Purchasing the CNAD 2.0
To enable CNAD protection, you need to purchase a CNAD instance.
For details about the functions and specifications of each CNAD 2.0 edition, see Table 1. Purchase an edition based on service requirements.
|
Item |
Enterprise Edition |
SME Edition |
|---|---|---|
|
Billing Mode |
|
|
|
Protected Objects |
|
Chinese mainland: Dynamic BGP EIPs and Anti-DDoS Service dedicated EIPs |
|
Region |
|
|
|
Supported Protocol |
Both IPv4 and IPv6 are supported. |
IPv4 or IPv6 |
|
Protection Times |
Unlimited |
2 |
|
Number of Objects |
50 to 500 |
1 to 1,000 |
|
Service Bandwidth |
100 Mbit/s to 20 Gbit/s |
50 Mbit/s to 20 Gbit/s |
|
Elastic Bandwidth |
Daily 95th percentile billing and monthly 95th percentile billing are supported. |
Not supported |
|
Protection Capability |
|
Chinese mainland: Shared unlimited protection, no less than 20 Gbit/s. If the service bandwidth exceeds the limit, the protection capability drops and ranges from 10 Gbit/s to 20 Gbit/s. |
- When using an Anti-DDoS Service dedicated EIP, extreme scenarios such as network fluctuations may result in traffic being redirected to a standby equipment room with lower protection capabilities, thereby reducing overall protection.
- After adding a premium BGP EIP to CNAD 2.0, it can defend against attacks originating from China but not those from outside China. The black hole threshold for a premium BGP EIP is low. When the number of attacks outside China exceeds the black hole threshold, the premium BGP EIP will be blocked. To defend against attacks from outside China, purchase an Anti-DDoS Service dedicated EIP and use it with CNAD 2.0.
Prerequisites
- The account must have the permissions of the CNAD FullAccess and BSS Administrator roles.
- You have applied for and can use the service edition.
Go to the Buy AAD page, set Instance Type to Cloud Native Anti-DDoS Advanced, and select the specifications.
Purchasing a CNAD Instance
You can purchase instances of different editions based on service requirements.
- Log in to the AAD console.
- In the upper right corner of the page, click Buy DDoS Mitigation.
- Set Instance Type to Cloud Native Protection 2.0.
- Set Edition to Enterprise Edition.
- Set the specifications parameters. Table 2 describes related parameters.
Figure 1 CNAD 2.0
Table 2 Parameters for the enterprise edition Parameter
Description
Region
- Chinese mainland: It is applicable to scenarios where service servers are deployed in Chinese mainland. Only dynamic BGP EIPs are supported.
- Other: It is applicable to scenarios where service servers are located in the Asia Pacific region. Only premium BGP IP addresses 49.0.236.0/22, 49.0.234.0/23, and 49.0.233.0/24 can be protected.
IP Version
IP address type. Both IPv4 and IPv6 are supported.
Protection Times
Number of attacks that can be protected. The default value is unlimited.
Billing Mode for Public Network Lines
Billing mode of public network lines. You can select Yearly/Monthly or Pay-per-use.
- Yearly/Monthly: You need to pay for a certain period of time in advance. It is charged based on the service bandwidth.
- Pay-per-use: You are charged based on the clean traffic generated every day. Clean traffic refers to normal service traffic, excluding attack traffic.
Resource Location
Select the region where the protected resources are located.
CNAD 1.0 can only protect cloud resources in the same region. For example, a CNAD instance in CN East-Shanghai1 can protect only cloud resources in CN East-Shanghai1.
Protected IP Addresses
The value must range from 50 to 500 and be a multiple of 5.
Service Bandwidth
The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center. It is recommended that the service bandwidth be greater than or equal to the egress bandwidth of the origin server.
You can use the service bandwidth exceeding the specified limit for up to 36 hours each month. If usage exceeds 36 hours, the protection capability will decrease.
Elastic Bandwidth
The elastic service bandwidth is supported. When the service traffic exceeds the service bandwidth, the instance can be properly protected.
Daily 95th percentile billing and monthly 95th percentile billing are supported. For details, see How Is Elastic Bandwidth Charged?
- Set Instance Name, Required Duration, and Quantity. In the lower right corner of the page, click Next.
The Auto Renewal option enables the system to renew your service by the required duration when the service is about to expire.
- On the confirmation page, confirm your order and click Submit Order.
- On the displayed page, click Pay to pay for the order.
After the payment is successful, the system switches to the instances page. After the instance status becomes Normal, the instance is created.
- (Optional) Purchase dedicated EIPs in the required region by referring to Assigning an EIP.
- Compared with common EIPs, Anti-DDoS Service dedicated EIPs offer enhanced defense against attacks at the Anti-DDoS scrubbing center, along with Terabit-level bandwidth and robust protection capabilities.
- To apply for an Anti-DDoS Service dedicated EIP, perform the following steps:
- The following lines are for reference only. The actual lines are listed on the console.
Table 3 Network lines for dedicated EIPs Region
Line
CN South-Guangzhou
5_ddosalways1bgp
CN North-Beijing2
5_DDoSAlways1bgp
CN North-Beijing4
5_DDoSAlways1bgp
CN East-Shanghai1
5_ddosalways1bgp
CN East-Shanghai2
5_DDoSAlways1bgp
CN-Hong Kong
5_DDoSAlways2bgp
AP-Singapore
5_DDoSAlways1bgp
- Log in to the AAD console.
- In the upper right corner of the page, click Buy DDoS Mitigation.
- Set Instance Type to Cloud Native Protection 2.0.
- Set Edition to SME Edition.
- Set the specifications parameters. Table 4 describes related parameters.
Figure 2 SME edition
Table 4 Parameters Parameter
Description
Region
Only the Chinese mainland is supported. This mode applies to scenarios where service servers are deployed in the Chinese mainland.
IP Version
You can select IPv4 or IPv6.
Protection Times
Number of attacks that can be defended against. The default value is 2.
Billing Mode for Public Network Lines
Only Yearly/Monthly is supported. You are charged based on the subscription period, which means you need to prepay for a specified period.
Service Bandwidth
This parameter is displayed only when you select Yearly/Monthly for Billing Mode for Public Network Lines.
Protected IP Addresses
Number of IP addresses to be protected. The value ranges from 1 to 1000.
- Set Instance Name, Required Duration, and Quantity. In the lower right corner of the page, click Next.
The Auto Renewal option enables the system to renew your service by the required duration when the service is about to expire.
- On the confirmation page, confirm your order and click Submit Order.
- On the displayed page, click Pay to pay for the order.
After the payment is successful, the system switches to the instances page. After the instance status becomes Normal, the instance is created.
- (Optional) Purchase dedicated EIPs in the required region by referring to Assigning an EIP.
- Compared with common EIPs, Anti-DDoS Service dedicated EIPs offer enhanced defense against attacks at the Anti-DDoS scrubbing center, along with Terabit-level bandwidth and robust protection capabilities.
- To apply for an Anti-DDoS Service dedicated EIP, perform the following steps:
- The following lines are for reference only. The actual lines are listed on the console.
Table 5 Network lines for dedicated EIPs Region
Line
CN South-Guangzhou
5_ddosalways1bgp
CN North-Beijing2
5_DDoSAlways1bgp
CN North-Beijing4
5_DDoSAlways1bgp
CN East-Shanghai1
5_ddosalways1bgp
CN East-Shanghai2
5_DDoSAlways1bgp
CN-Hong Kong
5_DDoSAlways2bgp
AP-Singapore
5_DDoSAlways1bgp
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
