Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.
Anti-DDoS Service
Anti-DDoS Service
- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billing Items
- Renewing Subscriptions
- Bills
- Arrears
- Stopping Billing
- Cost Management
-
Billing FAQs
- General FAQs
- Billing FAQs of CNAD Advanced
-
Billing FAQs of AAD
- How Is AAD Billed?
- Why Does My Payment Status Not Update After I Make a Payment?
- Will I Be Charged If I Buy an Elastic Protection Bandwidth and My Elastic IP Address Is Not Attacked for the Whole Month?
- What Happens If the Attack Traffic Exceeds the Elastic Protection Bandwidth?
- Can I Adjust My Elastic Protection Bandwidth From 100 Gbit/s to 200 Gbit/s When I Find 100 Gbit/s Is Insufficient?
- What Is the Charge If My IP Address Is Attacked Many Times a Day?
- How Do I Stop Elastic Protection to Avoid Being Charged for the Elastic Protection Bandwidth?
- How Can I Renew the AAD Service?
- How Can I Unsubscribe from the AAD Service?
- How Should I Automatically Renew AAD?
- Can the Original Configuration Data Be Saved After I Unsubscribe from an AAD Instance?
- How Is the Elastic Bandwidth Charged?
- Getting Started
-
User Guide
-
CNAD Basic (Anti-DDoS) User Guide
- Anti-DDoS Overview
- Using IAM to Grant Anti-DDoS Permissions
- Setting a Traffic Scrubbing Threshold to Intercept Attack Traffic
- Setting DDoS Alarm Notifications
- Enabling DDoS Alarm Notifications
- Enabling Logging
- Adding a Tag to an EIP
- Viewing an EIP Monitoring Report
- Viewing an Interception Report
- Querying Audit Logs
-
CNAD Advanced (CNAD) Operation Guide
- CNAD Overview
- Using IAM to Grant CNAD Permissions
- Purchasing a CNAD Instance
-
Adding a Protection Policy
- Protection Policy Overview
- Configuring a Basic Protection Policy to Intercept Attack Traffic
- Using Watermarks to Defend Against CC Attacks
- Blocking or Permitting Traffic From Specified IP Addresses Using a Blacklist and Whitelist
- Blocking Traffic to a Specified Port
- Blocking Traffic of a Specified Protocol
- Setting a Traffic Handling Policy Based on Fingerprint Features
- Using Advanced Protection Policies to Restrict Abnormal Connections
- Blocking Traffic From Specified Locations
- Adding a Protected Object
- Enabling Alarm Notifications for DDoS Attacks
- Enabling Logging
- Viewing Statistics Reports
- Managing Instances
- Managing Protected Objects
- Viewing Monitoring Metrics
- Querying Audit Logs
-
Advanced Anti-DDoS User Guide
- AAD Overview
- Using IAM to Grant AAD Permissions
- Purchasing an AAD Instance
- Connecting Services to AAD
-
Configuring a Protection Policy
- Protection Policy Overview
- Enabling Basic Web Protection
- Blocking Traffic From Specified Locations
- Blocking Traffic of a Specified Protocol
- Blocking or Allowing Traffic From Specified IP Addresses Using a Blacklist and Whitelist
- Mitigating CC Attacks Using Frequency Control Policies
- Using Intelligent CC Policies to Defend Against CC Attacks
- Enabling Alarm Notifications for DDoS Attacks
- Enabling Logging
- Viewing Statistics
- Managing Instances
- Managing Domain Names
- Certificate Management
- Managing Forwarding Rules
- Viewing Monitoring Metrics
- Querying Audit Logs
- Scheduling Center Quotas
-
CNAD Basic (Anti-DDoS) User Guide
- Best Practices
-
API Reference
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS Management
- Querying the List of Defense Statuses of EIPs
- Querying Optional Anti-DDoS Defense Policies
- Querying Weekly Defense Statistics
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Configured Anti-DDoS Defense Policies
- Anti-DDoS Task Management
- Alarm configuration management
- Default Protection Policy Management
-
Anti-DDoS Management
- Examples
- Appendix
- Out-of-Date APIs
- SDK Reference
-
FAQs
-
General FAQs
- What Are Regions and AZs?
