how to purchase an anti-ddos pro or anti-ddos premium instance - Anti-DDoS

This topic describes how to purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Instance editions

Anti-DDoS Pro and Anti-DDoS Premium provide the following instance editions. For more information about each edition, see What are Anti-DDoS Pro and Anti-DDoS Premium?.

Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland): Professional Edition.
Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan, Unlimited mitigation plan, MCA, Sec-MCA 2.0 (Insurance), and Sec-MCA 2.0 (Unlimited).

Note

Before you purchase the Premium Edition of Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland), Sec-MCA 1.0, or Sec-MCA 1.0 (Basic Edition) of Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland), contact your business manager.
The total number of domain names that can be forwarded by each MCA instance cannot exceed 2,000. The number of root domain names cannot exceed 200.

How to select an instance edition

You can select an Anti-DDoS Pro or Anti-DDoS Premium instance to purchase based on the deployment region of your origin server and the regions where most of your users are located.

Origin server deployment region	User region	Suggestion
The Chinese mainland	The Chinese mainland or outside the Chinese mainland	An Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) instance of the Professional or Premium Edition. Important Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) instances support only domain names that have obtained an ICP filing. Before you purchase an instance, make sure that your website domain name has obtained an ICP filing.
Outside the Chinese mainland	Outside the Chinese mainland	An Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan.
Outside the Chinese mainland	The Chinese mainland	Solution 1 If your services are sensitive to network latency, such as game servers, migrate your servers to the Chinese mainland and purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) instance. Solution 2 If you cannot migrate your origin servers to the Chinese mainland, purchase an Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan. Also, purchase an MCA instance. When no DDoS attacks occur, use the MCA instance to ensure smooth access for users in the Chinese mainland. When a DDoS attack occurs, switch to the Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan for protection. For more information, see Configure an MCA instance for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland). Solution 3 If you cannot migrate your origin servers to the Chinese mainland, purchase an Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan. Also, purchase a Sec-MCA instance for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland). This provides both cross-border acceleration and DDoS mitigation capabilities. You do not need to switch to the IP address of the Anti-DDoS Proxy instance during an attack. This reduces latency and packet loss during the switchover. For more information, see Configure secure acceleration for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland).
Outside the Chinese mainland	The Chinese mainland and outside the Chinese mainland	Solution 1 Deploy your origin servers in different regions. Use servers deployed in the Chinese mainland to serve users in the Chinese mainland. Use servers deployed outside the Chinese mainland to serve users outside the Chinese mainland. Purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) instance to protect services in the Chinese mainland. Also, purchase an Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan to protect services outside the Chinese mainland. Solution 2 If you cannot migrate your origin servers to the Chinese mainland, purchase an Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan. Also, purchase an MCA instance. When no DDoS attacks occur, use the MCA instance to ensure smooth access for users in the Chinese mainland. When a DDoS attack occurs, switch to the Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan for protection. For more information, see Configure an MCA instance for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland). Solution 3 If you cannot migrate your origin servers to the Chinese mainland, purchase an Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) instance that uses the Insurance mitigation plan or Unlimited mitigation plan. Also, purchase a Sec-MCA instance for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland). This provides both cross-border acceleration and DDoS mitigation capabilities. You do not need to switch to the IP address of the Anti-DDoS Proxy instance during an attack. This reduces latency and packet loss during the switchover. For more information, see Configure secure acceleration for Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland).

Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance

Important

After you purchase an instance, you cannot request a refund. Before you make a purchase, carefully evaluate your business requirements.

Go to the Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) buy page or the Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland) buy page.

Set the parameters.

The Chinese mainland - Professional and Premium editions

Configuration item	Description
Address Type	The IP protocol that the Anti-DDoS Pro or Anti-DDoS Premium instance supports. Options: IPv4 and IPv6. Important An Anti-DDoS Proxy instance that uses an IPv6 address can forward requests from IPv6 clients. The following limits apply to the services that you add: For Website Config, only IPv4 origin servers are supported. For Port Config, IPv4 or IPv6 origin servers are supported. For more information about the differences, see Function Introduction.
Plan Type	The Professional and Premium editions are available. To purchase the Premium Edition, contact your business manager.
Basic Protection Bandwidth	The DDoS attack traffic threshold that can be mitigated.
Burstable Protection Bandwidth	If you configure this parameter, the Anti-DDoS Pro or Anti-DDoS Premium instance can mitigate DDoS attacks that exceed the basic protection bandwidth but not the burstable protection bandwidth. This will incur pay-as-you-go fees. For more information about the fees, see Billing of burstable protection bandwidth. If the volume of a DDoS attack does not exceed the Basic Protection Bandwidth, no pay-as-you-go fees are generated. If you set Burstable Protection Bandwidth to the same value as Basic Protection Bandwidth, no pay-as-you-go fees are generated. However, the maximum protection bandwidth is the Basic Protection Bandwidth.
Protection Node	You can select a protection node only when Address Type is set to IPv4. The options are Default, North China, China (Beijing), and China (Hangzhou). For information about how to select a protection node, see Appendix 2: Guidance on selecting a protection node.
Clean Bandwidth	The basic clean bandwidth for normal service traffic. Warning If the clean bandwidth is insufficient, packet loss may occur or your services may be affected. Upgrade the clean bandwidth or enable burstable clean bandwidth for your instance right away. For more information, see Upgrade an instance. Estimate the actual service traffic The clean bandwidth must be greater than the inbound or outbound traffic peak of all your services, whichever is greater. Typically, outbound traffic is heavier. The traffic here refers to normal service traffic. If you deploy multiple origin servers, you must calculate the total traffic of all origin servers. For example, you want to protect three websites. The peak outbound traffic of each website does not exceed 50 Mbps. The total traffic does not exceed 150 Mbps. In this case, the maximum clean bandwidth of the instance must be greater than 150 Mbps. For information about how to view the traffic statistics of an Elastic Computing Service (ECS) instance, see View monitoring information of an instance.
95th Percentile Burstable Clean Bandwidth	If you enable this feature, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service traffic that exceeds the basic clean bandwidth but not the burstable clean bandwidth. This will incur pay-as-you-go fees. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable clean bandwidth. Note If the basic clean bandwidth exceeds the bandwidth threshold of the instance, no error is reported when you select daily 95th percentile metering method or monthly 95th percentile metering method. However, the feature is disabled by default. Bandwidth thresholds for different instance editions Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland): Professional Edition (20 Gbps), Premium Edition (20 Gbps) Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan (5 Gbps), Unlimited mitigation plan (5 Gbps), MCA (1 Gbps), Sec-MCA (500 Mbps) Bandwidth increase After you enable burstable clean bandwidth, the bandwidth increase is 9 times the basic clean bandwidth by default. The sum of the basic clean bandwidth and the bandwidth increase cannot exceed the bandwidth threshold. For example, you purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) Professional Edition instance. You set the basic clean bandwidth to 3 Gbps and enable burstable clean bandwidth that uses the daily 95th percentile metering method. Because the bandwidth threshold is 20 Gbps, the bandwidth increase is 17 Gbps.
Clean QPS	The maximum rate of concurrent requests that an Anti-DDoS Pro or Anti-DDoS Premium instance can process when no attacks occur. This includes HTTP and HTTPS requests. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections. Warning If the clean QPS is insufficient, packet loss may occur or your services may be affected. Upgrade the clean QPS specification or enable burstable QPS for your instance right away.
95th percentile burstable QPS	This parameter is available only when you set Protection Node to Default. After you enable burstable QPS, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service QPS that exceeds the clean QPS but not the burstable QPS. This will incur pay-as-you-go fees. After enabled, the burstable QPS can be up to three times the clean QPS, but cannot exceed the following limits. If your clean QPS already exceeds these limits, burstable QPS cannot be enabled: Anti-DDoS Proxy (Chinese Mainland): Burstable QPS for instances using IPv4 addresses is capped at 300,000, burstable QPS for instances using IPv6 addresses is capped at 100,000. Anti-DDoS Proxy (Outside Chinese Mainland): Burstable QPS is capped at 150,000. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable QPS. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections.
Function plan	The instance provides the Standard Function Plan and Enhanced Function Plan. For more information about the differences between the plans, see Differences between the Standard and Enhanced function plans.
Protected Domain Names	Number of protected domain names is the number of HTTP or HTTPS domain names that you can add. The maximum value is 2,000. The number of root domain names (sites) to which all domain names in the domain forwarding configuration belong cannot exceed (Protected Domain Names/10). What is a root domain name (site)? When you purchase a domain name, the full domain name that you register is defined as a "root domain name". For example: aliyun.com is a root domain name. Subdomains, such as www.aliyun.com and abc.aliyun.com, and wildcard domain names, such as .aliyun.com, are not root domain names. However, they belong to the same root domain name (site) aliyun.com. The total number of all domain names in the domain forwarding configuration, including root domain names, subdomains, and wildcard domain names, cannot exceed the Protected Domain Names. Note* For example, you set Protected Domain Names to 50 and configure three domain names: www.abc.com, .abc.com, and www.xyz.com. The number of root domain names (sites) is 2 (abc.com and xyz.com). This meets the limit of ≤ 5 (50/10). The total number of domain names is 3. This meets the limit of ≤ 50*.
Number of ports	The number of TCP and UDP ports that can be protected.
Resource group	Select the resource group to which the instance belongs in the Resource Management service. The Default Resource Group is selected by default. For more information about resource groups, see Create a resource group.
Quantity	Select the number of instances that you want to purchase.
Subscription duration	Select the validity period of the instances that you want to purchase. If you select Auto-renewal, the instance is automatically renewed before it expires. The auto-renewal cycle follows these rules: If you purchase the instance on a monthly basis, the auto-renewal cycle is one month. If you purchase the instance on a yearly basis, the auto-renewal cycle is one year. For more information about auto-renewal, see Renew an instance.

