What Is CNAD?

Cloud Native Anti-DDoS Advanced (CNAD) provides higher DDoS protection capability for cloud services on Huawei Cloud such as Elastic Cloud Server (ECS), Elastic Load Balance (ELB), Web Application Firewall (WAF), and Elastic IP (EIP). CNAD defends against the DDoS attacks targeting the EIPs on Huawei Cloud and it provides higher protection capabilities for cloud services. With few clicks on the console, you can enjoy always-on DDoS mitigation on Huawei Cloud.

Features

CNAD has the following features:

Transparent access
You can directly protect public IP addresses on Huawei Cloud without modifying domain name resolution or configuring origin server protection.
Unlimited protection
Huawei Cloud provides high DDoS mitigation capability based on the network and resource capabilities in the current region. The protection capability provided grows with the improvement of Huawei Cloud's network capabilities.
Joint protection
Enabling the joint protection will automatically engage AAD for DDoS mitigation.
IPv4/IPv6 protection
CNAD can protect IP addresses using IPv4 and IPv6 protocols.
Traffic scrubbing
CNAD scrubs traffic when detecting that the incoming traffic of an IP address exceeds a certain threshold.
IP address blacklist or whitelist
You can configure an IP address blacklist or whitelist to block or allow access from specified IP addresses.
Protocol-based access block
Traffic accessing CNAD is blocked in one click based on the protocol type. For example, if there is no User Datagram Protocol (UDP) traffic, you are advised to disable UDP for CNAD.

Instance Specifications

**Table 1** Specifications of different types of CNAD Advanced instances
Type	CNAD 1.0		CNAD 2.0
Edition	Unlimited Protection Basic Edition	Unlimited Protection Advanced Edition	Enterprise Edition	SME Edition
Billing Mode	Yearly/Monthly	Yearly/Monthly	The instance is billed on a yearly/monthly basis. Service bandwidth can be billed on a yearly/monthly or pay-per-use basis.	The instance is billed on a yearly/monthly basis. The public network line billing mode is only available for yearly/monthly billing.
Protected objects	Huawei Cloud dynamic BGP EIPs	Anti-DDoS Service dedicated EIPs	Chinese mainland: Dynamic BGP EIPs and Anti-DDoS Service dedicated EIPs Outside the Chinese mainland: Premium BGP EIPs and Anti-DDoS Service dedicated EIPs	Chinese mainland: Dynamic BGP EIPs and Anti-DDoS Service dedicated EIPs
Region	Single-region protection	Single-region protection	Chinese mainland: Cross-region protection is supported. Outside the Chinese mainland: Only Hong Kong and Singapore are supported.	Chinese mainland: Single-region protection is supported.
Protocol	IPv4 and IPv6	IPv4	IPv4 and IPv6	IPv4 or IPv6
Protected Objects (per Instance)	50 to 500	50 to 500	50 to 1,000	1 to 1,000
Service Bandwidth	100 Mbit/s to 20 Gbit/s	100 Mbit/s to 10 Gbit/s	100 Mbit/s to 20 Gbit/s	50 Mbit/s to 20 Gbit/s
Protection Capability	Shared unlimited protection, no less than 20 Gbit/s, up to hundreds of Gbit/s. If the service bandwidth exceeds the limit, the protection capability drops and ranges from 10 Gbit/s to 20 Gbit/s.	Shared unlimited protection for up to 1 Tbit/s If the service bandwidth exceeds the limit, the protection capability drops and ranges from 10 Gbit/s to 20 Gbit/s.	Chinese mainland: Shared protection, no less than 20 Gbit/s. If the service bandwidth exceeds the limit, the protection capability drops and ranges from 10 Gbit/s to 20 Gbit/s. Outside the Chinese mainland: carrier-based cross-border protection. If the service bandwidth exceeds the limit, the protection capability drops to 5 Gbit/s.	Chinese mainland: Shared unlimited protection, no less than 20 Gbit/s. If the service bandwidth exceeds the limit, the protection capability drops and ranges from 10 Gbit/s to 20 Gbit/s.