Specifications

Table 1 describes the AAD specifications. The specifications of an AAD instance cannot be downgraded.

**Table 1** AAD instance specifications
Parameter	Description
Access Type	Two types are supported: Website and IP access. NOTE: Websites: Huawei Cloud uses intelligent algorithms to select the optimal access point for you and does not provide fixed high-defense IP addresses. This type is recommended for users using "Domain Name Access". IP access: provides only IP port protection and fixed high-defense IP addresses. This type is recommended for users using "Layer 4 Forwarding Rules".
Instance	Each user can purchase a maximum of five instances by default.
Line	Line: BGP.
Service access point	You can select one of the following options based on your geographical location: North China 1: China Mobile, China Telecom, China Unicom, Beijing Education Network, Dr. Peng, Hebei Broadcast & Television, and Chongqing Broadcast & Television are supported. CN East 2: China Mobile, China Telecom, and China Unicom are supported.
IP type	IPv4: To protect an IPv4 origin server, you need to select IPv4. IPv6: To protect an IPv6 origin server, you need to select IPv6.
Number of protected domain names (available only when website access is selected)	Each instance protects 50 domain names for free. You can protect up to 200 domain names at an additional cost. NOTICE: The number of domain names includes the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, *.example.com). Each AAD instance can protect 50 single domain names or wildcard domain names, or protect one top-level domain name and 49 subdomain names or wildcard domain names related to the top-level domain name.
Basic Protection Bandwidth	Value range: 10Gbps, 20Gbps, 30Gbps, 60Gbps, 100Gbps, 300Gbps, 400Gbps, 500Gbps, 600Gbps, 800Gbps, 1000Gbps. To achieve enhanced protection, specify Elastic Protection Bandwidth.
Elastic Protection Bandwidth	You can change the elastic protection bandwidth three times a day for each instance. Value range: 10Gbps, 20Gbps, 30Gbps, 40Gbps, 50Gbps, 60Gbps, 70Gbps, 80Gbps, 100Gbps, 200Gbps, 300Gbps, 400Gbps, 500Gbps, 600Gbps, 700Gbps, 800Gbps, 1000Gbps. If there is no attack detected or the attack traffic does not exceed the basic protection bandwidth, you are not billed for the elastic protection function. If the attack peak is greater than the selected elastic protection bandwidth, the high-defense IP address will be blocked by a black hole. You can change the elastic protection bandwidth for your AAD instance based on service requirements. NOTE: The elastic protection bandwidth must be greater than or equal to the basic protection bandwidth. If the two are set to the same value, the elastic protection bandwidth function does not take effect.
Service Bandwidth	The service bandwidth indicates the bandwidth used by AAD to forward traffic from the AAD scrubbing center to the origin server. A 100 Mbit/s of service bandwidth is provided for each instance for free. You can buy up to 2 Gbit/s of service bandwidth at an additional cost. If the service traffic from your AAD instance to origin server is fewer than 100 Mbit/s, you can use the free service bandwidth.
Forwarding Protocol	Layer-4 protocol: TCP and UDP Layer-7 protocol: HTTP/WebSocket and HTTPS/WebSockets
Access Mode	Connecting website services to an AAD instance To connect a website service to AAD, you can set a Canonical Name (CNAME) record in the DNS configuration. Connecting non-website services to an AAD instance Non-website services include applications and PC client services. For such services, you can configure CNAME records in DNS or directly configure high-defense IP addresses on clients to use AAD.
Black Hole Deactivation Time	The black hole lasts 30 minutes by default. However, depending on the number of black holes triggered and peak attack traffic of the day, it may last up to 24 hours. NOTE: If you need to unblock access before a black hole becomes ineffective, contact Huawei technical support.
Protected objects	You can use AAD to protect hosts on Huawei Cloud, other clouds, and IDCs.

Differences Between IPv4 and IPv6 IP Addresses in AAD

AAD supports IPv4 and IPv6 high-defense IP addresses. The following table describes the differences between the two types of IP addresses.

To protect an IPv4 origin server, select an IPv4 instance. To protect an IPv6 origin server, select an IPv6 instance. When purchasing an instance, pay attention to the type of the IP addresses to be protected.

Function	IPv4 high-defense addresses	IPv4 high-defense addresses
Blacklist or whitelist	√	√
Regional traffic blocking	√	×
Protocol traffic blocking	√	√
CC defense	√	√
Basic web protection	√	√
Updating a domain name certificate	√	√
Modifying resolution lines for high-defense IP addresses of a domain name	√	√
Changing an origin server IP address	√	√
CNAME-based automatic scheduling	√	√
Viewing attack events	√	√
Viewing attack types	√	√
Viewing CC attack protection	√	√
Obtaining the real source IP address	√	×

Parent topic: Advanced Anti-DDoS

Previous topic: Advanced Anti-DDoS

Next topic: Application Scenarios

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot