diff --git a/umn/source/_static/images/en-us_image_0000001117669274.png b/umn/source/_static/images/en-us_image_0000001117669274.png index 76633c8..135693a 100644 Binary files a/umn/source/_static/images/en-us_image_0000001117669274.png and b/umn/source/_static/images/en-us_image_0000001117669274.png differ diff --git a/umn/source/_static/images/en-us_image_0000001117669524.png b/umn/source/_static/images/en-us_image_0000001117669524.png index 7a8a4ae..d6b756a 100644 Binary files a/umn/source/_static/images/en-us_image_0000001117669524.png and b/umn/source/_static/images/en-us_image_0000001117669524.png differ diff --git a/umn/source/_static/images/en-us_image_0000001163949251.png b/umn/source/_static/images/en-us_image_0000001163949251.png index c3db78d..fea0605 100644 Binary files a/umn/source/_static/images/en-us_image_0000001163949251.png and b/umn/source/_static/images/en-us_image_0000001163949251.png differ diff --git a/umn/source/_static/images/en-us_image_0000001197426329.png b/umn/source/_static/images/en-us_image_0000001197426329.png index eacf181..9863441 100644 Binary files a/umn/source/_static/images/en-us_image_0000001197426329.png and b/umn/source/_static/images/en-us_image_0000001197426329.png differ diff --git a/umn/source/_static/images/en-us_image_0000001206933138.png b/umn/source/_static/images/en-us_image_0000001206933138.png deleted file mode 100644 index 452d4e6..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001206933138.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001207093220.png b/umn/source/_static/images/en-us_image_0000001207093220.png deleted file mode 100644 index a26a279..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001207093220.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001207253746.png b/umn/source/_static/images/en-us_image_0000001207253746.png deleted file mode 100644 index a26a279..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001207253746.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001207699446.png b/umn/source/_static/images/en-us_image_0000001207699446.png new file mode 100644 index 0000000..330e142 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001207699446.png differ diff --git a/umn/source/_static/images/en-us_image_0000001207827554.png b/umn/source/_static/images/en-us_image_0000001207827554.png new file mode 100644 index 0000000..b6dac48 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001207827554.png differ diff --git a/umn/source/_static/images/en-us_image_0000001208260576.png b/umn/source/_static/images/en-us_image_0000001208260576.png new file mode 100644 index 0000000..a406797 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001208260576.png differ diff --git a/umn/source/_static/images/en-us_image_0000001209321492.png b/umn/source/_static/images/en-us_image_0000001209321492.png new file mode 100644 index 0000000..76b3419 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001209321492.png differ diff --git a/umn/source/_static/images/en-us_image_0000001209442636.png b/umn/source/_static/images/en-us_image_0000001209442636.png new file mode 100644 index 0000000..80dea80 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001209442636.png differ diff --git a/umn/source/_static/images/en-us_image_0000001209777270.png b/umn/source/_static/images/en-us_image_0000001209777270.png new file mode 100644 index 0000000..e6e9c70 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001209777270.png differ diff --git a/umn/source/_static/images/en-us_image_0000001211006359.png b/umn/source/_static/images/en-us_image_0000001211006359.png index ff5a995..66686f7 100644 Binary files a/umn/source/_static/images/en-us_image_0000001211006359.png and b/umn/source/_static/images/en-us_image_0000001211006359.png differ diff --git a/umn/source/_static/images/en-us_image_0000001211445065.png b/umn/source/_static/images/en-us_image_0000001211445065.png index 9d7396e..a86f5c5 100644 Binary files a/umn/source/_static/images/en-us_image_0000001211445065.png and b/umn/source/_static/images/en-us_image_0000001211445065.png differ diff --git a/umn/source/_static/images/en-us_image_0000001338933333.png b/umn/source/_static/images/en-us_image_0000001221790501.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001338933333.png rename to umn/source/_static/images/en-us_image_0000001221790501.png diff --git a/umn/source/_static/images/en-us_image_0185346582.png b/umn/source/_static/images/en-us_image_0000001221842468.png similarity index 100% rename from umn/source/_static/images/en-us_image_0185346582.png rename to umn/source/_static/images/en-us_image_0000001221842468.png diff --git a/umn/source/_static/images/en-us_image_0000001222749226.png b/umn/source/_static/images/en-us_image_0000001222749226.png deleted file mode 100644 index 806c94c..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001222749226.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001222749910.png b/umn/source/_static/images/en-us_image_0000001222749910.png deleted file mode 100644 index 806c94c..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001222749910.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001251773147.png b/umn/source/_static/images/en-us_image_0000001251773147.png deleted file mode 100644 index ef869a0..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001251773147.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001254335981.png b/umn/source/_static/images/en-us_image_0000001254335981.png new file mode 100644 index 0000000..06af510 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001254335981.png differ diff --git a/umn/source/_static/images/en-us_image_0000001286573614.png b/umn/source/_static/images/en-us_image_0000001286573614.png deleted file mode 100644 index eb1ae9b..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001286573614.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001337710801.png b/umn/source/_static/images/en-us_image_0000001337710801.png new file mode 100644 index 0000000..c5bd875 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001337710801.png differ diff --git a/umn/source/_static/images/en-us_image_0000001454059512.png b/umn/source/_static/images/en-us_image_0000001454059512.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001454059512.png differ diff --git a/umn/source/_static/images/en-us_image_0000001461263993.png b/umn/source/_static/images/en-us_image_0000001461263993.png new file mode 100644 index 0000000..6fe7324 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001461263993.png differ diff --git a/umn/source/_static/images/en-us_image_0000001462622484.png b/umn/source/_static/images/en-us_image_0000001462622484.png new file mode 100644 index 0000000..abe732d Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001462622484.png differ diff --git a/umn/source/_static/images/en-us_image_0000001464757610.png b/umn/source/_static/images/en-us_image_0000001464757610.png new file mode 100644 index 0000000..b87d186 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001464757610.png differ diff --git a/umn/source/_static/images/en-us_image_0000001465124712.png b/umn/source/_static/images/en-us_image_0000001465124712.png new file mode 100644 index 0000000..f7e88dd Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001465124712.png differ diff --git a/umn/source/_static/images/en-us_image_0000001490118666.png b/umn/source/_static/images/en-us_image_0000001490118666.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001490118666.png differ diff --git a/umn/source/_static/images/en-us_image_0000001500905066.png b/umn/source/_static/images/en-us_image_0000001500905066.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001500905066.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503011070.png b/umn/source/_static/images/en-us_image_0000001503011070.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503011070.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503011074.png b/umn/source/_static/images/en-us_image_0000001503011074.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503011074.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503159042.png b/umn/source/_static/images/en-us_image_0000001503159042.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503159042.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503170970.png b/umn/source/_static/images/en-us_image_0000001503170970.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503170970.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503170974.png b/umn/source/_static/images/en-us_image_0000001503170974.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503170974.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503318922.png b/umn/source/_static/images/en-us_image_0000001503318922.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503318922.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503330854.png b/umn/source/_static/images/en-us_image_0000001503330854.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503330854.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503330858.png b/umn/source/_static/images/en-us_image_0000001503330858.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503330858.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503478818.png b/umn/source/_static/images/en-us_image_0000001503478818.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503478818.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503490746.png b/umn/source/_static/images/en-us_image_0000001503490746.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503490746.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503490750.png b/umn/source/_static/images/en-us_image_0000001503490750.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503490750.png differ diff --git a/umn/source/_static/images/en-us_image_0000001512591549.png b/umn/source/_static/images/en-us_image_0000001512591549.png new file mode 100644 index 0000000..d053a78 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001512591549.png differ diff --git a/umn/source/_static/images/en-us_image_0000001512701025.png b/umn/source/_static/images/en-us_image_0000001512701025.png new file mode 100644 index 0000000..d7660b6 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001512701025.png differ diff --git a/umn/source/_static/images/en-us_image_0000001512876289.png b/umn/source/_static/images/en-us_image_0000001512876289.png new file mode 100644 index 0000000..4fd5650 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001512876289.png differ diff --git a/umn/source/_static/images/en-us_image_0226223279.png b/umn/source/_static/images/en-us_image_0000001515644737.png similarity index 100% rename from umn/source/_static/images/en-us_image_0226223279.png rename to umn/source/_static/images/en-us_image_0000001515644737.png diff --git a/umn/source/_static/images/en-us_image_0000001520717193.png b/umn/source/_static/images/en-us_image_0000001520717193.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001520717193.png differ diff --git a/umn/source/_static/images/en-us_image_0000001521533677.png b/umn/source/_static/images/en-us_image_0000001521533677.png new file mode 100644 index 0000000..dc1fd24 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001521533677.png differ diff --git a/umn/source/_static/images/en-us_image_0000001540725521.png b/umn/source/_static/images/en-us_image_0000001540725521.png new file mode 100644 index 0000000..2f6a7cf Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001540725521.png differ diff --git a/umn/source/_static/images/en-us_image_0000001540846821.png b/umn/source/_static/images/en-us_image_0000001540846821.png new file mode 100644 index 0000000..5912989 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001540846821.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553650753.png b/umn/source/_static/images/en-us_image_0000001553650753.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553650753.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553650757.png b/umn/source/_static/images/en-us_image_0000001553650757.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553650757.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553770733.png b/umn/source/_static/images/en-us_image_0000001553770733.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553770733.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553770737.png b/umn/source/_static/images/en-us_image_0000001553770737.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553770737.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553930581.png b/umn/source/_static/images/en-us_image_0000001553930581.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553930581.png differ diff --git a/umn/source/_static/images/en-us_image_0000001554010645.png b/umn/source/_static/images/en-us_image_0000001554010645.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001554010645.png differ diff --git a/umn/source/_static/images/en-us_image_0000001554010649.png b/umn/source/_static/images/en-us_image_0000001554010649.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001554010649.png differ diff --git a/umn/source/_static/images/en-us_image_0000001570070841.png b/umn/source/_static/images/en-us_image_0000001570070841.png new file mode 100644 index 0000000..6fe740f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001570070841.png differ diff --git a/umn/source/_static/images/en-us_image_0000001602035305.png b/umn/source/_static/images/en-us_image_0000001602035305.png new file mode 100644 index 0000000..a235a33 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001602035305.png differ diff --git a/umn/source/_static/images/en-us_image_0118498947.png b/umn/source/_static/images/en-us_image_0118498947.png deleted file mode 100644 index 863c101..0000000 Binary files a/umn/source/_static/images/en-us_image_0118498947.