Outside the Chinese mainland - Insurance and Unlimited mitigation plans

Configuration item	Description
IP Registration Location	Select an IP registration location as needed. The following registration locations are supported: Warning The Indonesia protection node is available only when the IP registration location is Indonesia. Other registration locations are not supported. The Malaysia node is available only when the IP registration location is Malaysia. Other registration locations are not supported. Singapore Hong Kong (China) Japan US West US East UK Germany Malaysia Indonesia
Clean bandwidth	The basic clean bandwidth for normal service traffic. Warning If the clean bandwidth is insufficient, packet loss may occur or your services may be affected. Upgrade the clean bandwidth or enable burstable clean bandwidth for your instance right away. For more information, see Upgrade an instance. Estimate the actual service traffic The clean bandwidth must be greater than the inbound or outbound traffic peak of all your services, whichever is greater. Typically, outbound traffic is heavier. The traffic here refers to normal service traffic. If you deploy multiple origin servers, you must calculate the total traffic of all origin servers. For example, you want to protect three websites. The peak outbound traffic of each website does not exceed 50 Mbps. The total traffic does not exceed 150 Mbps. In this case, the maximum clean bandwidth of the instance must be greater than 150 Mbps. For information about how to view the traffic statistics of an Elastic Computing Service (ECS) instance, see View monitoring information of an instance.
95th Percentile Burstable Clean Bandwidth	If you enable this feature, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service traffic that exceeds the basic clean bandwidth but not the burstable clean bandwidth. This will incur pay-as-you-go fees. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable clean bandwidth. Note If the basic clean bandwidth exceeds the bandwidth threshold of the instance, no error is reported when you select daily 95th percentile metering method or monthly 95th percentile metering method. However, the feature is disabled by default. Bandwidth thresholds for different instance editions Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland): Professional Edition (20 Gbps), Premium Edition (20 Gbps) Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan (5 Gbps), Unlimited mitigation plan (5 Gbps), MCA (1 Gbps), Sec-MCA (500 Mbps) Bandwidth increase After you enable burstable clean bandwidth, the bandwidth increase is 9 times the basic clean bandwidth by default. The sum of the basic clean bandwidth and the bandwidth increase cannot exceed the bandwidth threshold. For example, you purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) Professional Edition instance. You set the basic clean bandwidth to 3 Gbps and enable burstable clean bandwidth that uses the daily 95th percentile metering method. Because the bandwidth threshold is 20 Gbps, the bandwidth increase is 17 Gbps.
Clean QPS	The maximum rate of concurrent requests that an Anti-DDoS Pro or Anti-DDoS Premium instance can process when no attacks occur. This includes HTTP and HTTPS requests. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections. Warning If the clean QPS is insufficient, packet loss may occur or your services may be affected. Upgrade the clean QPS specification or enable burstable QPS for your instance right away.
95th percentile burstable QPS	After you enable burstable QPS, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service QPS that exceeds the clean QPS but not the burstable QPS. This will incur pay-as-you-go fees. After enabled, the burstable QPS can be up to three times the clean QPS, but cannot exceed the following limits. If your clean QPS already exceeds these limits, burstable QPS cannot be enabled: Anti-DDoS Proxy (Chinese Mainland): Burstable QPS for instances using IPv4 addresses is capped at 300,000, burstable QPS for instances using IPv6 addresses is capped at 100,000. Anti-DDoS Proxy (Outside Chinese Mainland): Burstable QPS is capped at 150,000. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable QPS. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections.
Function plan	The instance provides the Standard Function Plan and Enhanced Function Plan. For more information about the differences between the plans, see Differences between the Standard and Enhanced function plans.
Number of protected domain names	Number of protected domain names is the number of HTTP or HTTPS domain names that you can add. The maximum value is 2,000. The number of root domain names (sites) to which all domain names in the domain forwarding configuration belong cannot exceed (Protected Domain Names/10). What is a root domain name (site)? When you purchase a domain name, the full domain name that you register is defined as a "root domain name". For example: aliyun.com is a root domain name. Subdomains, such as www.aliyun.com and abc.aliyun.com, and wildcard domain names, such as .aliyun.com, are not root domain names. However, they belong to the same root domain name (site) aliyun.com. The total number of all domain names in the domain forwarding configuration, including root domain names, subdomains, and wildcard domain names, cannot exceed the Protected Domain Names. Note* For example, you set Protected Domain Names to 50 and configure three domain names: www.abc.com, .abc.com, and www.xyz.com. The number of root domain names (sites) is 2 (abc.com and xyz.com). This meets the limit of ≤ 5 (50/10). The total number of domain names is 3. This meets the limit of ≤ 50*.
Number of protected ports	The number of TCP and UDP ports that can be protected.
Resource group	Select the resource group to which the instance belongs in the Resource Management service. The Default Resource Group is selected by default. For more information about resource groups, see Create a resource group.
Quantity	Select the number of instances that you want to purchase.
Subscription duration	Select the validity period of the instances that you want to purchase. If you select Auto-renewal, the instance is automatically renewed before it expires. The auto-renewal cycle follows these rules: If you purchase the instance on a monthly basis, the auto-renewal cycle is one month. If you purchase the instance on a yearly basis, the auto-renewal cycle is one year. For more information about auto-renewal, see Renew an instance.