- What Is the Black Hole Policy of HUAWEI CLOUD?
- What are the Relationships Between ADS and Anti-DDoS Traffic Cleaning, CNAD Pro, and AAD?
- What Are the Differences Between Anti-DDoS and Advanced Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Are the Differences Between DDoS Attacks and Challenge Collapsar Attacks?
- What Is the Maximum Protection Capacity Provided by Huawei Cloud Anti-DDoS for Free?
- What Can I Do If an IP Address Is Blocked?
- Does Anti-DDoS Support the Transparent Access Mode?
- Does Anti-DDoS Service Provide SDKs?
- How Do I Migrate Instance Resources in an Enterprise Project?
-
CNAD Basic (Anti-DDoS) FAQs
-
About Anti-DDoS
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Scrubbing Affect Normal Services?
- What Are the Restrictions of Using Anti-DDoS?
- What Is the Protection Capacity of Anti-DDoS?
- What Data Can Be Provided by Anti-DDoS?
- Which Regions Does Anti-DDoS Support?
- What Can Be Protected by Anti-DDoS?
- Can Anti-DDoS Be Used Across Clouds or By Multiple Accounts?
- How to Determine Whether an Attack Occurs?
-
About Basic Functions
- What Would Happen When I Am Under a DDoS Attack Exceeding 500 Mbit/s?
- Which Types of Attacks Does Anti-DDoS Mitigate?
- What Should I Do If My Service Is Frequently Attacked?
- What Is the Difference Between ELB Protection and ECS Protection?
- Why Is the Number of Times of Cleaning Different from the Number of Attacks for the Same Public IP Address?
- Is Anti-DDoS Enabled by Default?
- Does Anti-DDoS Protect a Region or a Single IP Address?
- Do I Need to Release Anti-DDoS Resources When I Delete an Account?
- How Do I View the Traffic Scrubbing Frequency?
- How Can I View Anti-DDoS Protection Statistics?
- How Can I View the Monitoring Data of a Public IP Address in Anti-DDoS?
- How Can I View an Interception Report?
- Can I Disable Anti-DDoS Completely?
- How Do I Check Whether the Inbound Traffics Are Routed Through Anti-DDoS Devices?
- About Threshold and Black Hole
- About Alarm Notification
- About Service Faults
-
About Anti-DDoS
-
CNAD Advanced FAQs
-
Function Consulting
- What Is Unlimited Protection?
- Can CNAD Advanced Protect Non-Huawei Cloud and On-Premises IP Addresses?
- Does CNAD Advanced Protect IPv6 Addresses?
- What Do I Do If an IP Address Protected by CNAD Advanced Is Blocked?
- What Are the Protection Objects of CNAD Advanced?
- How Many Layers of Attacks Can CNAD Advanced Defend Against?
- How Long Does It Take to Switch Traffic from CNAD Advanced Back to AAD?
- Can CNAD Advanced Be Used Across Regions?
- What Is A Dedicated EIP?
- Billing
-
Function Consulting
-
AAD FAQs
-
Function Specifications
- What Service Ports Does AAD Support?
- What Forwarding Protocols Does AAD Support?
- Can I Change My Protection Bandwidths?
- Can an AAD Origin Server Use a CDN CNAME?
- What Is the Maximum Protection Capability When I Purchase 10 Gbit/s as the Basic Protection Bandwidth and 20 Gbit/s as the Elastic Protection Bandwidth?
- Does AAD Use a Public IP Address to Switch Traffic Back to Origin Servers?
- What Is the Maximum Number of Domain Names AAD Can Protect?
- How Much Additional Latency Will Be Incurred When AAD Is Deployed?
- Is There a Limit to the Number of Concurrent Requests?
- How Do I Disable Advanced Anti-DDoS?
-
Access Configuration
- Can I Connect My Service System to AAD If It Is Not Running on HUAWEI CLOUD?
- How Do I Check Whether a Protected Domain Name Is Correctly Configured After I Connect It to AAD?
- What Can I Do When Message "Invalid request" Is Displayed When I Upload an HTTPS/WebSockets Certificate?
- How Do I Convert a Non-PEM Certificate into a PEM One?
- How Do I Enable Both AAD and WAF?
- How Do I Connect My Service System to AAD?
- How Is CNAME-based Access Implemented?
- How Does AAD Distribute Traffic When There Are Multiple Origin Servers?
- How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?
- How Do I Change the Exposed IP Address of an Origin Server?
- How Do I Query the Back-to-Origin IP Address Range?
- Can I Migrate Enterprise Project Resources After Adding the Protected Domain Name?
- Can I Build My Own Anti-DDoS System Using HUAWEI CLOUD ECSs?
- How Do the AAD Blacklist and Whitelist Protect Customer's Servers?
- Do I Still Need to Configure the Blacklist and Whitelist in WAF Protection Policies After Configuring Them in DDoS Protection Policies?
- How Do I Use a Domain Name to Access Both IPv4 and IPv6 Services?
- What Should I Do If I Receive a Message Stating That the Domain Name Already Exists When Trying to Connect?
-
Faults
- What Should I Do When Encountering an Access Freezing, Delay, or Failure?
- Why Is Error 504 Displayed When I Access a Website After AAD Is Configured?
- How Do I Identify the Type of Attacks?
- What Should I Do If Error 500, 502, or 504 Is Reported When I Access My Website After I Enable Basic Web Protection for My Domain Name?
- What Can I Do If I Failed to Configure a Forwarding Rule?
- What Can I Do If My UDP Traffic Is Blocked?
- How Do I Unblock the Access That Has Been Automatically Blocked Due to the Threshold-Overtopped Attack Traffic?
- Why Can't I Specify Certain Ports When Configuring the Forwarding Rule?
- Error Message "Received fatal alert" Is Displayed After a Domain Name Is Bound to AAD
-
Product
- What Is a Protected IP Address?
- Does AAD Support Weighted Back-to-Origin?
- Can AAD Be Used Across Regions?
- What Is a CNAME Record?
- What is BGP?
- What Is the Origin Server Port of AAD?
- What Is the Origin Server IP Address?
- What Website IP Addresses Is Protected by AAD?
- What Is Service Bandwidth?
- What Is a Forwarding Protocol?
- Are Services Interrupted When They Are Being Connected to AAD?
- Can a Domain Name Be Bound to Multiple AAD Instances?
- Why Does the High-Defense IP Address Actually Receive Access Requests from a Client After AAD Is Deployed?
- Why Does the Attack Traffic Volume Increase After AAD Is Deployed?
- Will the Origin Server Be Exposed When the Attack Traffic Volume Increases After AAD Is Deployed?
- How Does AAD Protect Origin Server IP Addresses?
- Does AAD Support Two-Way SSL Authentication?
- Can I Modify or Delete the Certificates Uploaded to AAD?
- What Will Happen If My Service Traffic Exceeds the Configured Service Bandwidth?
- Is Advanced Anti-DDoS Software or Hardware?
- Does AAD Support IPv6 Protection?
- Why Is the Traffic of AAD Inconsistent with That of ELB?
-
Fees
- How Is AAD Billed?
- Why Does My Payment Status Not Update After I Make a Payment?
- Will I Be Charged If I Buy an Elastic Protection Bandwidth and My Elastic IP Address Is Not Attacked for the Whole Month?
- What Happens If the Attack Traffic Exceeds the Elastic Protection Bandwidth?
- Can I Adjust My Elastic Protection Bandwidth From 100 Gbit/s to 200 Gbit/s When I Find 100 Gbit/s Is Insufficient?
- What Is the Charge If My IP Address Is Attacked Many Times a Day?
- How Do I Stop Elastic Protection to Avoid Being Charged for the Elastic Protection Bandwidth?
- How Can I Renew the AAD Service?
- How Can I Unsubscribe from the AAD Service?
- How Should I Automatically Renew AAD?
- Can the Original Configuration Data Be Saved After I Unsubscribe from an AAD Instance?
- How Is the Elastic Bandwidth Charged?
-
Function Specifications
-
General FAQs
- Videos
-
More Documents
-
User Guide (Ankara Region)
- Service Overview
- Enabling Anti-DDoS
- Viewing a Public IP Address
- Enabling Alarm Notification
- Configuring an Anti-DDoS Protection Policy
- Viewing a Monitoring Report
- Viewing an Interception Report
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- About Basic Functions
- About Alarm notification
-
About Anti-DDoS
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS APIs
- Querying Optional Anti-DDoS Defense Policies
- Enabling Anti-DDoS
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying Anti-DDoS Tasks
- Querying the List of Defense Statuses of EIPs
- Querying the Defense Status of a Specified EIP
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Weekly Defense Statistics
- Alarm Reminding APIs
-
Anti-DDoS APIs
- Appendix
- Change History
-
User Guide (Ankara Region)
- General Reference
On this page
Show all
Help Center/
Anti-DDoS Service/
Service Overview/
Understanding Anti-DDoS Service/
Cloud Native Anti-DDoS Advanced/
What Is CNAD?
Copied.
What Is CNAD?
What Is CNAD?
Cloud Native Anti-DDoS Advanced (CNAD) provides higher DDoS protection capability for cloud services on Huawei Cloud such as Elastic Cloud Server (ECS), Elastic Load Balance (ELB), Web Application Firewall (WAF), and Elastic IP (EIP). CNAD defends against the DDoS attacks targeting the IP addresses on Huawei Cloud and it provides higher protection capabilities for cloud services. With few clicks on the console, you can enjoy always-on DDoS mitigation on Huawei Cloud.
Features
CNAD has the following features:
- Transparent access
You can directly protect public IP addresses on Huawei Cloud without modifying domain name resolution or configuring origin server protection.
- Unlimited protection
Huawei Cloud provides high DDoS mitigation capability based on the network and resource capabilities in the current region. The protection capability provided grows with the improvement of Huawei Cloud's network capabilities.
- Joint protection
Enabling the joint protection will automatically engage AAD for DDoS mitigation.
- IPv4/IPv6 protection
CNAD can protect IP addresses using IPv4 and IPv6 protocols.
- Traffic scrubbing
CNAD scrubs traffic when detecting that the incoming traffic of an IP address exceeds a certain threshold.
- IP address blacklist or whitelist
You can configure an IP address blacklist or whitelist to block or allow access from specified IP addresses.
- Protocol-based access block
Traffic accessing CNAD is blocked in one click based on the protocol type. For example, if there is no User Datagram Protocol (UDP) traffic, you are advised to disable UDP for CNAD.
Specifications
Table 1 describes the specifications supported by an instance of each edition.
NOTICE:
CNAD protection is only available for cloud resources in the same region.
|
Specification |
CNAD Unlimited Protection Basic Edition |
CNAD Unlimited Protection Advanced Edition |
Cloud Native Protection 2.0 |
|---|---|---|---|
|
Billing Mode |
Yearly/Monthly |
Yearly/Monthly |
Yearly/Monthly and pay-per-use |
|
Bandwidth Type |
Cloud native network and fully dynamic BGP (static BGP not supported). |
Huawei cloud-native network, multi-line BGP |
Cloud native network and fully dynamic BGP (static BGP not supported). |
|
Protection Capability |
Shared unlimited protection for not less than 20 Gbit/s of traffic |
Shared unlimited protection for up to 1 Tbit/s of traffic |
Chinese mainland: Shared unlimited protection, no less than 20 Gbit/s. Outside the Chinese mainland: cross-border protection for carriers. |
|
Protected IP Addresses |
The value ranges from 50 to 500 and must be a multiple of 5. |
The value ranges from 50 to 500 and must be a multiple of 5. |
50 to 1000 IP addresses. The number of protected IP addresses must be a multiple of 50. |
|
Protection Times |
Unlimited |
Unlimited |
Unlimited |
|
IP Address Change Times |
Not supported |
Not supported |
Not supported |
|
Service Bandwidth |
The supported value ranges from 100 Mbit/s to 20,000 Mbit/s. |
Maximum value: 40,000 Mbit/s |
A maximum of 20,000 Mbit/s is supported. |
Parent topic: Cloud Native Anti-DDoS Advanced
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
