Updated on 2024-07-01 GMT+08:00

What Is CNAD?

What Is CNAD?

Cloud Native Anti-DDoS Advanced (CNAD) provides higher DDoS protection capability for cloud services on Huawei Cloud such as Elastic Cloud Server (ECS), Elastic Load Balance (ELB), Web Application Firewall (WAF), and Elastic IP (EIP). CNAD defends against the DDoS attacks targeting the IP addresses on Huawei Cloud and it provides higher protection capabilities for cloud services. With few clicks on the console, you can enjoy always-on DDoS mitigation on Huawei Cloud.

Features

CNAD has the following features:

  • Transparent access

    You can directly protect public IP addresses on Huawei Cloud without modifying domain name resolution or configuring origin server protection.

  • Unlimited protection

    Huawei Cloud provides high DDoS mitigation capability based on the network and resource capabilities in the current region. The protection capability provided grows with the improvement of Huawei Cloud's network capabilities.

  • Joint protection

    Enabling the joint protection will automatically engage AAD for DDoS mitigation.

  • IPv4/IPv6 protection

    CNAD can protect IP addresses using IPv4 and IPv6 protocols.

  • Traffic scrubbing

    CNAD scrubs traffic when detecting that the incoming traffic of an IP address exceeds a certain threshold.

  • IP address blacklist or whitelist

    You can configure an IP address blacklist or whitelist to block or allow access from specified IP addresses.

  • Protocol-based access block

    Traffic accessing CNAD is blocked in one click based on the protocol type. For example, if there is no User Datagram Protocol (UDP) traffic, you are advised to disable UDP for CNAD.

Specifications

Table 1 describes the specifications supported by an instance of each edition.

CNAD protection is only available for cloud resources in the same region.

Table 1 CNAD specifications

Specification

CNAD Unlimited Protection Basic Edition

CNAD Unlimited Protection Advanced Edition

Cloud Native Protection 2.0

Billing Mode

Yearly/Monthly

Yearly/Monthly

Yearly/Monthly and pay-per-use

Bandwidth Type

Cloud native network and fully dynamic BGP (static BGP not supported).

Huawei cloud-native network, multi-line BGP

Cloud native network and fully dynamic BGP (static BGP not supported).

Protection Capability

Shared unlimited protection for not less than 20 Gbit/s of traffic

Shared unlimited protection for up to 1 Tbit/s of traffic

Chinese mainland: Shared unlimited protection, no less than 20 Gbit/s.

Outside the Chinese mainland: cross-border protection for carriers.

Protected IP Addresses

The value ranges from 50 to 500 and must be a multiple of 5.

The value ranges from 50 to 500 and must be a multiple of 5.

50 to 1000 IP addresses. The number of protected IP addresses must be a multiple of 50.

Protection Times

Unlimited

Unlimited

Unlimited

IP Address Change Times

Not supported

Not supported

Not supported

Service Bandwidth

The supported value ranges from 100 Mbit/s to 20,000 Mbit/s.

Maximum value: 40,000 Mbit/s

A maximum of 20,000 Mbit/s is supported.