Outside the Chinese mainland - MCA

The total number of domain names that can be forwarded by each MCA instance cannot exceed 2,000. The number of root domain names cannot exceed 200.

Configuration item	Description
Clean bandwidth	The basic clean bandwidth for normal service traffic. Warning If the clean bandwidth is insufficient, packet loss may occur or your services may be affected. Upgrade the clean bandwidth or enable burstable clean bandwidth for your instance right away. For more information, see Upgrade an instance. Estimate the actual service traffic The clean bandwidth must be greater than the inbound or outbound traffic peak of all your services, whichever is greater. Typically, outbound traffic is heavier. The traffic here refers to normal service traffic. If you deploy multiple origin servers, you must calculate the total traffic of all origin servers. For example, you want to protect three websites. The peak outbound traffic of each website does not exceed 50 Mbps. The total traffic does not exceed 150 Mbps. In this case, the maximum clean bandwidth of the instance must be greater than 150 Mbps. For information about how to view the traffic statistics of an Elastic Computing Service (ECS) instance, see View monitoring information of an instance.
95th Percentile Burstable Clean Bandwidth	If you enable this feature, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service traffic that exceeds the basic clean bandwidth but not the burstable clean bandwidth. This will incur pay-as-you-go fees. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable clean bandwidth. Note If the basic clean bandwidth exceeds the bandwidth threshold of the instance, no error is reported when you select daily 95th percentile metering method or monthly 95th percentile metering method. However, the feature is disabled by default. Bandwidth thresholds for different instance editions Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland): Professional Edition (20 Gbps), Premium Edition (20 Gbps) Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan (5 Gbps), Unlimited mitigation plan (5 Gbps), MCA (1 Gbps), Sec-MCA (500 Mbps) Bandwidth increase After you enable burstable clean bandwidth, the bandwidth increase is 9 times the basic clean bandwidth by default. The sum of the basic clean bandwidth and the bandwidth increase cannot exceed the bandwidth threshold. For example, you purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) Professional Edition instance. You set the basic clean bandwidth to 3 Gbps and enable burstable clean bandwidth that uses the daily 95th percentile metering method. Because the bandwidth threshold is 20 Gbps, the bandwidth increase is 17 Gbps.
Resource group	Select the resource group to which the instance belongs in the Resource Management service. The Default Resource Group is selected by default. For more information about resource groups, see Create a resource group.
Quantity	Select the number of instances that you want to purchase.
Subscription duration	Select the validity period of the instances that you want to purchase. If you select Auto-renewal, the instance is automatically renewed before it expires. The auto-renewal cycle follows these rules: If you purchase the instance on a monthly basis, the auto-renewal cycle is one month. If you purchase the instance on a yearly basis, the auto-renewal cycle is one year. For more information about auto-renewal, see Renew an instance.

