Help Center> > Service Overview >Advanced Anti-DDoS

Advanced Anti-DDoS

The Advanced Anti-DDoS (AAD) service is an essential part of the warranty for enterprises' service continuity. You can change the DNS server or external service IP address to a high-defense IP address, thereby diverting traffic to the high-defense IP address for scrubbing malicious attack traffic. This mechanism protects external IP addresses against black holes (becoming unreachable IP addresses) and ensures that important services are not interrupted. This service can be deployed on HUAWEI CLOUD, non-HUAWEI CLOUD, and IDC hosts.

  • Without AAD

    Without AAD, the origin servers are exposed to the Internet and are prone to paralysis once Distributed Denial-of-Service (DDoS) attacks occur.

  • With AAD enabled

    After you purchase the AAD service, the domain name of a web service is pointed to the high-defense IP address, and the service IP address of a non-web service is changed to the high-defense IP address. In this case, all access traffic is filtered by the high-defense IP address.

AAD Mechanism

The AAD service uses the high-defense IP address to proxy services for origin servers. All public network traffic is diverted to the high-defense IP address, and therefore user services on the origin servers are protected against DDoS attacks. The following figure illustrates the mechanism of AAD traffic diversion and forwarding.

  • Customer

    Customer who accesses the origin server

  • Origin server IP address

    A public IP address used by the origin server (also known as the IP address that is protected against exposures)

  • High-defense IP address

    An IP address used to provide services for customers in place of the origin server IP address

  • Back-to-origin IP address

    An IP address used to communicate with the origin server IP address in place of the customer IP address in the AAD data center

AAD provides defense against a wide range of network-, and application-layer DDoS attacks, including SYN flood, UDP flood, ACK flood, ICMP flood, DNS query flood, NTP reply flood, and CC attacks.