Help Center/ Anti-DDoS Service/ User Guide/ CNAD Advanced (CNAD) Operation Guide/ Purchasing a CNAD Instance
Updated on 2025-02-08 GMT+08:00
View PDF
Share

Purchasing a CNAD Instance

To enable CNAD protection, you need to purchase a CNAD instance.

For details about the functions and specifications of each CNAD edition, see Table 1. Purchase an edition based on service requirements.

Table 1 CNAD editions and specifications

Item

Unlimited Protection Basic Edition

Unlimited Protection Advanced Edition

CNAD 2.0

Billing Mode

Yearly/Monthly

Yearly/Monthly
  • The instance is billed on a yearly/monthly basis.
  • Service bandwidth can be billed on a yearly/monthly or pay-per-use basis.

Protected Object

Huawei Cloud EIP

Anti-DDoS Service dedicated EIPs
  • Chinese mainland: Dynamic BGP EIPs and Anti-DDoS Service dedicated EIPs
  • Outside the Chinese mainland: Premium BGP EIPs and Anti-DDoS Service dedicated EIPs

Region

Single-region protection

Single-region protection
  • Chinese mainland: Cross-region protection is supported.
  • Outside the Chinese mainland: Only Hong Kong and Singapore are supported.

Protocol

IPv4 and IPv6

IPv4

IPv4 and IPv6

Number of Objects

50-500

50-500

50-1000

Service Bandwidth

100Mbps-20Gbps

100Mbps-20Gbps

100Mbps-20Gbps

Protection Capability

Shared unlimited protection, no less than 20 Gbit/s, up to hundreds of Gbit/s.

Shared unlimited protection for up to 1 Tbit/s of traffic
  • Chinese mainland: Shared unlimited protection, no less than 20 Gbit/s.
  • Outside the Chinese mainland: carrier-based cross-border protection.
  • When using an Anti-DDoS Service dedicated EIP, extreme scenarios such as network fluctuations may result in traffic being redirected to a standby equipment room with lower protection capabilities, thereby reducing overall protection.
  • After adding a premium BGP EIP to CNAD 2.0, it can defend against attacks originating from China but not those from outside China. The black hole threshold for a premium BGP EIP is low; when the number of attacks from outside China exceeds this threshold, the premium BGP EIP will be blocked. To defend against attacks from outside China, purchase an Anti-DDoS Service dedicated EIP and use it with CNAD 2.0.

Prerequisites

  • The account must have the permissions of the CNAD FullAccess and BSS Administrator roles.
  • You have applied for using the corresponding service edition.

Go to the Buy AAD page, set Instance Type to Cloud Native Anti-DDoS Advanced, and select the specifications.

Purchasing a CNAD Instance

You can purchase instances of different editions based on service requirements.

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
  3. In the upper right corner of the page, click Buy DDoS Mitigation.
  4. Set Instance Type to Cloud Native Anti-DDoS.
  5. Select a region where the resources to be protected are located.

    Cloud Native Anti-DDoS 2.0 outside the Chinese mainland can only protect premium BGP IP addresses 49.0.236.0/22, 49.0.234.0/23, and 49.0.233.0/24.

  6. For Protection Level, select Cloud Native Anti-DDoS 2.0.
  7. Set the specifications parameters by referring to Table 2.

    Figure 1 Cloud Native Anti-DDoS 2.0
    Table 2 Parameter description

    Parameter

    Description

    Protected IP Addresses

    The value ranges from 50 to 1000, and the number of protected IP addresses must be a multiple of 50.

    Billing Mode for Public Network Lines

    Select one based on site requirements.

    • Yearly/Monthly: Your subscription fee is billed according to the selected payment cycle, requiring prepayment for the chosen duration. This mode is supported only in the Chinese mainland.
    • Pay-per-use: Charges are incurred daily based on the volume of clean traffic.

    Service Bandwidth

    This parameter is displayed only when you select Yearly/Monthly for Billing Mode for Public Network Lines.

    Metering Rule

    This parameter is displayed only when you select Pay-Per-Use for Billing Mode for Public Network Lines.

    Clean traffic refers to normal service traffic that is not polluted by attacks, excluding attack traffic.

  8. Set Instance Name, Required Duration, and Quantity. In the lower right corner of the page, click Next.

    The Auto-renew option enables the system to renew your service by the purchased period when the service is about to expire.

  9. On the confirmation page, confirm your order and click Submit Order.
  10. On the Pay page, click Pay.

    After the payment is successful, the newly bought instance will be displayed on the instance list. After the instance status becomes Normal, the instance is created.

  11. (Optional) Purchase dedicated EIPs in the required region by referring to Assigning an EIP.

    • Compared with common EIPs, Anti-DDoS Service dedicated EIPs offer enhanced defense against attacks at the Anti-DDoS scrubbing center, along with Terabit-level bandwidth and robust protection capabilities.
    • To apply for an Anti-DDoS Service dedicated EIP, perform the following steps:
    • The following lines are for reference only. The actual lines are listed on the console.
    Table 3 Network lines for dedicated EIPs

    Region

    Line

    CN South-Guangzhou

    5_ddosalways1bgp

    CN North-Beijing2

    5_DDoSAlways1bgp

    CN North-Beijing4

    5_DDoSAlways1bgp

    CN East-Shanghai1

    5_ddosalways1bgp

    CN East-Shanghai2

    5_DDoSAlways1bgp

    AP-Bangkok

    5_thddosbgp

    LA-Sao Paulo1

    5_brzddosbgp

    LA-Santiago

    5_DDoSAlways1bgp

    AF-Johannesburg

    5_saddosbgp

    CN-Hong Kong

    5_DDoSAlways2bgp

    AP-Singapore

    5_DDoSAlways1bgp

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the upper right corner of the page, click Buy DDoS Mitigation.
  4. Set Instance Type to Cloud Native Anti-DDoS.
  5. Region: Select Chinese Mainland.
  6. Set Protection Level to Unlimited Protection Basic Edition.
  7. Set the specifications parameters, as shown in Figure 2. Table 4 describes the parameters.

    Figure 2 Setting Unlimited Protection Basic edition specifications
    Table 4 Parameters of Unlimited Protection Basic Edition

    Parameter

    Description

    Region

    Unlimited Protection Basic Edition is available only in the Chinese mainland.

    Resource Location

    Select the region where the protected resources are located.

    NOTICE:

    CNAD instances can only protect cloud resources in the same region. Cross-region protection is not supported. For example, a CNAD instance in CN East-Shanghai1 can protect only cloud resources in CN East-Shanghai1.

    Protected IP Addresses

    A maximum of 50 IP addresses can be protected by default. Every five IP addresses can be added each time, and a maximum of 500 IP addresses can be added.

    Service Bandwidth

    The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center.

  8. Set Instance Name, Required Duration, and Quantity. In the lower right corner of the page, click Next.

    The Auto-renew option enables the system to renew your service by the purchased period when the service is about to expire.

  9. On the confirmation page, confirm your order and click Submit Order.
  10. On the Pay page, click Pay.

    After the payment is successful, the newly bought instance will be displayed on the instance list. After the instance status becomes Normal, the instance is created.

Before purchasing the advanced edition, you should know that the Unlimited Protection Advanced edition can protect only exclusive EIPs.

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the upper right corner of the page, click Buy DDoS Mitigation.
  4. Set Instance Type to Cloud Native Anti-DDoS.
  5. Select a region where the resources to be protected are located.
  6. Select Unlimited Protection Advanced Edition for Protection Level.
  7. Set the specifications parameters. Table 5 describes related parameters.

    Figure 3 Setting specifications of the Unlimited Protection Advanced edition
    Table 5 Parameters of Unlimited Protection Advanced Edition

    Parameter

    Description

    Region
    • Chinese Mainland: applies to scenarios where service servers are deployed in Chinese mainland. Only dynamic BGP EIPs are supported.
    • Outside the Chinese mainland: applies to scenarios where the service server is deployed in the Asia Pacific region. Only premium BGP EIPs are supported.

    Resource Location

    Select the region where the protected resources are located.

    NOTICE:

    CNAD instances can only protect cloud resources in the same region. Cross-region protection is not supported. For example, a CNAD instance in CN East-Shanghai1 can protect only cloud resources in CN East-Shanghai1.

    Protected IP Addresses

    A maximum of 50 IP addresses can be protected by default. Every five IP addresses can be added each time, and a maximum of 500 IP addresses can be added.

    Service Bandwidth

    The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center.

    Value range: 100 Mbit/s to 40,000 Mbit/s

  8. Set Instance Name, Required Duration, and Quantity. In the lower right corner of the page, click Next.

    The Auto-renew option enables the system to renew your service by the purchased period when the service is about to expire.

  9. On the confirmation page, confirm your order and click Submit Order.
  10. On the Pay page, click Pay.

    After the payment is successful, the newly bought instance will be displayed on the instance list. After the instance status becomes Normal, the instance is created.

  11. Purchase dedicated EIPs in the required region by referring to Assigning an EIP.

    Table 6 Network lines for dedicated EIPs

    Region

    Line

    CN South-Guangzhou

    5_ddosalways1bgp

    CN North-Beijing2

    5_DDoSAlways1bgp

    CN North-Beijing4

    5_DDoSAlways1bgp

    CN East-Shanghai1

    5_ddosalways1bgp

    CN East-Shanghai2

    5_DDoSAlways1bgp

    AP-Bangkok

    5_thddosbgp

    LA-Sao Paulo1

    5_brzddosbgp

    LA-Santiago

    5_DDoSAlways1bgp

    AF-Johannesburg

    5_saddosbgp

    CN-Hong Kong

    5_DDoSAlways2bgp

    AP-Singapore

    5_DDoSAlways1bgp

    The preceding line names are for reference only. The actual line names are displayed on the console.

Parent Topic: CNAD Advanced (CNAD) Operation Guide