Quick access to Cloud Native Anti-DDoS 2.0

Procedure

This section describes how to quickly purchase CNAD 2.0 enterprise edition and enable protection. The process is shown in Figure 1.

Figure 1 Procedure

Prerequisites

1. Before using the service, sign up for a Huawei ID and enable Huawei Cloud services. For details, see Registering a Huawei ID and Enabling Huawei Cloud Services.

   If you have enabled Huawei Cloud and completed real-name authentication, skip this step.

2. Make sure that your account has sufficient balance, or you may fail to pay to your CNAD 2.0 orders.
3. Ensure that the account has been assigned related permissions. For details, see Creating a User and Granting the CNAD Access Permission.
4. Create an ECS and bind an EIP to it. For details, see section Purchasing an ECS.

Step 1: Buying a Cloud Native Anti-DDoS 2.0 Instance

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
3. In the upper right corner of the page, click Buy DDoS Mitigation.
4. Set the purchase parameters as required, click Buy Now, and complete the payment as prompted.

   Table 1 Parameter description

   Parameter	Example Value	Description
   Instance Type	Cloud Native Protection 2.0	Type of the instance to be purchased.
   Edition	Enterprise edition	Edition to be purchased.
   Region	Chinese Mainland	Chinese Mainland: applies to scenarios where service servers are deployed in Chinese mainland (cross-region deployment is supported). Only dynamic BGP EIPs are supported. Other: applies to scenarios where the service server is deployed in the Asia Pacific region (Hong Kong is supported currently). Only premium BGP EIPs are supported.
   Billing Mode for Public Network Lines	Pay-per-use	Yearly/Monthly: You need to pay for a certain period of time in advance and are charged based on the service bandwidth. Pay-per-use: Charges are incurred daily based on the volume of scrubbed traffic.
   Service Bandwidth	100 Mbit/s	The service bandwidth indicates clean service bandwidth forwarded to the origin server from the AAD scrubbing center. It is recommended that the service bandwidth be greater than or equal to the egress bandwidth of the origin server. Otherwise, packet loss may occur or services may be affected. This parameter is displayed only when you select Yearly/Monthly for Billing Mode for Public Network Lines.
   Elastic Bandwidth	Monthly 95th percentile billing	The elastic service bandwidth is supported. When the service traffic exceeds the service bandwidth, the instance can be properly protected.
   Metering Rule	Scrubbed traffic	Scrubbed traffic refers to normal service traffic that is not polluted by attacks, excluding attack traffic.
   Protected IP Addresses	50	The number of protected IP addresses refers to the number of EIPs that can be protected by each CNAD Advanced instance. You are advised to evaluate the number of protected IP addresses based on the number of EIPs of your cloud resources.
   Instance Name	CNAD-test	Name of the purchased instance, which is user-defined.
   Enterprise Project	-	This parameter is displayed only when you use an enterprise account for purchase. Select a value based on the site requirements.
   Required Duration	-	Select the required duration based on the site requirements.
   Quantity	-	Select the quantity based on the site requirements.

   Figure 2 Cloud Native Anti-DDoS 2.0
   

Step 2: Creating a Protection Policy

CNAD Advanced supports many types of protection policies. The following uses the cleaning policy as an example.

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Protection Policies. The Protection Policies page is displayed.
2. Click Create Policy to create a policy.

   Table 2 Parameter description

   Parameter	Example Value	Description
   Name	Policy01	Name of the protection policy, which is user-defined.
   Instance	Select the instance purchased in 4.	Target instance to which the protection policy is associated to.

3. In the row containing the created policy, click Configure Policy. The Policy Content page is displayed.
4. Under Basic Protection, click Set.
   Figure 3 Basic protection
   

5. In the Basic Protection Settings dialog box that is displayed, set the Traffic Scrubbing Level and Defense Mode.
   Figure 4 Basic protection settings
   

   Table 3 Parameter description

   Parameter	Example Value	Description
   Traffic Scrubbing Level	300 Mbit/s	If the DDoS bandwidth on an IP address exceeds the configured scrubbing level, CNAD is triggered to scrub attack traffic. You are advised to set a value closest to, but not exceeding, the purchased bandwidth.
   Defense Mode	Normal	If the traffic reaches the specified scrubbing level, traffic scrubbing is triggered. Loose: Scrubbing is triggered when the traffic reaches three times of the scrubbing level. Normal: Scrubbing is triggered when the traffic reaches twice the scrubbing level. Strict: Scrubbing is triggered when the traffic reaches the scrubbing level.

Step 3: Adding a Protected Object

1. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Instances. The Instances page is displayed.
2. In the Select Instance drop-down box, select the instance purchased in 4.
3. Click Add Protected Object. The Add Protected Object page appears.
4. Select the EIP prepared in Prerequisites and click Next.
   Figure 5 Adding a protected object
   

5. Click OK.

Related Information

• To obtain DDoS attack information in a timely manner, you can set alarm notifications. For details, see Setting Alarm Notifications.
• You can view information such as the traffic trend and attack distribution on the CNAD Advanced console. For details, see Viewing Statistics Reports.