Quick access to Cloud Native Anti-DDoS 2.0

Procedure

This section describes how to quickly purchase CNAD 2.0 and enable protection. The process is shown in Figure 1.

Figure 1 Procedure

Prerequisites

1. Before using Unlimited Protection Basic Edition, register a Huawei ID and enable Huawei Cloud. For details, see Registering a Huawei ID and Enabling Huawei Cloud Services and Real-Name Authentication.

   If you have enabled Huawei Cloud and completed real-name authentication, skip this step.

2. Make sure that your account has sufficient balance, or you may fail to pay to your CNAD 2.0 orders.
3. Ensure that the account has been assigned related permissions. For details, see Creating a User and Granting the CNAD Access Permission.
4. Create an ECS and bind an EIP to it. For details, see section Purchasing an ECS.

Step 1: Buying a Cloud Native Anti-DDoS 2.0 Instance

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
3. In the upper right corner of the page, click Buy DDoS Mitigation.
4. Set the purchase parameters as required, click Buy Now, and complete the payment as prompted.

   Table 1 Parameter description

   Parameter	Example Value	Description
   Instance Type	Cloud Native Anti-DDoS	Type of the instance to be purchased.
   Billing Mode	Yearly/Monthly	You are charged based on the subscription period. This means that you have to pay for a certain period of time in advance. Currently, only the yearly/monthly billing mode is supported.
   Region	Chinese Mainland	Chinese Mainland: applies to scenarios where service servers are deployed in Chinese mainland (cross-region deployment is supported). Only dynamic BGP EIPs are supported. Other: applies to scenarios where the service server is deployed in the Asia Pacific region (Hong Kong is supported currently). Only premium BGP EIPs are supported.
   Protection Level	Cloud Native Anti-DDoS 2.0	Edition to be purchased.
   Protected IP Addresses	50	The number of protected IP addresses refers to the number of EIPs that can be protected by each CNAD Advanced instance. You are advised to evaluate the number of protected IP addresses based on the number of EIPs of your cloud resources.
   Billing Mode for Public Network Lines	Pay-per-use	Yearly/Monthly: You need to pay for a certain period of time in advance and are charged based on the service bandwidth. Pay-per-use: Charges are incurred daily based on the volume of scrubbed traffic.
   Metering Rule	Scrubbed traffic	Scrubbed traffic refers to normal service traffic that is not polluted by attacks, excluding attack traffic.
   Service Bandwidth	100Mbps	The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center. It is recommended that the service bandwidth be greater than or equal to the egress bandwidth of the origin server. Otherwise, packet loss may occur or services may be affected. This parameter is displayed only when you select Yearly/Monthly for Billing Mode for Public Network Lines.
   Instance Name	CNAD-test	Name of the purchased instance, which is user-defined.
   Enterprise Project	-	This parameter is displayed only when you use an enterprise account for purchase. Select a value based on the site requirements.
   Required Duration	-	Select the required duration based on the site requirements.
   Quantity	-	Select the quantity based on the site requirements.

   Figure 2 Cloud Native Anti-DDoS 2.0
   

Step 2: Creating a Protection Policy

CNAD Advanced supports many types of protection policies. The following uses the cleaning policy as an example.

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Protection Policies. The Protection Policies page is displayed.
2. Click Create Policy to create a policy.

   Table 2 Parameter description

   Parameter	Example Value	Description
   Name	Policy01	Name of the protection policy, which is user-defined.
   Instance	Select the instance purchased in 4.	Target instance to which the protection policy is associated to.

3. In the row containing the created policy, click Configure Policy. The Policy Content page is displayed.
4. Under Basic Protection, click Set.
   Figure 3 Basic protection
   

5. In the Basic Protection Settings dialog box that is displayed, set the Traffic Scrubbing Level and Defense Mode.
   Figure 4 Basic protection settings
   

   Table 3 Parameter description

   Parameter	Example Value	Description
   Traffic Scrubbing Level	300Mbps	If the DDoS bandwidth on an IP address exceeds the configured scrubbing level, CNAD is triggered to scrub attack traffic. You are advised to set a value closest to, but not exceeding, the purchased bandwidth.
   Defense Mode	Normal	If the traffic reaches the specified scrubbing level, traffic scrubbing is triggered. Loose: Scrubbing is triggered when the traffic reaches three times of the scrubbing level. Normal: Scrubbing is triggered when the traffic reaches twice the scrubbing level. Strict: Scrubbing is triggered when the traffic reaches the scrubbing level.

Step 3: Adding a Protected Object

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Instances. The Instances page is displayed.
2. In the Select Instance drop-down box, select the instance purchased in 4.
3. Click Add Protected Object. The Add Protected Object page appears.
4. Select the EIP prepared in Prerequisites and click Next.
   Figure 5 Adding a protected object
   

5. Click OK.

Related Information

• To obtain DDoS attack information in a timely manner, you can set alarm notifications. For details, see Setting Alarm Notifications.
• You can view information such as the traffic trend and attack distribution on the CNAD Advanced console. For details, see Viewing Statistics Reports.