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0152238989.png b/umn/source/_static/images/en-us_image_0152238989.png deleted file mode 100644 index 1efaac3..0000000 Binary files a/umn/source/_static/images/en-us_image_0152238989.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0157880395.png b/umn/source/_static/images/en-us_image_0157880395.png new file mode 100644 index 0000000..32461aa Binary files /dev/null and b/umn/source/_static/images/en-us_image_0157880395.png differ diff --git a/umn/source/_static/images/en-us_image_0162335561.png b/umn/source/_static/images/en-us_image_0162335561.png deleted file mode 100644 index fb27912..0000000 Binary files a/umn/source/_static/images/en-us_image_0162335561.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0162335565.png b/umn/source/_static/images/en-us_image_0162335565.png deleted file mode 100644 index fc5a60b..0000000 Binary files a/umn/source/_static/images/en-us_image_0162335565.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0162391187.png b/umn/source/_static/images/en-us_image_0162391187.png deleted file mode 100644 index 7a75567..0000000 Binary files a/umn/source/_static/images/en-us_image_0162391187.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0167573711.png b/umn/source/_static/images/en-us_image_0167573711.png deleted file mode 100644 index 113f966..0000000 Binary files a/umn/source/_static/images/en-us_image_0167573711.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0171311823.png b/umn/source/_static/images/en-us_image_0171311823.png new file mode 100644 index 0000000..aa2b287 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0171311823.png differ diff --git a/umn/source/_static/images/en-us_image_0173155793.png b/umn/source/_static/images/en-us_image_0173155793.png deleted file mode 100644 index 20a33ec..0000000 Binary files a/umn/source/_static/images/en-us_image_0173155793.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0173155804.png b/umn/source/_static/images/en-us_image_0173155804.png deleted file mode 100644 index 64883ba..0000000 Binary files a/umn/source/_static/images/en-us_image_0173155804.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0173155870.png b/umn/source/_static/images/en-us_image_0173155870.png deleted file mode 100644 index 5210081..0000000 Binary files a/umn/source/_static/images/en-us_image_0173155870.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0191577030.png b/umn/source/_static/images/en-us_image_0191577030.png index 0b7d9f0..be53b29 100644 Binary files a/umn/source/_static/images/en-us_image_0191577030.png and b/umn/source/_static/images/en-us_image_0191577030.png differ diff --git a/umn/source/_static/images/en-us_image_0191594527.png b/umn/source/_static/images/en-us_image_0191594527.png index 5ed929e..b1af5d2 100644 Binary files a/umn/source/_static/images/en-us_image_0191594527.png and b/umn/source/_static/images/en-us_image_0191594527.png differ diff --git a/umn/source/_static/images/en-us_image_0194358487.png b/umn/source/_static/images/en-us_image_0194358487.png deleted file mode 100644 index 381bf7e..0000000 Binary files a/umn/source/_static/images/en-us_image_0194358487.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0194358495.png b/umn/source/_static/images/en-us_image_0194358495.png deleted file mode 100644 index 0fbd7a2..0000000 Binary files a/umn/source/_static/images/en-us_image_0194358495.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0194358504.png b/umn/source/_static/images/en-us_image_0194358504.png deleted file mode 100644 index db13c4f..0000000 Binary files a/umn/source/_static/images/en-us_image_0194358504.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0209273220.png b/umn/source/_static/images/en-us_image_0209273220.png deleted file mode 100644 index 5442e65..0000000 Binary files a/umn/source/_static/images/en-us_image_0209273220.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0209577986.png b/umn/source/_static/images/en-us_image_0209577986.png new file mode 100644 index 0000000..1a3ab09 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0209577986.png differ diff --git a/umn/source/_static/images/en-us_image_0211552164.png b/umn/source/_static/images/en-us_image_0211552164.png index 64d89e2..14fd3fc 100644 Binary files a/umn/source/_static/images/en-us_image_0211552164.png and b/umn/source/_static/images/en-us_image_0211552164.png differ diff --git a/umn/source/_static/images/en-us_image_0211560998.png b/umn/source/_static/images/en-us_image_0211560998.png index 5932315..413c588 100644 Binary files a/umn/source/_static/images/en-us_image_0211560998.png and b/umn/source/_static/images/en-us_image_0211560998.png differ diff --git a/umn/source/_static/images/en-us_image_0214585306.png b/umn/source/_static/images/en-us_image_0214585306.png new file mode 100644 index 0000000..e0684de Binary files /dev/null and b/umn/source/_static/images/en-us_image_0214585306.png differ diff --git a/umn/source/_static/images/en-us_image_0214585307.png b/umn/source/_static/images/en-us_image_0214585307.png new file mode 100644 index 0000000..f5a39cd Binary files /dev/null and b/umn/source/_static/images/en-us_image_0214585307.png differ diff --git a/umn/source/_static/images/en-us_image_0118498992.png b/umn/source/_static/images/en-us_image_0214585308.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118498992.png rename to umn/source/_static/images/en-us_image_0214585308.png diff --git a/umn/source/_static/images/en-us_image_0118499109.png b/umn/source/_static/images/en-us_image_0214585309.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118499109.png rename to umn/source/_static/images/en-us_image_0214585309.png diff --git a/umn/source/_static/images/en-us_image_0163203842.png b/umn/source/_static/images/en-us_image_0214585341.png similarity index 100% rename from umn/source/_static/images/en-us_image_0163203842.png rename to umn/source/_static/images/en-us_image_0214585341.png diff --git a/umn/source/_static/images/en-us_image_0226222517.png b/umn/source/_static/images/en-us_image_0226222517.png deleted file mode 100644 index 3322328..0000000 Binary files a/umn/source/_static/images/en-us_image_0226222517.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226788663.png b/umn/source/_static/images/en-us_image_0226788663.png deleted file mode 100644 index a26a279..0000000 Binary files a/umn/source/_static/images/en-us_image_0226788663.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820247.png b/umn/source/_static/images/en-us_image_0226820247.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820247.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820250.png b/umn/source/_static/images/en-us_image_0226820250.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820250.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820252.png b/umn/source/_static/images/en-us_image_0226820252.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820252.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820452.png b/umn/source/_static/images/en-us_image_0226820452.png deleted file mode 100644 index 7a75567..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820452.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820455.png b/umn/source/_static/images/en-us_image_0226820455.png deleted file mode 100644 index 504d761..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820455.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820459.png b/umn/source/_static/images/en-us_image_0226820459.png deleted file mode 100644 index 504d761..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820459.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226820796.png b/umn/source/_static/images/en-us_image_0226820796.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226820796.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829583.png b/umn/source/_static/images/en-us_image_0226829583.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829583.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829586.png b/umn/source/_static/images/en-us_image_0226829586.png deleted file mode 100644 index 34aac26..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829586.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829587.png b/umn/source/_static/images/en-us_image_0226829587.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829587.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829589.png b/umn/source/_static/images/en-us_image_0226829589.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829589.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829591.png b/umn/source/_static/images/en-us_image_0226829591.png deleted file mode 100644 index 1909444..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829591.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0226829595.png b/umn/source/_static/images/en-us_image_0226829595.png deleted file mode 100644 index 6120e8e..0000000 Binary files a/umn/source/_static/images/en-us_image_0226829595.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0233469196.png b/umn/source/_static/images/en-us_image_0233469196.png new file mode 100644 index 0000000..a844ced Binary files /dev/null and b/umn/source/_static/images/en-us_image_0233469196.png differ diff --git a/umn/source/_static/images/en-us_image_0274115599.png b/umn/source/_static/images/en-us_image_0274115599.png new file mode 100644 index 0000000..2d2d02f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0274115599.png differ diff --git a/umn/source/_static/images/en-us_image_0284920908.png b/umn/source/_static/images/en-us_image_0284920908.png index 6ada97c..d46c18d 100644 Binary files a/umn/source/_static/images/en-us_image_0284920908.png and b/umn/source/_static/images/en-us_image_0284920908.png differ diff --git a/umn/source/_static/images/en-us_image_0284993717.png b/umn/source/_static/images/en-us_image_0284993717.png index f4b88a2..5864755 100644 Binary files a/umn/source/_static/images/en-us_image_0284993717.png and b/umn/source/_static/images/en-us_image_0284993717.png differ diff --git a/umn/source/_static/images/en-us_image_0285048674.png b/umn/source/_static/images/en-us_image_0285048674.png index 2d9597b..63e5249 100644 Binary files a/umn/source/_static/images/en-us_image_0285048674.png and b/umn/source/_static/images/en-us_image_0285048674.png differ diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 2777dde..ad6b13c 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -5,293 +5,587 @@ Change History ============== -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Release Date | What's New | -+===================================+==================================================================================================================================================================================================================================================================================================================================================+ -| 2022-06-25 | Added the following content: | -| | | -| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` (:ref:`Unbinding an EIP from an ECS and Releasing the EIP `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-02-15 | Added the following content: | -| | | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `) and :ref:`Adding EIPs to a Shared Bandwidth ` (:ref:`Adding EIPs to a Shared Bandwidth `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-12-15 | Modified the following content: | -| | | -| | - Added description about how to switch between the old and new console editions in :ref:`Document Usage Instructions `. | -| | - Added :ref:`Operation Guide (New Console Edition) ` and :ref:`Operation Guide (Old Console Edition) `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-08-25 | Modified the following content: | -| | | -| | Deleted the content related to the IP address group. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-06-18 | Modified the following content: | -| | | -| | - Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Updated screenshots in :ref:`Assigning a Shared Bandwidth ` (:ref:`Assigning a Shared Bandwidth `) and :ref:`Modifying a Shared Bandwidth ` (:ref:`Modifying a Shared Bandwidth `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-25 | Added the following content: | -| | | -| | - Added section :ref:`Shared Bandwidth `. | -| | | -| | Modified the following content: | -| | | -| | - Modified the steps in section :ref:`EIP `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-12 | Added the following content: | -| | | -| | Added description that VPC flow logs support S2 ECSs in section :ref:`VPC Flow Log `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-01-08 | Added the following content: | -| | | -| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | -| | - Added section :ref:`Region and AZ `. | -| | - Added the example of allowing external access to a specified port in the section :ref:`Security Group Configuration Examples `. | -| | | -| | Modified the following content: | -| | | -| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | -| | | -| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | -| | - Optimized figure examples in this document. | -| | - Optimized descriptions in section :ref:`Firewall Configuration Examples `. | -| | - Optimized descriptions in section :ref:`Default Firewall Rules `. | -| | - Changed the position of section :ref:`Security `. | -| | - Optimized :ref:`What Is a Quota? `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted section "Deleting a VPN". | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-09-10 | Added the following content: | -| | | -| | - Added section :ref:`VPC Flow Log `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in section :ref:`Basic Concepts `. | -| | - Deleted the FAQs related to VPN in section :ref:`FAQs `. | -| | | -| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in section :ref:`Getting Started `. | -| | | -| | Modified the following content: | -| | | -| | - Optimized section :ref:`Service Overview ` and added the product advantage description to section :ref:`What Is Virtual Private Cloud? `. | -| | - Added section :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | -| | - Modified the description about how to switch to the **EIPs** page in section :ref:`EIP `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-23 | Added the following content: | -| | | -| | - Added the description about batch subnet creation in section :ref:`VPC and Subnet `. | -| | - Added precautions about disabling a firewall in section :ref:`Enabling or Disabling a Firewall `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-22 | Added the following content: | -| | | -| | - Added the **Assign EIP** screenshot in section :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-15 | Added the following content: | -| | | -| | - Added the Anti-DDoS service restriction in section :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? `. | -| | - Added section :ref:`Modifying a Security Group `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-11 | Deleted the following content: | -| | | -| | - Deleted the console screenshot from section :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-31 | Accepted in OTC-4.0. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-30 | Modified the following content: | -| | | -| | - Modified the table listing the parameters for creating a VPC in section :ref:`VPC and Subnet `. | -| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | -| | - Added the link to the default security group rule introduction in section :ref:`Adding a Security Group Rule `. | -| | - Modified the format of the exported file to Excel in sections :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | -| | - Changed the number of characters allowed for the **Description** field to **255** in section :ref:`Creating a Firewall `. | -| | - Modified the steps in section :ref:`Managing EIP Tags `. | -| | - Added the **Monitoring Period** column to the table listing metrics in section :ref:`Supported Metrics `. | -| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in section :ref:`What Is the Bandwidth Size Range? `. | -| | - Modified the table listing subnet parameters in section :ref:`Modifying a Subnet `. | -| | - Updated the security group description in section :ref:`Security Group `. | -| | - Updated the VPC peering connection description in section :ref:`VPC Peering Connection `. | -| | - Updated the firewall description in section :ref:`Firewall `. | -| | - Updated the console screenshots in section :ref:`Adding a Firewall Rule `. | -| | - Updated the console screenshots in section :ref:`Modifying a Firewall Rule `. | -| | | -| | Added the following content: | -| | | -| | - Added section :ref:`Security Group Configuration Examples `. | -| | - Added section :ref:`Route Table Overview `. | -| | - Added section :ref:`Modifying an EIP Bandwidth `. | -| | - Added description about disassociating and releasing multiple EIPs at a time in section :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted description about the transitive peering relationships from section :ref:`Are There Any Constraints on Using VPC Peering Connections? `. | -| | - Deleted section **Viewing Routes Configured for a VPC Peering Connection in the VPC Peering Route Table**. | -| | - Deleted section **Deleting a Route from the VPC Peering Route Table**. | -| | - Deleted description about the **Reject** action from section :ref:`Adding a Firewall Rule `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-12-30 | Modified the following content: | -| | | -| | - Modified the description about how to switch to the security group and firewall pages based on the changes made on the management console. | -| | | -| | Added the following content: | -| | | -| | - Added section **Firewall** **Overview**. | -| | - Added section **Firewall** **Configuration Examples**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-11-30 | Added the following content: | -| | | -| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | -| | | -| | Modified the following content: | -| | | -| | - Updated the document based on changes made to the firewall console pages. | -| | | -| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | -| | - Changed parameter **Any** to **All**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-06 | Modified the following content: | -| | | -| | - Modified the content and changed some screenshots in the document based on the latest management console. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-08-30 | This release incorporates the following change: | -| | | -| | - Added section **Adding Instances to and Removing Them from a Security Group**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-07-30 | This release incorporates the following changes: | -| | | -| | - Optimized the sections related to security groups: | -| | | -| | - Added section **Replicating a Security Group Rule**. | -| | - Added section **Modifying a Security Group Rule**. | -| | - Modified section **Deleting a Security Group Rule** and added description about how to delete multiple security group rules at a time. | -| | - Added section **Importing and Exporting Security Group Rules**. | -| | | -| | - Modified the VPN sections. The details are as follows: | -| | | -| | - Modified the step for switching to the VPN console. | -| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | -| | - Deleted section **VPN Best Practice**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-30 | This release incorporates the following changes: | -| | | -| | - Optimized sections under **Product Introduction**. | -| | - Optimized sections under **Security Group**. | -| | | -| | - Optimized section **Security Group Overview**. | -| | | -| | - Optimized section **Default Security Groups and Security Group Rules**. | -| | - Optimized section **Creating a Security Group**. | -| | - Optimized section **Adding a Security Group Rule**. | -| | - Optimized section **Fast-Adding Security Group Rules**. | -| | - Added security group configuration examples. | -| | - Added section **Viewing the Security Group of an ECS**. | -| | - Added section **Changing the Security Group of an ECS**. | -| | | -| | - Categorized FAQs. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-11 | This release incorporates the following changes: | -| | | -| | - Added section **Monitoring**. | -| | - Modified tag description. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-05-23 | Accepted in OTC 3.1. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-04-28 | This release incorporates the following changes: | -| | | -| | - Added description about VPN tagging. | -| | - Added the IPv6 address description. | -| | - Added section **Exporting VPC Information**. | -| | - Modified the bandwidth range. | -| | - Modified the VPN modification snapshot. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-03-30 | This release incorporates the following change: | -| | | -| | Deleted the IPv6 address description. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-02-28 | This release incorporates the following change: | -| | | -| | Added the description that the security group description can contain a maximum of 128 characters. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-01-30 | This release incorporates the following changes: | -| | | -| | - Added description about the function of unbinding and releasing EIPs in batches. | -| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | -| | - Added the description that the security group description can contain a maximum of 64 characters. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-11-30 | This release incorporates the following changes: | -| | | -| | - Updated screenshots and steps based on the latest management console pages. | -| | - Added description to indicate that subnets can be created without specifying the AZ. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-10-30 | This release incorporates the following changes: | -| | | -| | - Added description about the fast security group rule adding function. | -| | - Added ECS security group configuration examples. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-09-30 | This release incorporates the following changes: | -| | | -| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | -| | - Modified description in sections **Adding a Security Group Rule** and **Deleting a Security Group Rule** based on changes made to the network console. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-08-30 | This release incorporates the following changes: | -| | | -| | - Added section **Managing Subnet Tags**. | -| | - Added description about the VPC, subnet, and EIP tags. | -| | - Added section **Security Group Overview**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-07-30 | This release incorporates the following changes: | -| | | -| | - Added description about how to enable shared SNAT on the management console. | -| | - Added section **Managing VPC Tags**. | -| | - Added section **Managing EIP Tags**. | -| | - Changed the number of routes allowed in a route table by default to **100**. | -| | - Updated procedures in sections **VPC and Subnet** and **Custom Route** based on changes made to the network console. | -| | - Added description about the multi-project feature. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-06-30 | This release incorporates the following change: | -| | | -| | - Added description about the virtual IP address feature. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-05-30 | This release incorporates the following change: | -| | | -| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-04-28 | This release incorporates the following change: | -| | | -| | - Added description about how to add DNS server addresses during subnet information modification. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-03-30 | This release incorporates the following changes: | -| | | -| | - Added description about the firewall function. | -| | - Added description about the shared SNAT function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-28 | This release incorporates the following change: | -| | | -| | - Deleted description about the button for disabling the DHCP function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-24 | This release incorporates the following change: | -| | | -| | - Added description about the VPC peering function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-01-12 | This release incorporates the following change: | -| | | -| | - Added description about the custom route table function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-10-19 | This release incorporates the following change: | -| | | -| | - Updated the Help Center URL of the VPN service. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-07-15 | This release incorporates the following changes: | -| | | -| | - Modified the VPN authentication algorithm. | -| | - Optimized the traffic metering function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-03-14 | This issue is the first official release. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Released On | Description | ++===================================+====================================================================================================================================================================================================================================================================================================================================+ +| 2023-05-26 | This release incorporates the following changes: | +| | | +| | Added the following section: | +| | | +| | Added information about cloning a security group in :ref:`Cloning a Security Group `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-05-17 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified the procedure for viewing monitoring metrics in :ref:`Viewing Metrics `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-04-28 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified the links of sections "Binding an EIP" and "Unbinding an EIP" in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-04-20 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | - Added description that BMS user-defined network is available only in eu-de. | +| | - Added the step for viewing NIC details to :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-02-15 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified links in :ref:`What Is Virtual Private Cloud? ` and :ref:`Can I Bind an EIP to Multiple ECSs? `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-01-10 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified steps in :ref:`Subnet ` and :ref:`Elastic IP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-12-12 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Added description that EIPs of the Dedicated Load Balancer (5_gray) type cannot be created in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Can I Bind an EIP to Multiple ECSs? `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-11-15 | This release incorporates the following changes: | +| | | +| | Added support for binding and unbinding EIPs of the Dedicated Load Balancer (5_gray) type using APIs in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-10-20 | Modified the following content: | +| | | +| | Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-09-07 | Added the following content: | +| | | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-06-25 | Added the following content: | +| | | +| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-02-15 | Added the following content: | +| | | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Adding EIPs to a Shared Bandwidth `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-08-25 | Modified the following content: | +| | | +| | Deleted content about IP address groups. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-06-18 | Modified the following content: | +| | | +| | Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-05-10 | Added the following content: | +| | | +| | Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-05-08 | Added the following content: | +| | | +| | - Added description about the default reverse domain name of an EIP in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about modifying a dedicated bandwidth or shared bandwidth in :ref:`Modifying an EIP Bandwidth `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-03-16 | Added the following FAQ: | +| | | +| | - :ref:`What Bandwidth Types Are Available? ` | +| | - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-12-16 | This release incorporates the following changes: | +| | | +| | - Deleted the restriction on the number of ECS NICs for SNAT in :ref:`Are There Any Restrictions on Using a Route Table? ` | +| | - Added the procedure for binding a virtual IP address to an ECS in :ref:`Binding a Virtual IP Address to an EIP or ECS `. | +| | - Added description about enabling ports 465 and 587 for Mail BGP EIPs in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Modified or added content in **Notes and Constraints**. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-07-28 | Modified the following content: | +| | | +| | Changed the maximum number of tags that can be added to 20 in :ref:`Managing VPC Tags ` and :ref:`Managing Subnet Tags `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-05-30 | Added the following content: | +| | | +| | Added basic information to :ref:`Security Group Overview ` and :ref:`Firewall Overview `. | +| | | +| | Modified the following content: | +| | | +| | - Added rules in :ref:`Firewall Configuration Examples `. | +| | - Modified :ref:`Does a Security Group Rule or a Firewall Rule Immediately Take Effect for Existing Connections After It Is Modified? ` | +| | - Modified :ref:`Why Can't I Delete My VPCs and Subnets? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-25 | Added the following content: | +| | | +| | - Added :ref:`Shared Bandwidth `. | +| | | +| | Modified the following content: | +| | | +| | - Modified steps in :ref:`Elastic IP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-12 | Added the following content: | +| | | +| | Added description that VPC flow logs support S2 ECSs in :ref:`VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-01-08 | Added the following content: | +| | | +| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | +| | - Added :ref:`Region and AZ `. | +| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | +| | | +| | Modified the following content: | +| | | +| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | +| | | +| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | +| | - Optimized figure examples in this document. | +| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | +| | - Optimized descriptions in :ref:`Firewall Overview `. | +| | - Changed the position of :ref:`Security `. | +| | - Optimized :ref:`What Is a Quota? ` | +| | | +| | Deleted the following content: | +| | | +| | - Deleted section "Deleting a VPN". | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-03-06 | Modified the following content: | +| | | +| | - Modified the steps in :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Elastic IP `, and :ref:`Shared Bandwidth `. | +| | - Updated screenshots in :ref:`Modifying a Shared Bandwidth `. | +| | - Updated screenshots and parameter description in :ref:`Creating a Subnet for the VPC `. | +| | - Modified steps in :ref:`Assigning a Virtual IP Address `, :ref:`Binding a Virtual IP Address to an EIP or ECS `, and :ref:`Releasing a Virtual IP Address `. | +| | - Updated screenshots in :ref:`VPC Peering Connection `. | +| | - Modified description in :ref:`How Many Routes Can a Route Table Contain? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-12-13 | Added the following content: | +| | | +| | - Added restrictions on ports and port ranges in :ref:`Security Group Overview `. | +| | - Added description about IP address groups in :ref:`Importing and Exporting Security Group Rules `. | +| | - Added impacts caused by IP address group modification or deletion in "Managing an IP Address Group". | +| | | +| | Modified the following content: | +| | | +| | - Modified description and value examples of the port and source in :ref:`Step 4: Add a Security Group Rule ` and :ref:`Adding a Security Group Rule `. | +| | - Optimized note description in :ref:`Importing and Exporting Security Group Rules `. | +| | - Changed firewall to firewalls in :ref:`Creating a Firewall `. | +| | - Optimized description about the scenario in :ref:`Changing the Sequence of a Firewall Rule `. | +| | - Optimized description about the scenario in :ref:`Creating an Alarm Rule `. | +| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | +| | - Optimized figure examples in this document. | +| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | +| | - Optimized descriptions in :ref:`Firewall Overview `. | +| | - Changed the position of :ref:`Security `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted section "Deleting a VPN". | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-11-29 | Added the following content: | +| | | +| | - Added section "IP Address Group". | +| | - Added port format and IP address group when configuring security group rules in :ref:`Adding a Security Group Rule `. | +| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | +| | - Added :ref:`Region and AZ `. | +| | | +| | Modified the following content: | +| | | +| | Optimized :ref:`What Is a Quota? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-11-05 | Modified the following content: | +| | | +| | Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-30 | Added the following content: | +| | | +| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | +| | - Added description that EIP type cannot be changed in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-23 | Modified the following content: | +| | | +| | Optimized description about **NTP Server Address** in :ref:`Modifying a Subnet `. | +| | | +| | Added the following content: | +| | | +| | Added descriptions about route types in :ref:`Route Table `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-16 | Added the following content: | +| | | +| | Added :ref:`Exporting Route Table Information `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-09 | Added the following content: | +| | | +| | - Added parameters **Type** and **Bandwidth Type** to :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about how to replicate multiple routes in :ref:`Replicating a Route `. | +| | - Added the description about **Next Hop Type** in :ref:`Adding a Custom Route `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet `. | +| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | +| | - Modified descriptions about system routes and custom routes in :ref:`Route Table Overview `. | +| | - Modified description about usage restrictions in :ref:`Route Table Overview `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted parameter **Enterprise Project** from the document. | +| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-02 | Added the following content based on the RM-584 requirements: | +| | | +| | - Added subnet parameter description in :ref:`Modifying a Subnet `. | +| | | +| | Modified the following content based on the RM-584 requirements: | +| | | +| | - Added prerequisites in :ref:`Releasing a Virtual IP Address `. | +| | - Optimized description about scenarios and prerequisites in :ref:`Deleting a Subnet `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-07-22 | Added the following content: | +| | | +| | Added :ref:`Enabling or Disabling VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-06-04 | Optimized the description in the following sections: | +| | | +| | - :ref:`What Is an EIP? ` | +| | - :ref:`Step 2: Create a Subnet for the VPC ` | +| | - :ref:`Creating a Subnet for the VPC ` | +| | - :ref:`Route Table ` | +| | - :ref:`Virtual IP Address ` | +| | - :ref:`Virtual IP Address Overview ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-31 | Modified the following sections related to subnets and route tables based on the RM-584 requirements: | +| | | +| | - :ref:`Route Table ` | +| | - :ref:`Modifying a VPC ` | +| | - :ref:`Creating a Subnet for the VPC ` | +| | - :ref:`Modifying a Subnet ` | +| | - :ref:`Managing Subnet Tags ` | +| | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | +| | - :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` | +| | - :ref:`Viewing Routes Configured for a VPC Peering Connection ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-29 | Added the following content: | +| | | +| | - Added a note in :ref:`Deleting a VPC Flow Log `. | +| | - Added a note about changing the NTP server address in :ref:`Modifying a Subnet `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-24 | Modified the following content: | +| | | +| | - Deleted description about DHCP in :ref:`What Is Virtual Private Cloud? `. | +| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | +| | - Optimized :ref:`Elastic IP `. | +| | - Updated the description and screenshot in :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` and :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` based on the latest management console page. | +| | - Updated sections :ref:`VPC Flow Log Overview ` and :ref:`Creating a VPC Flow Log `. | +| | | +| | Added the following content: | +| | | +| | - Added description about **Advanced Settings** and updated screenshots in :ref:`Creating a VPC ` and :ref:`Creating a Subnet for the VPC `. | +| | - Added "Obtaining the Peer VPC ID" in :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. | +| | - Added two precautions in :ref:`Virtual IP Address Overview `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-28 | Modified the following content: | +| | | +| | - Modified the incorrect word spelling in :ref:`Viewing a VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-25 | Added the following content: | +| | | +| | - Added a note in :ref:`Creating a VPC Flow Log `. | +| | - Added the description about no VPC flow log records in :ref:`Viewing a VPC Flow Log `. | +| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | +| | | +| | Modified the following content: | +| | | +| | - Modified description information about **Enterprise Project**. | +| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | +| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | +| | - Modified the description about how to switch to the **Shared Bandwidths** page in :ref:`Shared Bandwidth `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted "What Is a Security Group?", "Which Protocols Does a Security Group Support?", "What Are the Functions of the Default Security Group Rule?", and "How Can I Configure Security Group Rules?" in :ref:`FAQ `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-17 | Accepted in OTC-4.0/Agile-04.2019. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-12 | Modified the following content: | +| | | +| | - Modified the description for **DNS Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | +| | | +| | Added the following content: | +| | | +| | - Added the note about **Resource** in :ref:`Creating a VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-10 | Modified the following content: | +| | | +| | - Added the description about **log-status** in :ref:`Viewing a VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-30 | Added the following content: | +| | | +| | - Added the **Enterprise Project** parameter in :ref:`Creating a VPC `, :ref:`Creating a Security Group `, and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added :ref:`Shared Bandwidth `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | +| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | +| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | +| | | +| | Modified the following content: | +| | | +| | - Updated console screenshots. | +| | - Optimized the description in section "Security Group Configuration Examples". | +| | - Added the support for S2 ECSs in :ref:`VPC Flow Log Overview `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-18 | Modified the following content: | +| | | +| | - Modified the example description in :ref:`Viewing a VPC Flow Log `. | +| | - Modified steps in :ref:`Creating a VPC Flow Log `. | +| | | +| | Added the following content: | +| | | +| | - Added use restrictions in :ref:`VPC Flow Log Overview `. | +| | - Updated the console screenshots in :ref:`Deleting a VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-01 | Added the following content: | +| | | +| | - Added :ref:`Document Usage Instructions `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-27 | Added the following content: | +| | | +| | - Added screenshots and examples in :ref:`Viewing a VPC Flow Log `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about the scenario in :ref:`Deleting a VPC Flow Log `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-25 | Added the following content: | +| | | +| | - Added :ref:`VPC Flow Log `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | +| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | +| | | +| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | +| | | +| | Modified the following content: | +| | | +| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | +| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | +| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-23 | Added the following content: | +| | | +| | - Added the description about batch subnet creation in :ref:`VPC and Subnet `. | +| | - Added precautions about disabling a firewall in :ref:`Enabling or Disabling a Firewall `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-22 | Added the following content: | +| | | +| | Added the **Assign EIP** screenshot in :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-15 | Added the following content: | +| | | +| | - Added the Anti-DDoS service restriction in :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` | +| | | +| | Added :ref:`Modifying a Security Group `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-11 | Deleted the following content: | +| | | +| | - Deleted the console screenshot from :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-31 | Accepted in OTC-4.0. