Quick Access to CNAD - Unlimited Protection Basic Edition

Procedure

This section describes how to quickly purchase Unlimited Protection Basic Edition and enable protection. The process is shown in Figure 1.

Figure 1 Procedure

Prerequisites

1. Before using Unlimited Protection Basic Edition, register a Huawei ID and enable Huawei Cloud. For details, see Registering a Huawei ID and Enabling Huawei Cloud Services and Real-Name Authentication.

   If you have enabled Huawei Cloud and completed real-name authentication, skip this step.

2. Make sure your account has enough funds to avoid issues when purchasing Unlimited Protection Basic Edition.
3. Ensure that the account has been assigned related permissions. For details, see Creating a User and Granting the CNAD Access Permission.
4. In the CN North-Beijing4 region, create an ECS and bind an EIP to it. For details, see section Purchasing an ECS.
   

   If you have an ECS that meets the requirements, you do not need to create one again.

Step 1: Purchasing an Unlimited Protection Basic Edition Instance

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
3. In the upper right corner of the page, click Buy CNAD Pro.
4. Set the purchase parameters as required, click Buy Now, and complete the payment as prompted.

   Table 1 Parameter description

   Parameter	Example Value	Description
   Instance Type	Cloud Native Anti-DDoS	Type of the instance to be purchased.
   Billing Mode	Yearly/Monthly	You are charged based on the subscription period. This means that you have to pay for a certain period of time in advance. Unlimited Protection Basic Edition supports only the yearly/monthly billing mode.
   Region	Chinese Mainland	Chinese Mainland: applies to scenarios where service servers are deployed in Chinese mainland (cross-region deployment is supported). Only dynamic BGP EIPs are supported. Other: applies to scenarios where the service server is deployed in the Asia Pacific region (Hong Kong is supported currently). Only premium BGP EIPs are supported.
   Protection Level	Unlimited Protection Basic Edition:	Edition to be purchased.
   Resource Location	CN North-Beijing4	Region where the protected cloud resources are located. Cross-region protection is not supported.
   Protected IP Addresses	50	The number of protected IP addresses refers to the number of EIPs that can be protected by each CNAD Advanced instance. You are advised to evaluate the number of protected IP addresses based on the number of EIPs of your cloud resources.
   Service Bandwidth	100Mbps	The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center. It is recommended that the service bandwidth be greater than or equal to the egress bandwidth of the origin server. Otherwise, packet loss may occur or services may be affected.
   Instance Name	CNAD-test	Name of the purchased instance, which is user-defined.
   Enterprise Project	-	This parameter is displayed only when you use an enterprise account for purchase. Select a value based on the site requirements.
   Required Duration	-	Select the required duration based on the site requirements.
   Quantity	-	Select the quantity based on the site requirements.

   Figure 2 Setting Unlimited Protection Basic edition specifications
   

Step 2: Creating a Protection Policy

CNAD Advanced supports many types of protection policies. The following uses the cleaning policy as an example.

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Protection Policies. The Protection Policies page is displayed.
2. Click Create Protection Policy to create a policy.

   Table 2 Parameter description

   Parameter	Example Value	Description
   Name	Policy01	Name of the protection policy, which is user-defined.
   Instance	Select the instance purchased in 4.	Target instance to which the protection policy is associated to.

3. In the row containing the created policy, click Configure Policy. The Policy Content page is displayed.
4. Click Set under Scrubbing Policy.
   Figure 3 Cleaning policy
   

5. Set Traffic Scrubbing Threshold to the value closest to but not exceeding the purchased bandwidth. Then, click OK.
   Figure 4 Traffic scrubbing threshold
   

Step 3: Adding a Protected Object

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Instances. The Instances page is displayed.
2. In the Select Instance drop-down box, select the instance purchased in 4.
3. Click Add Protected Object. The Add Protected Object page appears.
4. Select the EIP obtained in Prerequisites, and click Next.
   Figure 5 Adding a protected object
   

5. Click OK.

Related Information

• To obtain DDoS attack information in a timely manner, you can set alarm notifications. For details, see Setting Alarm Notifications.
• You can view information such as the traffic trend and attack distribution on the CNAD Advanced console. For details, see Viewing Statistics Reports.