Updated on 2024-12-24 GMT+08:00

Purchasing AAD Instances

AAD offers continuous protection to maintain service continuity during frequent DDoS attacks, particularly those with high traffic.

After purchasing the service, you need to perform only simple operations to gain robust protection capabilities. This service is suitable for servers deployed in the Chinese mainland and Asia Pacific regions.

  • After you purchase an AAD instance, refunds are not supported.
  • If an AAD instance has expired for more than 30 calendar days, AAD will stop forwarding service traffic and the instance will become invalid. If you do not need to use AAD anymore, switch your service traffic from AAD to the origin server 30 calendar days before the expiration date.

Limitations and Constraints

  • Each user can purchase a maximum of five instances by default. If the quota is insufficient, submit a service ticket to apply for a higher quota.
  • If your service servers are located in Chinese Mainland, you are advised to purchase AAD. You have obtained an ICP license for your domain names to be protected by AAD.
  • If your service servers are located outside Chinese mainland, you are advised to purchase AAD (International Edition).

Prerequisites

The account must have the permissions of the CAD Administrator and BSS Administrator roles.

Setting the parameters required for purchasing an AAD instance

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the upper right corner of the page, click Buy CNAD Pro.
  4. On the Buy AAD page, set Instance Type to Advanced Anti-DDoS.
  5. Set instance specifications, as shown in Figure 1. Table 1 describe related parameters.

    Figure 1 Setting the parameters required for purchasing an AAD instance
    Table 1 Parameters for purchasing an AAD instance

    Parameter

    Description

    Access Type

    • Website: Huawei Cloud uses intelligent algorithms to select the optimal access point for you and does not provide fixed high-defense IP addresses. This type is recommended for users using "Domain Name Access".
    • IP Address: provides only IP port protection and fixed high-defense IP addresses.

    Region

    • Chinese mainland: applies to scenarios where service servers are deployed in Chinese Mainland.
    • Outside the Chinese mainland: applies to scenarios where service servers are deployed in Asia Pacific (Hong Kong and Singapore are supported currently).

    If service servers are deployed in other regions, you are advised to purchase the AAD international edition.

    Line

    • Chinese mainland: Only BGP is supported.
    • Outside the Chinese mainland: Only AnyCast is supported.

    Service Access Point

    The following access points are available in Chinese Mainland. Select an access point based on your service location.

    • North China 1: China Mobile, China Telecom, China Unicom, Beijing Education Network, Dr. Peng, Hebei Broadcast & Television, and Chongqing Broadcast & Television are supported.
    • CN East 2: China Mobile, China Telecom, and China Unicom are supported.

    Only Asia Pacific is supported outside the Chinese mainland. This line applies to servers located in Asia Pacific (currently, Hong Kong and Singapore are supported).

    IP Type

    • IPv4: To protect an IPv4 origin server, you need to select IPv4.
    • IPv6: To protect an IPv6 origin server, you need to select IPv6.

    Only IPv4 addresses can be protected outside the Chinese mainland.

    Protection package

    This parameter is available only in areas outside the Chinese mainland.

    • Basic protection: provides advanced protection twice a month for services with low DDoS attack risks.
    • Unlimited protection: provides advanced protection for unlimited times, which is suitable for defending against services with high DDoS attack risks.

    Basic Protection Bandwidth

    The basic protection bandwidth is purchased by customers. If the peak attack traffic is less than or equal to the basic protection bandwidth, customers do not need to pay extra fees.

    To achieve enhanced protection, use the Elastic Protection Bandwidth parameter.

    Elastic Protection Bandwidth

    If you set this parameter to a value larger than the basic protection bandwidth, additional charges ensue when attack traffic exceeding the basic protection bandwidth is scrubbed.

    You can modify the elastic protection bandwidth as needed after you have purchased an AAD instance.

    NOTE:

    The elastic protection bandwidth must be greater than or equal to the basic protection bandwidth. If the two are set to the same value, the elastic protection bandwidth function does not take effect.

    Protected Domain Names

    This parameter is available only when Access Type is set to Website. By default, 50 ports are provided. You can pay for more. A maximum of 200 ports are supported.

    Forwarding Rules

    This parameter is available only when the access type is IP Access.

    • Chinese mainland: 50 are provided by default. You can pay for more rules. A maximum of 500 rules are supported.
    • Outside the Chinese mainland: 5 are by default. You can pay for more rules. A maximum of 200 rules are supported.

    Service Bandwidth

    Specifies the service bandwidth for the AAD instance to forward scrubbed traffic to origin servers. The value ranges from 100 Mbit/s to 5000 Mbit/s.

    Collect statistics on the peak inbound and outbound traffic of all services to be connected to the AAD instance. The service bandwidth must be greater than both the peak inbound and outbound traffic.

    CAUTION:

    If the service bandwidth of your instance is lower than peak inbound or outbound traffic, packet loss may occur and your services may be affected. In this case, upgrade the service bandwidth in a timely manner. For details about upgrading specifications, see Upgrading Instance Specifications.

    Assume that you have two services (service A and service B) to access AAD. The peak traffic of service A does not exceed 50 Mbit/s, and the peak traffic of service B does not exceed 70 Mbit/s. The total traffic does not exceed 120 Mbit/s. In this case, you only need to ensure that the maximum service bandwidth of the purchased instance is greater than 120 Mbit/s.

  6. Set Required Duration and Quantity, as shown in Figure 2. Table 2 describes the parameters.

    Figure 2 Setting Required Duration and Quantity
    Table 2 Parameter description

    Parameter

    Description

    Example Value

    Instance Name

    Enter a name for the AAD instance you are purchasing.
    • The name can contain a maximum of 32 characters.
    • The name can contain only letters, digits, underscores (_), and hyphens (-).

    CAD-0001

    Enterprise Project

    This option is only available when you are logged in using an enterprise account, or when you have enabled enterprise projects. To learn more, see Enabling the Enterprise Center. You can use enterprise projects to more efficiently manage cloud resources and project members.

    NOTE:
    • default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.
    • The default option is available in the Enterprise Project drop-down list when you purchase AAD with a registered Huawei Cloud account.

    N/A

    Required Duration

    Set this parameter as required.

    N/A

    Quantity

    Select the number of instances to be purchased. By default, each user can purchase a maximum of five instances.

    1

    The Auto-renew option is optional. If you tick Auto-renew, the system will automatically renew the AAD instance before it expires.

  7. Click Next.
  8. On the Details page, select the agreement and click Submit Order.

    For regions outside the Chinese mainland, the payment can be made only after the order is approved.

  9. Pay for the order on the payment page.