Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Selecting Anti-DDoS Service Editions

Updated on 2024-04-30 GMT+08:00

Huawei Cloud provides multiple security solutions to defend against DDoS attacks. You can select an appropriate one based on your service requirements. Huawei Cloud Anti-DDoS Service provides three sub-services: Cloud Native Anti-DDoS Basic, Cloud Native Anti-DDoS Advanced, and Advanced Anti-DDoS.

Cloud Native Anti-DDoS Basic is free while Cloud Native Anti-DDoS Advanced and Advanced Anti-DDoS are paid services.

Figure 1 Introduction to Anti-DDoS Service

Service Description

Table 1 describes Anti-DDoS Service editions.

Table 1 Anti-DDoS service editions

Edition

Description

Application Scenario

DDoS Protection Capability

Cloud Native Anti-DDoS Basic

Cloud Native Anti-DDoS Basic monitors the service traffic from the Internet to public IP addresses and detects attack traffic in real time. It then scrubs attack traffic based on user-configured defense policies without interrupting services. It also generates monitoring reports that provide visibility into the network traffic security.

You can use this service to protect your Huawei Cloud EIPs (IPv4 and IPv6) against the DDoS attacks if you have only general security requirements.

Cloud Native Anti-DDoS Basic provides 500 Mbit/s DDoS attack defense for users free of charge.

Cloud Native Anti-DDoS Advanced

Cloud Native Anti-DDoS Advanced is developed to improve the anti-DDoS capabilities of cloud services such as ECS, ELB, WAF, and EIP.

Cloud Native Anti-DDoS Advanced takes effect for IP addresses on Huawei Cloud. You do not need to change the IP addresses. With few clicks on the console, you can enjoy always-on DDoS mitigation.

Cloud Native Anti-DDoS Advanced is used to protect your Huawei Cloud services (with public IP addresses assigned to) from DDoS attacks, meeting your requirements for immense protection capability and high network quality.

Cloud Native Anti-DDoS Advanced can be used for the following scenarios:

  • Occasional DDoS attacks
    NOTE:

    If you require Tbps-level cloud native protection, you are advised to select Cloud Native Anti-DDoS Advanced - Unlimited Protection Advanced Edition.

  • Huawei Cloud services with public IP addresses assigned for external communication
    NOTICE:

    The CNAD Unlimited Protection Advanced edition must use EIPs in the dedicated resource pool of the Cloud Native Anti-DDoS Advanced unlimited protection editions.

  • Services with high bandwidth requirements and high Queries per Second (QPS), such as online video and live streaming

  • IPv6 protection
  • A large number of public IP addresses on Huawei Cloud.

    A large number of ports, domain names, and IP addresses need to be protected from DDoS attacks.

  • Cloud Native Anti-DDoS Advanced - Unlimited Protection Basic Edition

    Shared protection for not less than 20 Gbit/s of traffic

  • Cloud Native Anti-DDoS Advanced - Unlimited Protection Advanced Edition

    Unlimited protection, with up to 1 Tbit/s protection capability.

    Dedicated EIPs and service bandwidth are billed separately.

Advanced Anti-DDoS

Advanced Anti-DDoS works as a proxy and uses Advanced Anti-DDoS IP addresses to forward requests to origin servers. All public network traffic is diverted to the high-defense IP address so that the origin server is hidden from the public. This protects origin servers from DDoS attacks.

If your service servers and main customers are in the Chinese Mainland, the access of your customers outside the Chinese Mainland may be affected by network quality.

Huawei Cloud, non-Huawei Cloud, and IDC hosts can be protected.

Advanced Anti-DDoS applies to the following scenarios:

  • Services are frequently attacked by DDoS attacks. Continuous protection is required to ensure service continuity.
NOTICE:
  • Advanced Anti-DDoS does not support domain names that have no ICP licenses. To use Advanced Anti-DDoS to protect website services, ensure that the website domain name has an ICP license.

One high-defense IP address is able to defend against 1 Tbit/s network-, and application-layer DDoS attacks. The Advanced Anti-DDoS service offers more than 15 Tbit/s of defense capability.

  • 15 Tbit/s of defense capability is the overall defense capability of the Advanced Anti-DDoS equipment room.
  • 1 Tbit/s of defense capability refers to the maximum protection capability of a single high-defense IP address.

Advanced Anti-DDoS International

If your service servers are deployed outside the Chinese Mainland and your main users are outside the Chinese Mainland, Advanced Anti-DDoS international is suitable for you.

If your service server is deployed outside the Chinese Mainland but your main service users are in the Chinese Mainland, there might be an average of about 300ms delay for users in the Chinese Mainland.

NOTE:

If you want to use Advanced Anti-DDoS international edition, we recommended that you can use Advanced Anti-DDoS for your servers and customers outside the Chinese Mainland only.

Over 5 Tbit/s Advanced Anti-DDoS defense capability, supporting unlimited AnyCast defense.

DDoS Attack Types and Anti-DDoS Service Editions

Table 2 Workload types supported by Anti-DDoS Service editions

DDoS Attack

Cloud Native Anti-DDoS Basic

Cloud Native Anti-DDoS Advanced

Advanced Anti-DDoS

Malformed packets

Transport-layer DDoS attack

It can defend against SYN flood attacks (small packet attacks), but not so well as the Cloud Native Anti-DDoS Advanced or Advanced Anti-DDoS. You are advised to use Cloud Native Anti-DDoS Advanced or Advanced Anti-DDoS.

DNS DDoS attack

×

×

Connection DDoS attack

×

Supported only by the Unlimited Protection Advanced Edition.

DDoS attacks at the web application layer

×

×

NOTE:
  • The symbol "√" indicates that the service defends against the attack.
  • The symbol "×" indicates that the service does not defend against the attack.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback