Help Center> Anti-DDoS Service> Service Overview> Understanding Anti-DDoS Service> Cloud Native Anti-DDoS Advanced> What Is CNAD?
Updated on 2024-03-21 GMT+08:00
View PDF

What Is CNAD?

What Is CNAD?

Cloud Native Anti-DDoS Advanced (CNAD) provides higher DDoS protection capability for cloud services on Huawei Cloud such as Elastic Cloud Server (ECS), Elastic Load Balance (ELB), Web Application Firewall (WAF), and Elastic IP (EIP). CNAD defends against the DDoS attacks targeting the IP addresses on Huawei Cloud and it provides higher protection capabilities for cloud services. With few clicks on the console, you can enjoy always-on DDoS mitigation on Huawei Cloud.

Features

CNAD has the following features:

  • Transparent access

    You can directly protect public IP addresses on Huawei Cloud without modifying domain name resolution or configuring origin server protection.

  • Unlimited protection

    Huawei Cloud provides high DDoS mitigation capability based on the network and resource capabilities in the current region. The protection capability provided grows with the improvement of Huawei Cloud's network capabilities.

  • Joint protection

    Enabling the joint protection will automatically engage AAD for DDoS mitigation.

  • IPv4/IPv6 protection

    CNAD can protect IP addresses using IPv4 and IPv6 protocols.

  • Traffic scrubbing

    CNAD scrubs traffic when detecting that the incoming traffic of an IP address exceeds a certain threshold.

  • IP address blacklist or whitelist

    You can configure an IP address blacklist or whitelist to block or allow access from specified IP addresses.

  • Protocol-based access block

    Traffic accessing CNAD is blocked in one click based on the protocol type. For example, if there is no User Datagram Protocol (UDP) traffic, you are advised to disable UDP for CNAD.

Specifications

CNAD supports the CNAD Unlimited Protection Basic, and CNAD Unlimited Protection Advanced. Table 1 lists the service specifications supported by each instance of each edition.

CNAD protection is only available for cloud resources in the same region.

Table 1 Parameter description

Parameter

Description

Billing Mode

Yearly/Monthly

Protection Level

Unlimited protection advanced edition and basic edition.

Resource Location

Region where the protection resource is located

IP Version
  • The advanced edition supports only IPv4.
  • The basic edition supports IPv4+IPv6.

Protected IP Addresses

The value ranges from 50 to 500.

Service Bandwidth

Clean service bandwidth forwarded to the origin server from the AAD scrubbing center. It is recommended that the service bandwidth be greater than or equal to the egress bandwidth of the origin server. Otherwise, packet loss may occur or services may be affected. The configuration range is as follows:

  • Unlimited Protection Basic Edition: 100 Mbit/s to 20,000 Mbit/s
  • Unlimited Protection Advanced Edition: The configuration scope varies depending on the region.

Instance Name

The name must be 32 or fewer characters in length.

The name can contain only letters, digits, underscores (_), and hyphens (-).

Required Duration

The unit of the validity period is month or year.

NOTICE:
  • Your subscription will be renewed each month for monthly billing.
  • Your subscription will be renewed each year for yearly billing.

Enterprise Project

This option is only available when you are logged in using an enterprise account, or when you have enabled enterprise projects.

Quantity

Number of CNAD instances to be purchased.