Selecting Anti-DDoS Service Editions

Cloud Native Anti-DDoS Basic

Cloud Native Anti-DDoS Basic monitors the service traffic from the Internet to public IP addresses and detects attack traffic in real time. It then scrubs attack traffic based on user-configured defense policies without interrupting services. It also generates monitoring reports that provide visibility into the network traffic security.

You can use this service to protect your Huawei Cloud EIPs (IPv4 and IPv6) against the DDoS attacks if you have only general security requirements.

Cloud Native Anti-DDoS Basic provides 500 Mbit/s DDoS attack defense for users free of charge.

Cloud Native Anti-DDoS Advanced

Cloud Native Anti-DDoS Advanced is developed to improve the anti-DDoS capabilities of cloud services such as ECS, ELB, WAF, and EIP.

Cloud Native Anti-DDoS Advanced takes effect for IP addresses on Huawei Cloud. You do not need to change the IP addresses. With few clicks on the console, you can enjoy always-on DDoS mitigation.

Cloud Native Anti-DDoS Advanced is used to protect your Huawei Cloud services (with public IP addresses assigned to) from DDoS attacks, meeting your requirements for immense protection capability and high network quality.

Cloud Native Anti-DDoS Advanced can be used for the following scenarios:

• Occasional DDoS attacks
  NOTE:

  If you require Tbps-level cloud native protection, you are advised to select Cloud Native Anti-DDoS Advanced - Unlimited Protection Advanced Edition.

• Huawei Cloud services with public IP addresses assigned for external communication
  NOTICE:

  The CNAD Unlimited Protection Advanced edition must use EIPs in the dedicated resource pool of the Cloud Native Anti-DDoS Advanced unlimited protection editions.

• Services with high bandwidth requirements and high Queries per Second (QPS), such as online video and live streaming

• IPv6 protection
• A large number of public IP addresses on Huawei Cloud.

  A large number of ports, domain names, and IP addresses need to be protected from DDoS attacks.

• Cloud Native Anti-DDoS Advanced - Unlimited Protection Basic Edition

  Shared protection for not less than 20 Gbit/s of traffic

• Cloud Native Anti-DDoS Advanced - Unlimited Protection Advanced Edition

  Unlimited protection, with up to 1 Tbit/s protection capability.

  Dedicated EIPs and service bandwidth are billed separately.

Advanced Anti-DDoS

Advanced Anti-DDoS works as a proxy and uses Advanced Anti-DDoS IP addresses to forward requests to origin servers. All public network traffic is diverted to the high-defense IP address so that the origin server is hidden from the public. This protects origin servers from DDoS attacks.

If your service servers and main customers are in the Chinese Mainland, the access of your customers outside the Chinese Mainland may be affected by network quality.

Huawei Cloud, non-Huawei Cloud, and IDC hosts can be protected.

Advanced Anti-DDoS applies to the following scenarios:

• Services are frequently attacked by DDoS attacks. Continuous protection is required to ensure service continuity.

One high-defense IP address is able to defend against 1 Tbit/s network-, and application-layer DDoS attacks. The Advanced Anti-DDoS service offers more than 15 Tbit/s of defense capability.

• 15 Tbit/s of defense capability is the overall defense capability of the Advanced Anti-DDoS equipment room.
• 1 Tbit/s of defense capability refers to the maximum protection capability of a single high-defense IP address.

Advanced Anti-DDoS International

If your service servers are deployed outside the Chinese Mainland and your main users are outside the Chinese Mainland, Advanced Anti-DDoS international is suitable for you.

If your service server is deployed outside the Chinese Mainland but your main service users are in the Chinese Mainland, there might be an average of about 300ms delay for users in the Chinese Mainland.

Over 5 Tbit/s Advanced Anti-DDoS defense capability, supporting unlimited AnyCast defense.