Outside the Chinese mainland - Sec-MCA

Configuration item	Description
IP Registration Location	Select an IP registration location as needed. The following registration locations are supported: Singapore Japan
Clean bandwidth	The basic clean bandwidth for normal service traffic. Warning If the clean bandwidth is insufficient, packet loss may occur or your services may be affected. Upgrade the clean bandwidth or enable burstable clean bandwidth for your instance right away. For more information, see Upgrade an instance. Estimate the actual service traffic The clean bandwidth must be greater than the inbound or outbound traffic peak of all your services, whichever is greater. Typically, outbound traffic is heavier. The traffic here refers to normal service traffic. If you deploy multiple origin servers, you must calculate the total traffic of all origin servers. For example, you want to protect three websites. The peak outbound traffic of each website does not exceed 50 Mbps. The total traffic does not exceed 150 Mbps. In this case, the maximum clean bandwidth of the instance must be greater than 150 Mbps. For information about how to view the traffic statistics of an Elastic Computing Service (ECS) instance, see View monitoring information of an instance.
95th Percentile Burstable Clean Bandwidth	If you enable this feature, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service traffic that exceeds the basic clean bandwidth but not the burstable clean bandwidth. This will incur pay-as-you-go fees. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable clean bandwidth. Note If the basic clean bandwidth exceeds the bandwidth threshold of the instance, no error is reported when you select daily 95th percentile metering method or monthly 95th percentile metering method. However, the feature is disabled by default. Bandwidth thresholds for different instance editions Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland): Professional Edition (20 Gbps), Premium Edition (20 Gbps) Anti-DDoS Pro or Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan (5 Gbps), Unlimited mitigation plan (5 Gbps), MCA (1 Gbps), Sec-MCA (500 Mbps) Bandwidth increase After you enable burstable clean bandwidth, the bandwidth increase is 9 times the basic clean bandwidth by default. The sum of the basic clean bandwidth and the bandwidth increase cannot exceed the bandwidth threshold. For example, you purchase an Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland) Professional Edition instance. You set the basic clean bandwidth to 3 Gbps and enable burstable clean bandwidth that uses the daily 95th percentile metering method. Because the bandwidth threshold is 20 Gbps, the bandwidth increase is 17 Gbps.
Clean QPS	The maximum rate of concurrent requests that an Anti-DDoS Pro or Anti-DDoS Premium instance can process when no attacks occur. This includes HTTP and HTTPS requests. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections. Warning If the clean QPS is insufficient, packet loss may occur or your services may be affected. Upgrade the clean QPS specification or enable burstable QPS for your instance right away.
95th percentile burstable QPS	After you enable burstable QPS, the Anti-DDoS Pro or Anti-DDoS Premium instance can process service QPS that exceeds the clean QPS but not the burstable QPS. This will incur pay-as-you-go fees. After enabled, the burstable QPS can be up to three times the clean QPS, but cannot exceed the following limits. If your clean QPS already exceeds these limits, burstable QPS cannot be enabled: Anti-DDoS Proxy (Chinese Mainland): Burstable QPS for instances using IPv4 addresses is capped at 300,000, burstable QPS for instances using IPv6 addresses is capped at 100,000. Anti-DDoS Proxy (Outside Chinese Mainland): Burstable QPS is capped at 150,000. The metering methods are Daily 95th Percentile Metering Method and Monthly 95th Percentile Metering Method. For more information about the fees, see Billing of burstable QPS. For more information about the mappings between QPS and the number of connections, see Appendix 1: Mappings between QPS specifications and the number of connections.
Function plan	The instance provides the Standard Function Plan and Enhanced Function Plan. For more information about the differences between the plans, see Differences between the Standard and Enhanced function plans.
Number of protected domain names	Number of protected domain names is the number of HTTP or HTTPS domain names that you can add. The maximum value is 2,000. The number of root domain names (sites) to which all domain names in the domain forwarding configuration belong cannot exceed (Protected Domain Names/10). What is a root domain name (site)? When you purchase a domain name, the full domain name that you register is defined as a "root domain name". For example: aliyun.com is a root domain name. Subdomains, such as www.aliyun.com and abc.aliyun.com, and wildcard domain names, such as .aliyun.com, are not root domain names. However, they belong to the same root domain name (site) aliyun.com. The total number of all domain names in the domain forwarding configuration, including root domain names, subdomains, and wildcard domain names, cannot exceed the Protected Domain Names. Note* For example, you set Protected Domain Names to 50 and configure three domain names: www.abc.com, .abc.com, and www.xyz.com. The number of root domain names (sites) is 2 (abc.com and xyz.com). This meets the limit of ≤ 5 (50/10). The total number of domain names is 3. This meets the limit of ≤ 50*.
Number of protected ports	The number of TCP and UDP ports that can be protected.
Resource group	Select the resource group to which the instance belongs in the Resource Management service. The Default Resource Group is selected by default. For more information about resource groups, see Create a resource group.
Quantity	Select the number of instances that you want to purchase.
Subscription duration	Select the validity period of the instances that you want to purchase. If you select Auto-renewal, the instance is automatically renewed before it expires. The auto-renewal cycle follows these rules: If you purchase the instance on a monthly basis, the auto-renewal cycle is one month. If you purchase the instance on a yearly basis, the auto-renewal cycle is one year. For more information about auto-renewal, see Renew an instance.

