FAQ

Q: Which line does Anti-DDoS Protection Package support?

A: The line of Anti-DDoS Protection Package is consistent with the one of the bound Elastic IP. If the original Elastic IP is BGP line, we will provide protection of BGP line.

Q: What does the infinite IP protection of Anti-DDoS Protection Package mean?

A: After the infinite IP package of Anti-DDoS Protection Package is bought, the protection package will provide anti-D protection for all Public IP in JD Cloud under this user account, without limitation to the quantity of Protection Public IPs. Binding of protection IP needs users to configure by themselves.

Q: After the infinite IP package of Anti-DDoS Protection Package is bought, will the buying quota of Elastic IP be released automatically?

A: No. Currently, each JD Cloud account supports a maximum of 10 Elastic IPs applied for each region. If more quotas are required, please apply in the ticket of Elastic IP.

Q: Does Anti-DDoS Protection Package support IP access outside the cloud?

A: No. Anti-DDoS Protection Package provides protection support only for Public IP in the cloud. Please buy Anti-DDoS Pro if protection outside the cloud is required.

Q: Does Anti-DDoS Protection Package support protection of domain name?

A: No. In case of demands on domain name protection and application level protection, please buy Anti-DDoS Pro.

Q: What’s the difference between Anti-DDoS Protection Package and Anti-DDoS Pro?

A:

• Anti-DDoS Protection Package promotes anti-D capacity only for the service in JD Cloud; Anti-DDoS Pro faces all users inside and outside the cloud.
• Anti-DDoS Protection Package can only defense flow type attacks, without supporting attack protection of application level; if application level protection scenarios such as CC attacks are required, please buy Anti-DDoS Pro.
• The access of Anti-DDoS Protection Package is simpler, without the need of changing Public IP address. Anti-DDoS Pro can be accessed upon completion of cname change, and support telecom+unicom+mobile multi-line route.

Q: What will happen if the bound resource has been expired but Anti-DDoS Protection Package has not been expired?

A: The protection package is bought monthly, if no protection object is configured, or the protection object has been expired, it cannot provide protection.

Suppose the user has bound IP of some virtual machine, if the virtual machine resource is expired and deleted, whether Anti-DDoS Protection Package bills normally or not, the protection for IP in the protection package will lose efficacy at once. Relevant configuration of this IP in the protection package will be deleted automatically.

Q: The protection bandwidth of the original Anti-DDoS Basic is 2G, and I bought the package of Anti-DDoS Protection Package, then will the final protection peak value be superimposed?

A: The final protection peak value of the protection package bought by you will not be superimposed, dominated by those in the package of Anti-DDoS Protection Package.

Eg: IP of some virtual machine originally has 2G free Anti-DDoS Basic, because it is often attacked, and the user bought 5G Anti-DDoS Protection Package for this IP. The maximum protection capability of this user is 5G, without superimposing the free quota of the original Anti-DDoS Basic.

**Q: What is the effective scope of access control rules? **

A: Access control rules apply only to the inbound traffic in the north-south direction, that is, the traffic from the Internet to the JD Cloud public IP. In addition, the origin IP and destination IP of the access control rules take effect only when the public IP is configured, and the destination IP takes effect only for the elastic public IP bound to the protection package instance.

**Q: Do access control rules and network ACLs/security group’s conflict? **

A: Access control rules take effect when traffic enters the entrance of the JD Cloud data center, network ACLs take effect in users’ VPC, and security groups take effect only for bound cloud hosts. Therefore, access control rules take precedence over network ACLs and security groups. Users are recommended to check network ACLs and security groups before configuring access control rules to save unnecessary troubleshooting efforts. Since access control rules apply only to inbound traffic, they cannot completely replace the functions of network ACLs and security groups.

**Q: Are there restrictions on the number of access control rules? **

A: The total number of rules is capped at 10, 000. The calculation method is: total number of rules = number of origin IPs x number of destination IPs x number of ports x number of rule entries. When adding/editing/inserting rules, or updating the referenced IP address library and port library, the total number of currently configured rules will be counted. If there are more than 10, 000 rules, an alarm will be issued and related operations will be prohibited.