This topic describes how to manage Anti-DDoS Proxy instances. For example, you can modify the burstable protection bandwidth, configure the burstable clean bandwidth, and configure the burstable queries per second (QPS) of instances. You can also upgrade and renew instances.
Overview
The following table describes the operations that are supported by Anti-DDoS Proxy (Chinese Mainland) instances and Anti-DDoS Proxy (Outside Chinese Mainland) instances.
Instance type | Supported operation | Description |
Anti-DDoS Proxy (Chinese Mainland) | The burstable protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate. For more information, see Billing of Anti-DDoS Proxy (Chinese Mainland). | |
After you enable the burstable clean bandwidth feature, you can specify a burstable clean bandwidth to increase the upper limit of the total clean bandwidth that is supported by the instance. You are charged for the burstable clean bandwidth that is consumed when your peak service traffic exceeds the clean bandwidth. For more information, see Billing of the burstable clean bandwidth feature. | ||
After you enable the burstable QPS feature, you can specify a burstable clean QPS to increase the upper limit of the total clean QPS that is supported by the instance. You are charged for the burstable QPS that is consumed when your peak service QPS exceeds the clean QPS. For more information, see Billing of the burstable QPS feature. | ||
If the specifications of the instance cannot meet your business requirements, you can upgrade the specifications of the instance in the Anti-DDoS Proxy (Chinese Mainland) console. The specifications include the function plan, clean bandwidth, and the numbers of protected domain names and ports. | ||
If the instance expires, the instance is released. We recommend that you manually renew the instance before the expiration date or enable auto-renewal. | ||
Only Anti-DDoS Proxy (Chinese Mainland) instances of the Advanced mitigation plan support global advanced mitigation sessions. If the number of advanced mitigation sessions that are provided free of charge by an Anti-DDoS Proxy (Chinese Mainland) instance of the Advanced mitigation plan per month cannot meet your business requirements, you can purchase global advanced mitigation sessions. For more information, see Billing of advanced mitigation sessions. | ||
After you create a custom tag, you can add the tag to instances that have the same purpose or attribute. This allows you to classify instances and query multiple instances at a time. | ||
Anti-DDoS Proxy (Outside Chinese Mainland) | After you enable the burstable QPS feature, you can specify a burstable clean QPS to increase the upper limit of the total clean QPS that is supported by the instance. You are charged for the burstable QPS that is consumed when your peak service QPS exceeds the clean QPS. For more information, see Billing of the burstable QPS feature. | |
If the specifications of the instance cannot meet your business requirements, you can upgrade the specifications of the instance in the Anti-DDoS Proxy (Outside Chinese Mainland) console. The specifications include the function plan, clean bandwidth, and the numbers of protected domain names and ports. | ||
If the instance expires, the instance is released. We recommend that you manually renew the instance before the expiration date or enable auto-renewal. | ||
Only Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Insurance, Secure Chinese Mainland Acceleration (Sec-CMA), and Sec-CMA (Basic) mitigation plans support global advanced mitigation sessions. If the number of advanced mitigation sessions that are provided free of charge by instances of the preceding types per month cannot meet your business requirements, you can purchase global advanced mitigation sessions. For more information, see Billing of advanced mitigation sessions. |
Modify the burstable protection bandwidth of an instance
You can specify the basic protection bandwidth and burstable protection bandwidth for an Anti-DDoS Proxy (Chinese Mainland) instance. The burstable protection bandwidth must be greater than or equal to the basic protection bandwidth.
If you do not specify the burstable protection bandwidth, the basic protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate. If you specify the burstable protection bandwidth, the burstable protection bandwidth determines the peak traffic of the DDoS attacks that the instance can mitigate.
To modify the basic protection bandwidth, you must upgrade your instance. To modify the burstable protection bandwidth, you can change the bandwidth value in the Anti-DDoS Proxy (Chinese Mainland) console or upgrade your instance at any time.