After you confirm the configurations, click Buy Now, read and select Terms of Service, and then click Pay to complete the payment.

Appendix 1: Mappings between QPS specifications and the number of connections

The queries per second (QPS) specifications of an Anti-DDoS Pro or Anti-DDoS Premium instance correspond to the number of connections, as shown in the following table. If you enable burstable QPS, view the number of connections that corresponds to the burstable QPS.

QPS	New Connections	Concurrent Connections
0 < QPS ≤ 5,000	5,000	100,000
5,000 < QPS ≤ 10,000	10,000	200,000
10,000 < QPS ≤ 30,000	30,000	500,000
30,000 < QPS ≤ 50,000	50,000	1,000,000
50,000 < QPS ≤ 100,000	80,000	1,500,000
100,000 < QPS ≤ 150,000	100,000	2,000,000
150,000 < QPS ≤ 200,000 Note Supported only by Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland).	150,000	3,000,000
200,000 < QPS ≤ 300,000 Note Supported only by Anti-DDoS Pro or Anti-DDoS Premium (the Chinese mainland).	200,000	4,000,000

Note

If you require higher specifications for new connections or concurrent connections, contact your business manager.

Appendix 2: Guidance on selecting a protection node

You can select a protection node based on its mitigation capability and access latency as described in the following table. The / symbol indicates that the node is not recommended.

Note: For example, consider an origin server in China (Hangzhou). If access latency is your top priority, select the China (Hangzhou) node. If mitigation capability is your top priority, select the Default node.

Origin server location	Protection node
Origin server location	Default	North China	China (Beijing)	China (Hangzhou)
China (Beijing)	Strong protection. The mitigation capability is at the Tbps level or higher.	/	Low latency. The mitigation capability is 600 Gbps.	/
China (Shanghai)	/	Strong protection. The mitigation capability is at the Tbps level or higher.	/	Low latency. The mitigation capability is 600 Gbps.
China (Chengdu)	/	Strong protection. The mitigation capability is at the Tbps level or higher.	Low latency. The mitigation capability is 600 Gbps.	/
China (Guangzhou)	Strong protection. The mitigation capability is at the Tbps level or higher.	/	/	Low latency. The mitigation capability is 600 Gbps.
China (Hangzhou)	Strong protection. The mitigation capability is at the Tbps level or higher.	/	/	Low latency. The mitigation capability is 600 Gbps.
China (Shenzhen)	Strong protection. The mitigation capability is at the Tbps level or higher.	/	/	Low latency. The mitigation capability is 600 Gbps.

Anti-DDoS:Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance