPS or enable the burstable QPS feature.
95th Percentile Burstable QPS
This parameter is available only if you set Protection Node to Default.
If the service QPS of your website is greater than the clean QPS but is less than the burstable QPS that you specify, the instance can process the service QPS. In this case, pay-as-you-go bills are generated. The metering methods for the feature are Daily 95th Percentile or Monthly 95th Percentile. For more information about billing, see Billing of the burstable QPS feature.
The following list describes the burstable QPS that is supported by each type of instance. For more information about the mappings between the burstable QPS and the numbers of connections that are supported, see Appendix 1: Supported clean QPS and connections.
The burstable QPS of an Anti-DDoS Proxy (Chinese Mainland) instance that uses an IPv4 address is 300,000. The burstable QPS of an Anti-DDoS Proxy (Chinese Mainland) instance that uses an IPv6 address is 150,000.
The burstable QPS of an Anti-DDoS Proxy (Outside Chinese Mainland) instance is 150,000.
If the clean QPS that you specify is greater than the preceding burstable QPS that is supported by the instance, you cannot enable the burstable QPS feature.
Functional package
The function plan of the instance. The Standard and Enhanced function plans are available. For more information, see Differences between the Standard and Enhanced function plans.
Domains
The number of HTTP and HTTPS domains that the instance can protect. The value must be an integer multiple of 10.
The domains that are specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains cannot exceed "Domains/10". For example, if the value of the Domains parameter is 50, the total number of subdomain names and wildcard domain names that you specify for domain name-based forwarding cannot exceed 50. The second-level domain names that correspond to the subdomain names and wildcard domain names cannot exceed 5.
If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomain names, such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domain names, such as *.aliyundoc.com and *.aliyun.com.
Ports
The number of TCP and UDP ports that the instance can protect.
Resource Group
The resource group to which the instance belongs in Resource Management. By default, the resource group is Default Resource Group.
For more information about resource groups, see Create a resource group.
Quantity
The number of instances that you want to purchase.
Duration
The subscription duration of the instance.
If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
Monthly subscription: The instance is automatically renewed for one month.
Annual subscription: The instance is automatically renewed for one year.
For more information, see Renew an instance.
Anti-DDoS Proxy (Outside Chinese Mainland) instance of the Insurance, Unlimited, or Sec-CMA mitigation plan
Parameter
Description
Clean Bandwidth
The clean bandwidth of normal workloads that you want the instance to protect.
WarningIf the clean bandwidth that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you increase the clean bandwidth or enable the burstable clean bandwidth feature. For more information, see Upgrade an instance.
Estimate the actual bandwidth usage
Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of outbound traffic is higher than that of inbound traffic. The traffic refers to the service traffic of your workloads. If multiple origin servers are used, the peak bandwidth of inbound or outbound traffic is calculated based on the total traffic of the origin servers.
For example, you want to add three websites to an instance. The peak bandwidth of outbound service traffic on each website is no greater than 50 Mbit/s. The total bandwidth that is required by the three websites is no greater than 150 Mbit/s. In this case, make sure that the clean bandwidth of the instance is greater than 150 Mbit/s.
For more information about how to view the traffic statistics of Elastic Compute Service (ECS) instances, see View the monitoring information of an ECS instance.
95th Percentile Burstable Clean Bandwidth
Specifies whether to enable the burstable clean bandwidth feature. If the feature is enabled and the service traffic of your website is greater than the clean bandwidth but is no greater than the burstable clean bandwidth, the instance can process the service traffic. In this case, pay-as-you-go bills are generated. The metering methods for the feature are Daily 95th Percentile or Monthly 95th Percentile. For more information about billing, see Billing of the burstable clean bandwidth feature.
NoteIf you set the Clean Bandwidth parameter to a value greater than the maximum clean bandwidth that is supported by the instance and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is automatically disabled.
Maximum clean bandwidth supported by each type of instance
Anti-DDoS Proxy (Chinese Mainland) of the Profession and Advanced mitigation plans: 20 Gbit/s.
Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
Description of the burstable clean bandwidth
By default, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance. The sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.
For example, you purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan, set the clean bandwidth to 3 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 20 Gbit/s. In this case, the burstable clean bandwidth is 17 Gbit/s.
Clean QPS
The number of concurrent queries per second (QPS) that the instance can process when no attacks occur. HTTP and HTTPS requests are supported.
For more information about the mappings between the clean QPS and the numbers of connections that are supported, see Appendix 1: Supported clean QPS and connections.
WarningIf the clean QPS that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you specify a higher clean QPS or enable the burstable QPS feature.
95th Percentile Burstable QPS
If the service QPS of your website is greater than the clean QPS but is less than the burstable QPS that you specify, the instance can process the service QPS. In this case, pay-as-you-go bills are generated. The metering methods for the feature are Daily 95th Percentile or Monthly 95th Percentile. For more information about billing, see Billing of the burstable QPS feature.
The following list describes the burstable QPS that is supported by each type of instance. For more information about the mappings between the burstable QPS and the numbers of connections that are supported, see Appendix 1: Supported clean QPS and connections.
The burstable QPS of an Anti-DDoS Proxy (Chinese Mainland) instance that uses an IPv4 address is 300,000. The burstable QPS of an Anti-DDoS Proxy (Chinese Mainland) instance that uses an IPv6 address is 150,000.
The burstable QPS of an Anti-DDoS Proxy (Outside Chinese Mainland) instance is 150,000.
If the clean QPS that you specify is greater than the preceding burstable QPS that is supported by the instance, you cannot enable the burstable QPS feature.
Function Plan
The function plan of the instance. The Standard and Enhanced function plans are available. For more information, see Differences between the Standard and Enhanced function plans.
Domains
The number of HTTP and HTTPS domains that the instance can protect. The value must be an integer multiple of 10.
The domains that are specified for the instance can be subdomains and wildcard domains. The number of unique second-level domains that correspond to the subdomains and wildcard domains cannot exceed "Domains/10". For example, if the value of the Domains parameter is 50, the total number of subdomain names and wildcard domain names that you specify for domain name-based forwarding cannot exceed 50. The second-level domain names that correspond to the subdomain names and wildcard domain names cannot exceed 5.
If you want to enable protection for aliyundoc.com and aliyun.com, you can specify their subdomain names, such as www.aliyundoc.com and abc.aliyun.com. You can also specify the wildcard domain names, such as *.aliyundoc.com and *.aliyun.com.
Ports
The number of TCP and UDP ports that the instance can protect.
Quantity
The number of instances that you want to purchase.
Subscription
The subscription duration of the instance.
If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
Monthly subscription: The instance is automatically renewed for one month.
Annual subscription: The instance is automatically renewed for one year.
For more information, see Renew an instance.
Anti-DDoS Proxy (Outside Chinese Mainland) instance of the CMA mitigation plan
An Anti-DDoS Proxy (Outside Chinese Mainland) instance of the CMA mitigation plan supports a maximum of 2,000 domain names for domain name-based forwarding, and up to 200 second-level domain names can be added.
Parameter
Description
Clean Bandwidth
The clean bandwidth of normal workloads that you want the instance to protect.
WarningIf the clean bandwidth that you specify cannot meet your business requirements, packet loss may occur and your business may be affected. In this case, we recommend that you increase the clean bandwidth or enable the burstable clean bandwidth feature. For more information, see Upgrade an instance.
Estimate the actual bandwidth usage
Make sure that the clean bandwidth of the instance is greater than the peak bandwidth of inbound or outbound traffic, whichever is higher. In most cases, the peak bandwidth of outbound traffic is higher than that of inbound traffic. The traffic refers to the service traffic of your workloads. If multiple origin servers are used, the peak bandwidth of inbound or outbound traffic is calculated based on the total traffic of the origin servers.
For example, you want to add three websites to an instance. The peak bandwidth of outbound service traffic on each website is no greater than 50 Mbit/s. The total bandwidth that is required by the three websites is no greater than 150 Mbit/s. In this case, make sure that the clean bandwidth of the instance is greater than 150 Mbit/s.
For more information about how to view the traffic statistics of Elastic Compute Service (ECS) instances, see View the monitoring information of an ECS instance.
95th Percentile Burstable Clean Bandwidth
Specifies whether to enable the burstable clean bandwidth feature. If the feature is enabled and the service traffic of your website is greater than the clean bandwidth but is no greater than the burstable clean bandwidth, the instance can process the service traffic. In this case, pay-as-you-go bills are generated. The metering methods for the feature are Daily 95th Percentile or Monthly 95th Percentile. For more information about billing, see Billing of the burstable clean bandwidth feature.
NoteIf you set the Clean Bandwidth parameter to a value greater than the maximum clean bandwidth that is supported by the instance and you set the 95th Percentile Burstable Clean Bandwidth parameter to Daily 95th Percentile or Monthly 95th Percentile, no error messages are displayed. However, the burstable clean bandwidth feature is automatically disabled.
Maximum clean bandwidth supported by each type of instance
Anti-DDoS Proxy (Chinese Mainland) of the Profession and Advanced mitigation plans: 20 Gbit/s.
Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
Description of the burstable clean bandwidth
By default, the burstable clean bandwidth is nine times the clean bandwidth that you select for the instance. The sum of the clean bandwidth and the burstable clean bandwidth does not exceed the maximum clean bandwidth that is supported by the instance.
For example, you purchase an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan, set the clean bandwidth to 3 Gbit/s, enable the burstable clean bandwidth feature, and use the daily 95th percentile metering method. The maximum clean bandwidth that is supported by the instance is 20 Gbit/s. In this case, the burstable clean bandwidth is 17 Gbit/s.
Quantity
The number of instances that you want to purchase.
Subscription
The subscription duration of the instance.
If you select Auto-renewal, the instance is automatically renewed before the instance expires. The following list describes the auto-renewal period:
Monthly subscription: The instance is automatically renewed for one month.
Annual subscription: The instance is automatically renewed for one year.
For more information, see Renew an instance.
Confirm your configurations and click Buy Now. Read and select Terms of Service. Then, click Pay to complete the purchase.
Appendix 1: Supported clean QPS and connections
The following table describes the mappings between the numbers of connections that are supported by an Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance and the clean QPS of the instance when the burstable QPS feature is disabled for the instance.
Clean QPS
Number of new connections
Number of concurrent connections
0 < QPS ≤ 5,000
5,000
100,000
5,000 < QPS ≤ 10,000
10,000
200,000
10,000 < QPS ≤ 30,000
30,000
500,000
30,000 < QPS ≤ 50,000
50,000
1,000,000
50,000 < QPS ≤ 100,000
80,000
1,500,000
100,000 < QPS ≤ 150,000
100,000
2,000,000
150,000 < QPS ≤ 200,000
NoteOnly supported by Anti-DDoS Proxy (Chinese Mainland).
150,000
3,000,000
200,000 < QPS ≤ 300,000
NoteOnly supported by Anti-DDoS Proxy (Chinese Mainland).
200,000
4,000,000
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Chinese Mainland) instance:
If the instance uses an IPv4 address, the burstable QPS for the instance is 300,000, the number of new connections 200,000, and the number of concurrent connections 4,000,000.
If the instance uses an IPv6 address, the burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Outside Chinese Mainland) instance:
The burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
If your service requires higher specifications for new connections or concurrent connections, contact the account manager.