Log on to the Anti-DDoS Proxy console.
In the left-side navigation pane, choose
.Find the instance that you want to manage and click the icon to the right of Protection Bandwidth: in the Instance Status column.
In the Modify Burstable Clean Bandwidth dialog box, select a value and click OK.
The maximum burstable protection bandwidth that you can specify varies based on the basic protection bandwidth of the instance. If the maximum burstable protection bandwidth that you specified cannot meet your business requirements, we recommend that you increase the basic protection bandwidth of the instance. For more information, see Upgrade an instance.
Configure the burstable clean bandwidth
If your service traffic occasionally spikes, we recommend that you enable the burstable clean bandwidth feature for your instance. This helps prevent packet loss when the peak service traffic exceeds the clean bandwidth of your instance.
Usage notes
The following list describes the maximum clean bandwidth that is supported by each type of instance:
Anti-DDoS Proxy (Chinese Mainland) of the Profession and Advanced mitigation plans: 20 Gbit/s.
Anti-DDoS Proxy (Outside Chinese Mainland) of the Insurance and Unlimited mitigation plans: 5 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA mitigation plan: 1 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the CMA 2.0 mitigation plan: 2 Gbit/s. Anti-DDoS Proxy (Outside Chinese Mainland) of the Sec-CMA and Sec-CMA (Basic) mitigation plans: 500 Mbit/s.
The burstable clean bandwidth cannot exceed nine times the clean bandwidth of an instance, and the sum of the clean bandwidth and the burstable clean bandwidth cannot exceed the maximum clean bandwidth that is supported by an instance. In the following examples, an Anti-DDoS Proxy (Chinese Mainland) instance of the Profession mitigation plan is used, and the instance supports a maximum clean bandwidth of 20 Gbit/s.
For example, if the clean bandwidth of the instance is 100 Mbit/s, the maximum clean bandwidth can be 900 Mbit/s. In this case, the instance can process service traffic of up to 1 Gbit/s.
For example, the clean bandwidth of the instance is 3 Gbit/s, and the instance supports a maximum clean bandwidth of 20 Gbit/s. In this case, the burstable clean bandwidth can be up to 17 Gbit/s.
If the clean bandwidth of the instance is greater than 20 Gbit/s, you cannot enable the burstable clean bandwidth feature for the instance.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.Find the instance that you want to manage and click the icon to the right of Instance Specification in the Burstable Clean Bandwidth column.
In the Burstable Clean Bandwidth dialog box, configure the parameters and click OK.
Operation
Procedure
Enable the burstable clean bandwidth feature
Turn on Enable Burstable Clean Bandwidth and configure the Metering Method and Burstable Clean Bandwidth parameters.
Modify the burstable clean bandwidth
Change the value of the Metering Method parameter
After the change, the new value of the Metering Method parameter is displayed, and the message "(The metering method is changed and the new metering method takes effect next month.)" is displayed. The new metering method takes effect at 00:00 on the first day of the next month. You can change the metering method up to three times each calendar month. The last metering method that you select takes effect in the next month. You cannot change the metering method on the last day of each calendar month.
Change the value of the Burstable Clean Bandwidth parameter
Disable the burstable clean bandwidth feature
Turn off Enable Burstable Clean Bandwidth. You can disable the burstable clean bandwidth feature only once a month.
ImportantThe burstable clean bandwidth feature is automatically disabled in the following scenarios:
Your instance expires. Expired instances do not provide services.
Your Alibaba Cloud account has an overdue payment. In this case, all services that are charged based on the pay-as-you-go billing method become unavailable.
To continue using the burstable clean bandwidth feature, you must renew your instance, or settle the overdue payment and enable the feature.
Configure the burstable QPS of an instance
If your service QPS occasionally spikes, we recommend that you enable the burstable QPS feature for your instance. This helps prevent packet loss when the peak service QPS exceeds the clean QPS of your instance.
The following table describes the mappings between the numbers of connections that are supported by an Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance and the clean queries per second (QPS) of the instance when the burstable QPS feature is disabled for the instance.
Clean QPS
Number of new connections
Number of concurrent connections
0 < QPS ≤ 5,000
5,000
100,000
5,000 < QPS ≤ 10,000
10,000
200,000
10,000 < QPS ≤ 30,000
30,000
500,000
30,000 < QPS ≤ 50,000
50,000
1,000,000
50,000 < QPS ≤ 100,000
80,000
1,500,000
100,000 < QPS ≤ 150,000
100,000
2,000,000
150,000 < QPS ≤ 200,000
NoteOnly supported by Anti-DDoS Proxy (Chinese Mainland).
150,000
3,000,000
200,000 < QPS ≤ 300,000
NoteOnly supported by Anti-DDoS Proxy (Chinese Mainland).
200,000
4,000,000
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Chinese Mainland) instance:
If the instance uses an IPv4 address, the burstable QPS for the instance is 300,000, the number of new connections 200,000, and the number of concurrent connections 4,000,000.
If the instance uses an IPv6 address, the burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
The following section describes the supported burstable QPS and connections if the burstable QPS feature is enabled for an Anti-DDoS Proxy (Outside Chinese Mainland) instance:
The burstable QPS for the instance is 150,000, the number of new connections 100,000, and the number of concurrent connections 2,000,000.
The following section describes the scenarios in which the burstable QPS feature is not supported:
An Anti-DDoS Proxy (Chinese Mainland) instance uses an IPv4 address and the clean QPS of the instance is greater than 300,000.
An Anti-DDoS Proxy (Chinese Mainland) instance uses an IPv6 address and the clean QPS of the instance is greater than 150,000.
The clean QPS of an Anti-DDoS Proxy (Outside Chinese Mainland) instance is greater than 150,000.
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.Find the instance that you want to manage and click the icon to the right of Instance Specification in the Burstable QPS column.
In the Burstable QPS dialog box, configure the parameters and click OK.
Operation
Procedure
Enable the burstable QPS feature
Turn on Enable Burstable QPS and configure the Metering Method parameter. You cannot change the value of the Burstable QPS Specifications parameter.
Modify the settings of the burstable QPS feature
You can change only the value of the Metering Method parameter.
After the change, the new value of the Metering Method parameter is displayed, and the message "(The metering method is changed and the new metering method takes effect next month.)" is displayed. The new metering method takes effect at 00:00 on the first day of the next month. You cannot change the metering method on the last day of a calendar month.
Disable the burstable QPS feature
Turn off Enable Burstable QPS. You can disable the burstable QPS feature only once in a month.
ImportantThe burstable QPS feature is automatically disabled in the following scenarios:
Your instance expires. Expired instances do not provide services.
Your Alibaba Cloud account has an overdue payment. In this case, all services that are charged based on the pay-as-you-go billing method become unavailable.
To continue using the burstable QPS feature, you must renew your instance or settle the overdue payment and enable the feature.
Upgrade an instance
An instance upgrade indicates an upgrade of the instance specifications. After you upgrade your instance, you must pay the price difference for the remaining validity period of the instance.
After you upgrade your instance, you cannot downgrade the instance.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.Find the instance that you want to upgrade and click Upgrade in the Actions column.
On the Upgrade/Downgrade page, increase the specifications based on your business requirements. Read and select Terms of Service, click Buy Now, and then complete the payment.
Renew an instance
Before your instance is released, you can manually renew the instance to extend the subscription duration. To avoid the adverse effects of instance expiration on your services, you can also enable auto-renewal before your instance expires. This way, Alibaba Cloud automatically renews the instance when the instance is about to expire.
Manually renew the instance
Before your instance is released, you can manually renew the instance and retain the original configurations of the instance. After the instance is released, you cannot manually renew the instance.
We recommend that you manually renew your instance based on the following suggestions:
Anti-DDoS Proxy (Chinese Mainland) instance: Renew your Anti-DDoS Proxy (Chinese Mainland) instance any time before the expiration date or within seven calendar days after the expiration date. This prevents adverse effects on service traffic forwarding.
Anti-DDoS Proxy (Outside Chinese Mainland) instance: Renew your Anti-DDoS Proxy (Outside Chinese Mainland) instance any time before the expiration date or within 30 calendar days after the expiration date. This prevents adverse effects on service traffic forwarding.
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.Find the instance that you want to renew and click Actions in the Renew column.
On the Renew page, configure the Subscription parameter, which specifies the duration of the renewal subscription. Read and select Terms of Service, click Buy Now, and then complete the payment.
Enable auto-renewal
You can enable auto-renewal only within two or more calendar days before the instance expires. If your instance is about to expire on the following day, you must manually renew the instance.
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, choose .
On the Manual tab, find the instance that you want to renew and click Enable Auto Renewal in the Actions column.
In the Enable Auto Renewal dialog box, configure the Unified Auto Renewal Cycle parameter and click Auto Renew.
After you enable auto-renewal for the instance, you can view the auto-renewal settings of the instance on the Auto tab. Alibaba Cloud automatically deducts fees from your account balance to renew your instance nine calendar days before the expiration date. If you no longer require auto-renewal for your instance, you can enable manual renewal for your instance on the Auto tab.
Purchase global advanced mitigation sessions
After you purchase global advanced mitigation sessions, the system uses the global advanced mitigation sessions to defend against DDoS attacks if the provided advanced mitigation sessions are exhausted. This helps prevent service interruptions.
To purchase global advanced mitigation sessions for Anti-DDoS Pro instances of the Advanced mitigation plan, log on to the Anti-DDoS Proxy (Chinese Mainland) console.
To purchase global advanced mitigation sessions for Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Insurance and Sec-CMA mitigation plans, log on to the Anti-DDoS Proxy (Outside Chinese Mainland) console.
The following example describes how to purchase global advanced mitigation sessions for Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Insurance or Sec-CMA mitigation plan.
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.In the upper-right corner of the Instances page, click Purchase.
On the Global Advanced Mitigation page, select Insurance or Sec-MCA for Product, and set Mitigation Quantity to the number of global advanced mitigation sessions that you want to purchase.
Click Buy Now and complete the payment.
After you purchase global advanced mitigation sessions, you can view the numbers of available advanced mitigation sessions for the instances of the Insurance and Sec-CMA mitigation plans above the instance list. You can also click Details to view the purchase time, expiration time, and usage of the global advanced mitigation sessions.
Manage tags of instances
A tag consists of a key and a value. You can use tags to group and search for instances.
Log on to the Anti-DDoS Proxy console.
In the left-side navigation pane, choose
.On the Instances page, perform the following operations based on your business requirements.
Operation
Procedure
Add a tag to an instance
On the Instances page, find the instance that you want to manage and click the icon in the Tag column.
In the Edit Tag dialog box, add a tag to the instance and click OK. You can use one of the following methods to configure this parameter:
To add an existing tag, you can click Select Tag and select a tag key and a tag value from the tag list.
To create a tag, you can click Add Tag, specify Tag Key and Tag Value, and then click OK.
NoteYou can add up to 20 tags to an instance. The key of each tag that is added to an instance must be unique. If you add a tag that has the same key as an existing tag, the value of the new tag overwrites the value of the existing tag.
Search for an instance by tag
On the Instances page, select a tag key and a tag value in the Tag search box.
Remove a tag
You can remove tags only from one instance at a time.
On the Instances page, find the instance that you want to manage and click the icon in the Tag column.
In the Edit Tag dialog box, click the icon next to the tag that you want to remove and click OK.
NoteIf you remove a tag from an instance and the tag is not added to other instances, the tag is deleted.