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-30 | Modified the following content: | +| | | +| | - Modified the table listing the parameters for creating a VPC in :ref:`VPC and Subnet `. | +| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | +| | - Added the link to the default security group rule introduction in :ref:`Adding a Security Group Rule `. | +| | - Modified the format of the exported file to Excel in :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | +| | - Changed the number of characters allowed for the **Description** field to **255** in :ref:`Creating a Firewall `. | +| | - Modified steps in :ref:`Managing EIP Tags `. | +| | - Added the **Monitoring Period** column to the table listing metrics in :ref:`Supported Metrics `. | +| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in :ref:`What Is the Bandwidth Size Range? ` | +| | - Modified the table listing subnet parameters in :ref:`Modifying a Subnet `. | +| | - Updated the security group description in :ref:`Security Group `. | +| | - Updated the VPC peering connection description in :ref:`VPC Peering Connection `. | +| | - Updated firewall description in :ref:`Firewall `. | +| | - Updated console screenshots in :ref:`Adding a Firewall Rule `. | +| | - Updated console screenshots in :ref:`Modifying a Firewall Rule `. | +| | | +| | Added the following content: | +| | | +| | - Added :ref:`Security Group Configuration Examples `. | +| | - Added :ref:`Modifying an EIP Bandwidth `. | +| | - Added description about disassociating and releasing multiple EIPs at a time in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted description about the **Reject** action from :ref:`Adding a Firewall Rule `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-12-30 | Modified the following content: | +| | | +| | - Modified description about how to switch to the security group and firewall pages based on the changes made on the management console. | +| | | +| | Added the following content: | +| | | +| | - Added section **Firewall** **Overview**. | +| | - Added section **Firewall** **Configuration Examples**. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-11-30 | Added the following content: | +| | | +| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | +| | | +| | Modified the following content: | +| | | +| | - Updated the document based on changes made to the firewall console pages. | +| | | +| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | +| | - Changed parameter **Any** to **All**. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-06 | Modified the following content: | +| | | +| | - Modified the content and changed some screenshots in the document based on the latest management console. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-08-30 | This release incorporates the following change: | +| | | +| | - Added section "Adding Instances to and Removing Them from a Security Group". | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-07-30 | This release incorporates the following changes: | +| | | +| | - Modified sections related to security groups: | +| | | +| | - Added section "Replicating a Security Group Rule". | +| | - Added section "Modifying a Security Group Rule". | +| | - Modified section "Deleting a Security Group Rule" and added description about how to delete multiple security group rules at a time. | +| | - Added section "Importing and Exporting Security Group Rules". | +| | | +| | - Modified the VPN sections: | +| | | +| | - Modified the step for switching to the VPN console. | +| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | +| | - Deleted section "VPN Best Practice". | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-30 | This release incorporates the following changes: | +| | | +| | - Optimized sections under "Service Overview." | +| | - Optimized sections under "Security Group". | +| | | +| | - Optimized section "Security Group Overview". | +| | | +| | - Optimized section "Default Security Groups and Security Group Rules". | +| | - Optimized section "Creating a Security Group". | +| | - Optimized section "Adding a Security Group Rule". | +| | - Optimized section "Fast-Adding Security Group Rules". | +| | - Added security group configuration examples. | +| | - Added section "Viewing the Security Group of an ECS". | +| | - Added section "Changing the Security Group of an ECS". | +| | | +| | - Categorized FAQs. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-11 | This release incorporates the following changes: | +| | | +| | - Added section "Monitoring". | +| | - Modified tag description. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-05-23 | Accepted in OTC 3.1. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-04-28 | This release incorporates the following changes: | +| | | +| | - Added description about VPN tagging. | +| | - Added the IPv6 address description. | +| | - Added section "Exporting VPC Information". | +| | - Modified the bandwidth range. | +| | - Modified the VPN modification screenshots. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-03-30 | This release incorporates the following changes: | +| | | +| | Deleted the IPv6 address description. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-02-28 | This release incorporates the following changes: | +| | | +| | Added the description that the security group description can contain a maximum of 128 characters. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-01-30 | This release incorporates the following changes: | +| | | +| | - Added description about the function of unbinding and releasing EIPs in batches. | +| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | +| | - Added the description that the security group description can contain a maximum of 64 characters. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-11-30 | This release incorporates the following changes: | +| | | +| | - Updated screenshots and steps based on the latest management console. | +| | - Added description to indicate that subnets can be created without specifying the AZ. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-10-30 | This release incorporates the following changes: | +| | | +| | - Added description about the fast security group rule adding function. | +| | - Added ECS security group configuration examples. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-09-30 | This release incorporates the following changes: | +| | | +| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | +| | - Modified description in sections "Adding a Security Group Rule" and "Deleting a Security Group Rule" based on changes made to the network console. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-08-30 | This release incorporates the following changes: | +| | | +| | - Added section "Managing Subnet Tags". | +| | - Added description about the VPC, subnet, and EIP tags. | +| | - Added section "Security Group Overview". | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-07-30 | This release incorporates the following changes: | +| | | +| | - Added description about how to enable shared SNAT on the management console. | +| | - Added section "Managing VPC Tags". | +| | - Added section "Managing EIP Tags". | +| | - Changed the number of routes allowed in a route table by default to **100**. | +| | - Updated procedures in sections "VPC and Subnet" and "Custom Route" based on changes made to the network console. | +| | - Added description about the multi-project feature. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-06-30 | This release incorporates the following change: | +| | | +| | - Added description about the virtual IP address feature. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-05-30 | This release incorporates the following change: | +| | | +| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC?** | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-04-28 | This release incorporates the following change: | +| | | +| | - Added description about how to add DNS server addresses during subnet information modification. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-03-30 | This release incorporates the following change: | +| | | +| | - Added description about the firewall function. | +| | - Added description about the shared SNAT function. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-28 | This release incorporates the following change: | +| | | +| | - Deleted description about the button for disabling the DHCP function. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-24 | This release incorporates the following change: | +| | | +| | - Added description about the VPC peering function. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-01-12 | This release incorporates the following change: | +| | | +| | - Added description about the custom route table function. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-10-19 | This release incorporates the following change: | +| | | +| | - Updated the Help Center URL of the VPN service. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-07-15 | This release incorporates the following changes: | +| | | +| | - Modified the VPN authentication algorithm. | +| | - Optimized the traffic metering function. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-03-14 | This issue is the first official release. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/conf.py b/umn/source/conf.py index 203841c..76ccc61 100644 --- a/umn/source/conf.py +++ b/umn/source/conf.py @@ -18,7 +18,7 @@ import os import sys extensions = [ - 'otcdocstheme', + 'otcdocstheme' ] otcdocs_auto_name = False diff --git a/umn/source/operation_guide_new_console_edition/direct_connect.rst b/umn/source/direct_connect.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/direct_connect.rst rename to umn/source/direct_connect.rst diff --git a/umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst similarity index 53% rename from umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst rename to umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index 3e3d250..711e2f0 100644 --- a/umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -12,11 +12,17 @@ You can assign an EIP and bind it to an ECS so that the ECS can access the Inter .. note:: - EIPs for dedicated load balancers: + Note the following when you use EIPs of the Dedicated Load Balancer (**5_gray**) type: - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. + - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. + - Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see `Binding an EIP `__ and `Unbinding an EIP `__. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + - You are advised to bind BGP EIPs to or unbind them from dedicated load balancers. + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Assigning an EIP ---------------- @@ -25,7 +31,7 @@ Assigning an EIP #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. #. On the displayed page, click **Assign EIP**. @@ -39,28 +45,41 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Billed By | Two options are available: | Dedicated | + | | | | + | | - **Dedicated**: The bandwidth can be used by only one EIP. | | + | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Name | The EIP name. | eip-test | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Enterprise Project | The enterprise project that the EIP belongs to. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 3005eip | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Quantity | The number of EIPs you want to assign. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _en-us_topic_0013748738__en-us_topic_0118498850_table36606052153313: + .. _en-us_topic_0013748738__table36606052153313: .. table:: **Table 2** EIP tag requirements @@ -77,7 +96,7 @@ Assigning an EIP | | - Digits | | | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | + | Value | - Can contain a maximum of 43 characters. | 3005eip | | | - Can contain only the following character types: | | | | | | | | - Uppercase letters | | @@ -95,7 +114,7 @@ Binding an EIP #. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. -#. Select the instance to which you want to bind the EIP. +#. Select the instance that you want to bind the EIP to. .. figure:: /_static/images/en-us_image_0000001166028070.png @@ -105,7 +124,7 @@ Binding an EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` Follow-Up Procedure ------------------- @@ -119,3 +138,4 @@ You can use any of the following commands to obtain the domain name of an EIP: - dig -x *EIP* .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/elastic_ip/exporting_eip_information.rst b/umn/source/elastic_ip/exporting_eip_information.rst new file mode 100644 index 0000000..0c4d6a1 --- /dev/null +++ b/umn/source/elastic_ip/exporting_eip_information.rst @@ -0,0 +1,28 @@ +:original_name: eip_0003.html + +.. _eip_0003: + +Exporting EIP Information +========================= + +Scenarios +--------- + +The information of all EIPs under your account can be exported in an Excel file to a local directory. The file records the ID, status, type, bandwidth name, and bandwidth size of EIPs. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. + +#. On the displayed page, click |image3| in the upper right corner of the EIP list. + + The system will automatically export all EIPs in the current region of your account to an Excel file and download the file to a local directory. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image3| image:: /_static/images/en-us_image_0233469196.png diff --git a/umn/source/operation_guide_new_console_edition/eip/index.rst b/umn/source/elastic_ip/index.rst similarity index 84% rename from umn/source/operation_guide_new_console_edition/eip/index.rst rename to umn/source/elastic_ip/index.rst index 41e3858..1ab93e1 100644 --- a/umn/source/operation_guide_new_console_edition/eip/index.rst +++ b/umn/source/elastic_ip/index.rst @@ -2,13 +2,14 @@ .. _vpc_eip_0000: -EIP -=== +Elastic IP +========== - :ref:`Assigning an EIP and Binding It to an ECS ` - :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` -- :ref:`Managing EIP Tags ` - :ref:`Modifying an EIP Bandwidth ` +- :ref:`Exporting EIP Information ` +- :ref:`Managing EIP Tags ` .. toctree:: :maxdepth: 1 @@ -16,5 +17,6 @@ EIP assigning_an_eip_and_binding_it_to_an_ecs unbinding_an_eip_from_an_ecs_and_releasing_the_eip - managing_eip_tags modifying_an_eip_bandwidth + exporting_eip_information + managing_eip_tags diff --git a/umn/source/operation_guide_new_console_edition/eip/managing_eip_tags.rst b/umn/source/elastic_ip/managing_eip_tags.rst similarity index 84% rename from umn/source/operation_guide_new_console_edition/eip/managing_eip_tags.rst rename to umn/source/elastic_ip/managing_eip_tags.rst index c7a254c..5a9873e 100644 --- a/umn/source/operation_guide_new_console_edition/eip/managing_eip_tags.rst +++ b/umn/source/elastic_ip/managing_eip_tags.rst @@ -10,9 +10,9 @@ Scenarios Tags can be added to EIPs to facilitate EIP identification and administration. You can add a tag to an EIP when assigning the EIP. Alternatively, you can add a tag to an assigned EIP on the EIP details page. A maximum of 20 tags can be added to each EIP. -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. +A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. -.. _en-us_topic_0068145818__en-us_topic_0118499005_ted9687ca14074ef785241145365a6175: +.. _en-us_topic_0068145818__ted9687ca14074ef785241145365a6175: .. table:: **Table 1** EIP tag requirements @@ -29,7 +29,7 @@ A tag consists of a key and value pair. :ref:`Table 1 **Elastic IP**. -#. In the upper right corner of the EIP list, click **Search by Tag**. +#. Click the search box and then click **Tag** in the drop-down list. -#. In the displayed area, enter the tag key and value of the EIP you are looking for. - - You must specify both the tag key and value. The system will display the EIPs that contain the tag you specified. - -#. Click **+** to add another tag key and value. +#. Select the tag key and value of the EIP. You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for EIPs, the system will display only the EIPs that contain all of the tags you specified. -#. Click **Search**. +#. Click **OK**. The system displays the EIPs you are looking for based on the entered tag keys and values. **Adding, deleting, editing, and viewing tags on the Tags tab of an EIP** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Elastic IP**. #. On the displayed page, locate the EIP whose tags you want to manage, and click the EIP name. #. On the page showing EIP details, click the **Tags** tab and perform desired operations on tags. @@ -90,4 +86,6 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/operation_guide_new_console_edition/eip/modifying_an_eip_bandwidth.rst b/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst similarity index 84% rename from umn/source/operation_guide_new_console_edition/eip/modifying_an_eip_bandwidth.rst rename to umn/source/elastic_ip/modifying_an_eip_bandwidth.rst index 4601c21..25bd660 100644 --- a/umn/source/operation_guide_new_console_edition/eip/modifying_an_eip_bandwidth.rst +++ b/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst @@ -21,7 +21,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. #. Locate the row that contains the target EIP in the EIP list, click **More** in the **Operation** column, and select **Modify Bandwidth**. @@ -32,3 +32,4 @@ Procedure #. Click **Submit**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst new file mode 100644 index 0000000..03c4ace --- /dev/null +++ b/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst @@ -0,0 +1,71 @@ +:original_name: vpc_eip_0001.html + +.. _vpc_eip_0001: + +Unbinding an EIP from an ECS and Releasing the EIP +================================================== + +Scenarios +--------- + +If you no longer need an EIP, unbind it from the ECS and release the EIP to avoid wasting network resources. + +Notes and Constraints +--------------------- + +- In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. +- Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see `Binding an EIP `__ and `Unbinding an EIP `__. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + - You are advised to bind BGP EIPs to or unbind them from dedicated load balancers. + +- EIP assigned together with your load balancers will also be displayed in the EIP list. +- You can only release EIPs that are not bound to any resources. + +Procedure +--------- + +**Unbinding a single EIP** + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. On the displayed page, locate the row that contains the target EIP, and click **Unbind**. +#. Click **Yes** in the displayed dialog box. + +**Releasing a single EIP** + +#. Log in to the management console. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Elastic IP**. +#. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. +#. Click **Yes** in the displayed dialog box. + +**Unbinding multiple EIPs at once** + +#. Log in to the management console. +#. Click |image5| in the upper left corner and select the desired region and project. +#. Click |image6| in the upper left corner and choose **Network** > **Elastic IP**. +#. On the displayed page, select the EIPs to be unbound. +#. Click the **Unbind** button located above the EIP list. +#. Click **Yes** in the displayed dialog box. + +**Releasing multiple EIPs at once** + +#. Log in to the management console. +#. Click |image7| in the upper left corner and select the desired region and project. +#. Click |image8| in the upper left corner and choose **Network** > **Elastic IP**. +#. On the displayed page, select the EIPs to be released. +#. Click the **Release** button located above the EIP list. +#. Click **Yes** in the displayed dialog box. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001454059512.png +.. |image5| image:: /_static/images/en-us_image_0141273034.png +.. |image6| image:: /_static/images/en-us_image_0000001454059512.png +.. |image7| image:: /_static/images/en-us_image_0141273034.png +.. |image8| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/faq/bandwidth/how_do_i_buy_a_shared_bandwidth.rst b/umn/source/faq/bandwidth/how_do_i_buy_a_shared_bandwidth.rst new file mode 100644 index 0000000..974d645 --- /dev/null +++ b/umn/source/faq/bandwidth/how_do_i_buy_a_shared_bandwidth.rst @@ -0,0 +1,15 @@ +:original_name: vpc_faq_0035.html + +.. _vpc_faq_0035: + +How Do I Buy a Shared Bandwidth? +================================ + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. In the navigation pane on the left, choose **Shared Bandwidths**. +#. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted to assign a shared bandwidth. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/faqs/bandwidth/index.rst b/umn/source/faq/bandwidth/index.rst similarity index 87% rename from umn/source/faqs/bandwidth/index.rst rename to umn/source/faq/bandwidth/index.rst index 6c4f6eb..09f2fb0 100644 --- a/umn/source/faqs/bandwidth/index.rst +++ b/umn/source/faq/bandwidth/index.rst @@ -5,14 +5,16 @@ Bandwidth ========= +- :ref:`What Is the Bandwidth Size Range? ` - :ref:`What Bandwidth Types Are Available? ` - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` -- :ref:`What Is the Bandwidth Size Range? ` +- :ref:`How Do I Buy a Shared Bandwidth? ` .. toctree:: :maxdepth: 1 :hidden: + what_is_the_bandwidth_size_range what_bandwidth_types_are_available what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around - what_is_the_bandwidth_size_range + how_do_i_buy_a_shared_bandwidth diff --git a/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst similarity index 68% rename from umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst rename to umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst index 769141c..0808781 100644 --- a/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst +++ b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst @@ -5,9 +5,9 @@ What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ================================================================================================================================================================== -Dedicated bandwidth: The bandwidth can only be used by one EIP and the EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. +A dedicated bandwidth can only be used by one EIP. An EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. -Shared bandwidth: The bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your workloads. +A shared bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your workloads. A dedicated bandwidth cannot be changed to a shared bandwidth or the other way around. You can purchase a shared bandwidth for your EIPs. diff --git a/umn/source/faqs/bandwidth/what_bandwidth_types_are_available.rst b/umn/source/faq/bandwidth/what_bandwidth_types_are_available.rst similarity index 100% rename from umn/source/faqs/bandwidth/what_bandwidth_types_are_available.rst rename to umn/source/faq/bandwidth/what_bandwidth_types_are_available.rst diff --git a/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst b/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst similarity index 69% rename from umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst rename to umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst index 99e5e2d..08d0a33 100644 --- a/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst +++ b/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst @@ -5,4 +5,4 @@ What Is the Bandwidth Size Range? ================================= -The bandwidth range is from 1 Mbit/s to 1,000 Mbit/s. +The bandwidth range is from 5 Mbit/s to 1000 Mbit/s. diff --git a/umn/source/faqs/connectivity/does_a_vpn_allow_communication_between_two_vpcs.rst b/umn/source/faq/connectivity/does_a_vpn_allow_communication_between_two_vpcs.rst similarity index 100% rename from umn/source/faqs/connectivity/does_a_vpn_allow_communication_between_two_vpcs.rst rename to umn/source/faq/connectivity/does_a_vpn_allow_communication_between_two_vpcs.rst diff --git a/umn/source/faqs/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst b/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst similarity index 93% rename from umn/source/faqs/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst rename to umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst index 2d6e1b9..31d064f 100644 --- a/umn/source/faqs/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst +++ b/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst @@ -9,9 +9,9 @@ Users with IPv6 clients can call APIs to assign IPv6 EIPs and bind the EIPs to E For details, see **Floating IP Address (IPv6)** > **Creating a Floating IP Address** in the `Virtual Private Cloud API Reference `__. The NAT64 gateway in the data center will convert the IPv6 EIP to the IPv4 address. (The last 32 bits of the obtained IPv6 EIP is the IPv4 EIP.) -After users who use IPv6 clients bind an IPv6 EIP to an ECS, the data flow is shown in :ref:`Figure 1 `. +After users who use IPv6 clients bind an IPv6 EIP to an ECS, the data flow is shown in :ref:`Figure 1 `. -.. _vpc_faq_0076__en-us_topic_0118499049_fig1038524023539: +.. _vpc_faq_0076__fig1038524023539: .. figure:: /_static/images/en-us_image_0118499144.png :alt: **Figure 1** IPv6 data flow diff --git a/umn/source/faqs/connectivity/index.rst b/umn/source/faq/connectivity/index.rst similarity index 73% rename from umn/source/faqs/connectivity/index.rst rename to umn/source/faq/connectivity/index.rst index e0b2131..72ae691 100644 --- a/umn/source/faqs/connectivity/index.rst +++ b/umn/source/faq/connectivity/index.rst @@ -7,9 +7,6 @@ Connectivity - :ref:`Does a VPN Allow Communication Between Two VPCs? ` - :ref:`Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs? ` -- :ref:`Are There Any Constraints on Using VPC Peering Connections? ` -- :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` -- :ref:`How Many VPC Peering Connections Can I Create? ` - :ref:`What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet? ` - :ref:`What Are the Priorities of the Shared SNAT and Custom Route If Both Are Configured for an ECS to Enable the ECS to Access the Internet? ` - :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` @@ -20,9 +17,6 @@ Connectivity does_a_vpn_allow_communication_between_two_vpcs why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics - are_there_any_constraints_on_using_vpc_peering_connections - why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection - how_many_vpc_peering_connections_can_i_create what_are_the_priorities_of_the_custom_route_and_eip_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet what_are_the_priorities_of_the_shared_snat_and_custom_route_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc diff --git a/umn/source/faqs/connectivity/what_are_the_priorities_of_the_custom_route_and_eip_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst b/umn/source/faq/connectivity/what_are_the_priorities_of_the_custom_route_and_eip_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst similarity index 100% rename from umn/source/faqs/connectivity/what_are_the_priorities_of_the_custom_route_and_eip_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst rename to umn/source/faq/connectivity/what_are_the_priorities_of_the_custom_route_and_eip_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst diff --git a/umn/source/faqs/connectivity/what_are_the_priorities_of_the_shared_snat_and_custom_route_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst b/umn/source/faq/connectivity/what_are_the_priorities_of_the_shared_snat_and_custom_route_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst similarity index 100% rename from umn/source/faqs/connectivity/what_are_the_priorities_of_the_shared_snat_and_custom_route_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst rename to umn/source/faq/connectivity/what_are_the_priorities_of_the_shared_snat_and_custom_route_if_both_are_configured_for_an_ecs_to_enable_the_ecs_to_access_the_internet.rst diff --git a/umn/source/faqs/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst b/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst similarity index 69% rename from umn/source/faqs/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst rename to umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst index c2dbf10..10a3a59 100644 --- a/umn/source/faqs/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst +++ b/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst @@ -12,7 +12,7 @@ You can resolve this issue by configuring the same DNS server address for the su #. Log in to the management console. 2. On the console homepage, under **Network**, click **Virtual Private Cloud**. -3. In the navigation pane on the left, click **Virtual Private Cloud**. -4. On the **Virtual Private Cloud** page, locate the VPC for which a subnet is to be modified and click the VPC name. -5. In the subnet list, locate the row that contains the subnet to be modified, click **Modify**. On the displayed page, change the DNS server address as prompted. +3. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. +4. In the subnet list, locate the target subnet and click its name. +5. On the subnet details page, change the DNS server address of the subnet. 6. Click **OK**. diff --git a/umn/source/faq/eips/can_i_bind_an_eip_to_a_cloud_resource_in_another_region.rst b/umn/source/faq/eips/can_i_bind_an_eip_to_a_cloud_resource_in_another_region.rst new file mode 100644 index 0000000..8514e2e --- /dev/null +++ b/umn/source/faq/eips/can_i_bind_an_eip_to_a_cloud_resource_in_another_region.rst @@ -0,0 +1,8 @@ +:original_name: faq_eip_0012.html + +.. _faq_eip_0012: + +Can I Bind an EIP to a Cloud Resource in Another Region? +======================================================== + +No. EIPs and their associated cloud resources must be in the same region. diff --git a/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst b/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst new file mode 100644 index 0000000..41f8b40 --- /dev/null +++ b/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst @@ -0,0 +1,10 @@ +:original_name: vpc_faq_0019.html + +.. _vpc_faq_0019: + +Can I Bind an EIP to Multiple ECSs? +=================================== + +Each EIP can be bound to only one ECS at a time. + +Multiple ECSs cannot share the same EIP. An ECS and its bound EIP must be in the same region. If you want multiple ECSs in the same VPC to share an EIP, you have to use a NAT gateway. For more information, see `NAT Gateway User Guide `__. diff --git a/umn/source/faq/eips/can_i_change_the_region_of_my_eip.rst b/umn/source/faq/eips/can_i_change_the_region_of_my_eip.rst new file mode 100644 index 0000000..92fa8d2 --- /dev/null +++ b/umn/source/faq/eips/can_i_change_the_region_of_my_eip.rst @@ -0,0 +1,10 @@ +:original_name: faq_eip_0014.html + +.. _faq_eip_0014: + +Can I Change the Region of My EIP? +================================== + +The region of an EIP cannot be changed. + +If you assigned an EIP in region A but need an EIP in region B, you cannot directly change the region of the assigned EIP from A to B. Instead, you have to assign an EIP in region B. diff --git a/umn/source/faq/eips/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst b/umn/source/faq/eips/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst new file mode 100644 index 0000000..7c32ff7 --- /dev/null +++ b/umn/source/faq/eips/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst @@ -0,0 +1,18 @@ +:original_name: vpc_faq_0020.html + +.. _vpc_faq_0020: + +How Do I Access an ECS with an EIP Bound from the Internet? +=========================================================== + +Each ECS is automatically added to a security group after being created to ensure its security. The security group denies access traffic from the Internet by default. To allow external access to ECSs in the security group, add an inbound rule to the security group. + +You can set **Protocol** to **TCP**, **UDP**, **ICMP**, or **All** as required on the page for creating a security group rule. + +- If your ECS needs to be accessible over the Internet and you know the IP address used to access the ECS, set **Source** to the IP address range containing the IP address. + +- If your ECS needs to be accessible over the Internet but you do not know the IP address used to access the ECS, retain the default setting 0.0.0.0/0 for **Source**, and then set allowed ports to improve network security. + + The default source **0.0.0.0/0** indicates that all IP addresses can access ECSs in the security group. + +- Allocate ECSs that have different Internet access requirements to different security groups. diff --git a/umn/source/faqs/eip/index.rst b/umn/source/faq/eips/index.rst similarity index 52% rename from umn/source/faqs/eip/index.rst rename to umn/source/faq/eips/index.rst index 1eeff13..939ebfa 100644 --- a/umn/source/faqs/eip/index.rst +++ b/umn/source/faq/eips/index.rst @@ -2,17 +2,21 @@ .. _faq_eip: -EIP -=== +EIPs +==== -- :ref:`What Are EIPs? ` +- :ref:`What Is an EIP? ` - :ref:`Can I Bind an EIP to Multiple ECSs? ` - :ref:`How Do I Access an ECS with an EIP Bound from the Internet? ` +- :ref:`Can I Bind an EIP to a Cloud Resource in Another Region? ` +- :ref:`Can I Change the Region of My EIP? ` .. toctree:: :maxdepth: 1 :hidden: - what_are_eips + what_is_an_eip can_i_bind_an_eip_to_multiple_ecss how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet + can_i_bind_an_eip_to_a_cloud_resource_in_another_region + can_i_change_the_region_of_my_eip diff --git a/umn/source/faqs/eip/what_are_eips.rst b/umn/source/faq/eips/what_is_an_eip.rst similarity index 94% rename from umn/source/faqs/eip/what_are_eips.rst rename to umn/source/faq/eips/what_is_an_eip.rst index 1571c42..2951d37 100644 --- a/umn/source/faqs/eip/what_are_eips.rst +++ b/umn/source/faq/eips/what_is_an_eip.rst @@ -2,8 +2,8 @@ .. _vpc_faq_0013: -What Are EIPs? -============== +What Is an EIP? +=============== The Elastic IP (EIP) service enables your cloud resources to communicate with the Internet using static public IP addresses and scalable bandwidths. EIPs can be bound to or unbound from ECSs, BMSs, virtual IP addresses, NAT gateways, or load balancers. diff --git a/umn/source/faqs/general/index.rst b/umn/source/faq/general_questions/index.rst similarity index 81% rename from umn/source/faqs/general/index.rst rename to umn/source/faq/general_questions/index.rst index 64c90fb..648885e 100644 --- a/umn/source/faqs/general/index.rst +++ b/umn/source/faq/general_questions/index.rst @@ -2,8 +2,8 @@ .. _faq_common: -General -======= +General Questions +================= - :ref:`What Is a Quota? ` diff --git a/umn/source/faqs/general/what_is_a_quota.rst b/umn/source/faq/general_questions/what_is_a_quota.rst similarity index 97% rename from umn/source/faqs/general/what_is_a_quota.rst rename to umn/source/faq/general_questions/what_is_a_quota.rst index 0f38fed..def4c97 100644 --- a/umn/source/faqs/general/what_is_a_quota.rst +++ b/umn/source/faq/general_questions/what_is_a_quota.rst @@ -45,7 +45,7 @@ Before dialing the hotline number or sending an email, make sure that the follow - Quota type - Required quota -`Learn how to obtain the service hotline and email address. `__ +`Learn how to obtain the service hotline and email address. `__ .. |image1| image:: /_static/images/en-us_image_0275513364.png .. |image2| image:: /_static/images/en-us_image_0152727234.png diff --git a/umn/source/faqs/index.rst b/umn/source/faq/index.rst similarity index 54% rename from umn/source/faqs/index.rst rename to umn/source/faq/index.rst index af8bb61..1bc15eb 100644 --- a/umn/source/faqs/index.rst +++ b/umn/source/faq/index.rst @@ -2,12 +2,13 @@ .. _vpc_faq_0000: -FAQs -==== +FAQ +=== -- :ref:`General ` -- :ref:`VPC and Subnet ` -- :ref:`EIP ` +- :ref:`General Questions ` +- :ref:`VPCs and Subnets ` +- :ref:`EIPs ` +- :ref:`VPC Peering Connections ` - :ref:`Bandwidth ` - :ref:`Connectivity ` - :ref:`Routing ` @@ -17,9 +18,10 @@ FAQs :maxdepth: 1 :hidden: - general/index - vpc_and_subnet/index - eip/index + general_questions/index + vpcs_and_subnets/index + eips/index + vpc_peering_connections/index bandwidth/index connectivity/index routing/index diff --git a/umn/source/faqs/routing/are_there_any_restrictions_on_using_a_route_table.rst b/umn/source/faq/routing/are_there_any_restrictions_on_using_a_route_table.rst similarity index 100% rename from umn/source/faqs/routing/are_there_any_restrictions_on_using_a_route_table.rst rename to umn/source/faq/routing/are_there_any_restrictions_on_using_a_route_table.rst diff --git a/umn/source/faqs/routing/are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc.rst b/umn/source/faq/routing/are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc.rst similarity index 100% rename from umn/source/faqs/routing/are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc.rst rename to umn/source/faq/routing/are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc.rst diff --git a/umn/source/faqs/routing/do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc.rst b/umn/source/faq/routing/do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc.rst similarity index 100% rename from umn/source/faqs/routing/do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc.rst rename to umn/source/faq/routing/do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc.rst diff --git a/umn/source/faqs/routing/how_many_routes_can_a_route_table_contain.rst b/umn/source/faq/routing/how_many_routes_can_a_route_table_contain.rst similarity index 100% rename from umn/source/faqs/routing/how_many_routes_can_a_route_table_contain.rst rename to umn/source/faq/routing/how_many_routes_can_a_route_table_contain.rst diff --git a/umn/source/faqs/routing/index.rst b/umn/source/faq/routing/index.rst similarity index 72% rename from umn/source/faqs/routing/index.rst rename to umn/source/faq/routing/index.rst index 695078d..c4ded72 100644 --- a/umn/source/faqs/routing/index.rst +++ b/umn/source/faq/routing/index.rst @@ -5,22 +5,16 @@ Routing ======= -- :ref:`Can a Route Table Span Multiple VPCs? ` - :ref:`How Many Routes Can a Route Table Contain? ` - :ref:`Are There Any Restrictions on Using a Route Table? ` -- :ref:`Will a Route Table Be Billed? ` - :ref:`Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC? ` - :ref:`Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC? ` -- :ref:`How Many Routes Can Be Added in a VPC? ` .. toctree:: :maxdepth: 1 :hidden: - can_a_route_table_span_multiple_vpcs how_many_routes_can_a_route_table_contain are_there_any_restrictions_on_using_a_route_table - will_a_route_table_be_billed do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc - how_many_routes_can_be_added_in_a_vpc diff --git a/umn/source/faqs/security/can_i_change_the_security_group_of_an_ecs.rst b/umn/source/faq/security/can_i_change_the_security_group_of_an_ecs.rst similarity index 100% rename from umn/source/faqs/security/can_i_change_the_security_group_of_an_ecs.rst rename to umn/source/faq/security/can_i_change_the_security_group_of_an_ecs.rst diff --git a/umn/source/faqs/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst b/umn/source/faq/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst similarity index 100% rename from umn/source/faqs/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst rename to umn/source/faq/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst diff --git a/umn/source/faqs/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst b/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst similarity index 100% rename from umn/source/faqs/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst rename to umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst diff --git a/umn/source/faqs/security/how_many_firewalls_can_i_create.rst b/umn/source/faq/security/how_many_firewalls_can_i_create.rst similarity index 100% rename from umn/source/faqs/security/how_many_firewalls_can_i_create.rst rename to umn/source/faq/security/how_many_firewalls_can_i_create.rst diff --git a/umn/source/faqs/security/how_many_security_groups_can_i_create.rst b/umn/source/faq/security/how_many_security_groups_can_i_create.rst similarity index 100% rename from umn/source/faqs/security/how_many_security_groups_can_i_create.rst rename to umn/source/faq/security/how_many_security_groups_can_i_create.rst diff --git a/umn/source/faqs/security/index.rst b/umn/source/faq/security/index.rst similarity index 100% rename from umn/source/faqs/security/index.rst rename to umn/source/faq/security/index.rst diff --git a/umn/source/faqs/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst b/umn/source/faq/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst similarity index 100% rename from umn/source/faqs/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst rename to umn/source/faq/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst diff --git a/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst b/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst new file mode 100644 index 0000000..1f323f6 --- /dev/null +++ b/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst @@ -0,0 +1,22 @@ +:original_name: faq_connection_0001.html + +.. _faq_connection_0001: + +Can a VPC Peering Connection Connect VPCs in Different Regions? +=============================================================== + +A VPC peering connection only can connect VPCs in the same region. + +:ref:`Figure 1 ` shows an application scenario of VPC peering connections. + +- There are two VPCs (VPC-A and VPC-B) in region A that are not connected. +- Service servers (ECS-A01 and ECS-A02) are in VPC-A, and database servers (RDS-B01 and RDS-B02) are in VPC-B. The service servers and database servers cannot communicate with each other. + +- You need to create a VPC peering connection (peering-AB) between VPC-A and VPC-B so the service servers and database servers can communicate with each other. + +.. _faq_connection_0001__en-us_topic_0046655036_fig4721642193711: + +.. figure:: /_static/images/en-us_image_0000001512591549.png + :alt: **Figure 1** VPC peering connection network diagram + + **Figure 1** VPC peering connection network diagram diff --git a/umn/source/faq/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst b/umn/source/faq/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst new file mode 100644 index 0000000..156c9fe --- /dev/null +++ b/umn/source/faq/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst @@ -0,0 +1,14 @@ +:original_name: vpc_faq_0070.html + +.. _vpc_faq_0070: + +How Many VPC Peering Connections Can I Create in an Account? +============================================================ + +Each account can have a maximum of 50 VPC peering connections in each region by default. + +- Number of VPC peering connections that you can create in each region between VPCs in the same account: subject to the actual quota + +- Number of VPC peering connections that you can create in each region between VPCs in different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. + + An account can create VPC peering connections with different accounts if the account has enough quota. diff --git a/umn/source/faq/vpc_peering_connections/index.rst b/umn/source/faq/vpc_peering_connections/index.rst new file mode 100644 index 0000000..d264f5d --- /dev/null +++ b/umn/source/faq/vpc_peering_connections/index.rst @@ -0,0 +1,18 @@ +:original_name: faq_peer_0000.html + +.. _faq_peer_0000: + +VPC Peering Connections +======================= + +- :ref:`How Many VPC Peering Connections Can I Create in an Account? ` +- :ref:`Can a VPC Peering Connection Connect VPCs in Different Regions? ` +- :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + how_many_vpc_peering_connections_can_i_create_in_an_account + can_a_vpc_peering_connection_connect_vpcs_in_different_regions + why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection diff --git a/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst new file mode 100644 index 0000000..4db7cfd --- /dev/null +++ b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst @@ -0,0 +1,207 @@ +:original_name: vpc_faq_0069.html + +.. _vpc_faq_0069: + +Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? +======================================================================================== + +Symptom +------- + +After a VPC peering connection is created, the local and peer VPCs cannot communicate with each other. + +Troubleshooting +--------------- + +The issues here are described in order of how likely they are to occur. + +.. table:: **Table 1** Possible causes and solutions + + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | No. | Possible Cause | Solution | + +=======================+========================================================================================================+============================================================================================================+ + | 1 | Overlapping CIDR blocks of local and peer VPCs | Refer to :ref:`Overlapping CIDR Blocks of Local and Peer VPCs `. | + | | | | + | | - All their subnet CIDR blocks overlap. | | + | | - Some of their subnet CIDR blocks overlap. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 2 | Incorrect route configuration for the local and peer VPCs | Refer to :ref:`Incorrect Route Configuration for Local and Peer VPCs `. | + | | | | + | | - No routes are added. | | + | | - Incorrect routes are added. | | + | | - Destinations of the routes overlap with that configured for Direct Connect or VPN connections. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 3 | Incorrect network configuration | Refer to :ref:`Incorrect Network Configuration `. | + | | | | + | | - The security group rules of the ECSs that need to communicate deny inbound traffic from each other. | | + | | - The firewall of the ECS NIC blocks traffic. | | + | | - The network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. | | + | | - Check the policy-based routing configuration of an ECS with multiple NICs. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 4 | ECS network failure | Refer to :ref:`ECS Network Failure `. | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section18800459153612: + +Overlapping CIDR Blocks of Local and Peer VPCs +---------------------------------------------- + +If the CIDR blocks of VPCs connected by a VPC peering connection overlap, the connection may not take effect due to route conflicts. + +.. table:: **Table 2** Overlapping CIDR blocks of local and peer VPCs + + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Scenario | Description | Solution | + +=================================================================================+=============================================================================================================================================+==============================================================================================================================================================+ + | VPCs with overlapping CIDR blocks also include subnets that overlap. | As shown in :ref:`Figure 1 `, the CIDR blocks of VPC-A and VPC-B overlap, and all their subnets overlap. | VPC-A and VPC-B cannot be connected using a VPC peering connection. | + | | | | + | | - Overlapping CIDR blocks of VPC-A and VPC-B: 10.0.0.0/16 | Replan the network. | + | | - Overlapping CIDR blocks of Subnet-A01 in VPC-A and Subnet-B01 in VPC-B: 10.0.0.0/24 | | + | | - Overlapping CIDR blocks of Subnet-A02 in VPC-A and Subnet-B02 in VPC-B: 10.0.1.0/24 | | + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Two VPCs have overlapping CIDR blocks but some of their subnets do not overlap. | As shown in :ref:`Figure 2 `, the CIDR blocks of VPC-A and VPC-B overlap, and some of their subnets overlap. | - A VPC peering connection cannot connect the entire VPCs, | + | | | | + | | - Overlapping CIDR blocks of VPC-A and VPC-B: 10.0.0.0/16 | VPC-A and VPC-B. | + | | - Overlapping CIDR blocks of Subnet-A01 in VPC-A and Subnet-B01 in VPC-B: 10.0.0.0/24 | | + | | - CIDR blocks of Subnet-A02 in VPC-A and Subnet-B02 in VPC-B do not overlap. | - A connection can connect their subnets (Subnet-A02 and Subnet-B02) that do not overlap. For details, see :ref:`Figure 3 `. | + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__fig465519155457: + +.. figure:: /_static/images/en-us_image_0000001254335981.png + :alt: **Figure 1** Networking diagram (IPv4) + + **Figure 1** Networking diagram (IPv4) + +.. _vpc_faq_0069__fig098452131910: + +.. figure:: /_static/images/en-us_image_0000001209777270.png + :alt: **Figure 2** Networking diagram (IPv4) + + **Figure 2** Networking diagram (IPv4) + +If CIDR blocks of VPCs overlap and some of their subnets overlap, you can create a VPC peering connection between their subnets with non-overlapping CIDR blocks. :ref:`Figure 3 ` shows the networking diagram of connecting Subnet-A02 and Subnet-B02. :ref:`Table 3 ` describes the routes required. + +.. _vpc_faq_0069__fig920231311415: + +.. figure:: /_static/images/en-us_image_0000001209321492.png + :alt: **Figure 3** Networking diagram (IPv4) + + **Figure 3** Networking diagram (IPv4) + +.. _vpc_faq_0069__table45541823135611: + +.. table:: **Table 3** Routes required for the VPC peering connection between Subnet-A02 and Subnet-B02 + + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Description | + +===================+=============+============+==================================================================================================+ + | VPC-A route table | 10.0.2.0/24 | Peering-AB | Add a route with the CIDR block of Subnet-B02 as the destination and Peering-AB as the next hop. | + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + | VPC-B route table | 10.0.1.0/24 | Peering-AB | Add a route with the CIDR block of Subnet-A02 as the destination and Peering-AB as the next hop. | + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section582181993814: + +Incorrect Route Configuration for Local and Peer VPCs +----------------------------------------------------- + +Check the routes in the route tables of the local and peer VPCs by referring to :ref:`Viewing Routes Configured for a VPC Peering Connection `. :ref:`Table 4 ` lists the items that you need to check. + +.. _vpc_faq_0069__table513212558272: + +.. table:: **Table 4** Route check items + + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Item | Solution | + +==================================================================================================================================================================+==================================================================================================================================================================================+ + | Check whether routes are added to the route tables of the local and peer VPCs. | If routes are not added, add routes by referring to: | + | | | + | | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Check the destinations of routes added to the route tables of the local and peer VPCs. | If the route destination is incorrect, change it by referring to :ref:`Modifying Routes Configured for a VPC Peering Connection `. | + | | | + | - In the route table of the local VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the peer VPC. | | + | - In the route table of the peer VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the local VPC. | | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Destinations of the routes overlap with that configured for Direct Connect or VPN connections. | Check whether any of the VPCs connected by the VPC peering connection also has a VPN or Direct Connect connection connected. If they do, check the destinations of their routes. | + | | | + | | If the destinations of the routes overlap, the VPC peering connection does not take effect. In this case, replan the network connection. | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section157663413717: + +Incorrect Network Configuration +------------------------------- + +#. Check whether security group rules of the ECSs that need to communicate allow inbound traffic from each other by referring to :ref:`Viewing the Security Group of an ECS `. + + - If the ECSs are associated with the same security group, you do not need to check their rules. + - If the ECSs are associated with different security groups, add an inbound rule to allow access from each other by referring to :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network `. + +#. Check whether the firewall of the ECS NIC blocks traffic. + + If the firewall blocks traffic, configure the firewall to allow inbound traffic. + +#. Check whether network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. + + If the network ACL rules deny inbound traffic, configure the rules to allow the traffic. + +#. If an ECS has more than one NIC, check whether correct policy-based routing has been configured for the ECS and packets with different source IP addresses match their own routes from each NIC. + + If an ECS has two NICs (eth0 and eth1): + + - IP address of eth0: 192.168.1.10; Subnet gateway: 192.168.1.1 + - IP address of eth1: 192.168.2.10; Subnet gateway: 192.168.2.1 + + Command format: + + - **ping -l** *IP address of eth0 Subnet gateway address of eth0* + - **ping -l** *IP address of eth1 Subnet gateway address of eth1* + + Run the following commands: + + - **ping -I 192.168.1.10 192.168.1.1** + - **ping -I 192.168.2.10 192.168.2.1** + + If the network communication is normal, the routes of the NICs are correctly configured. + +.. _vpc_faq_0069__section8357923710: + +ECS Network Failure +------------------- + +#. Log in to the ECS. + +#. Check whether the ECS NIC has an IP address assigned. + + - Linux ECS: Use the **ifconfig** or **ip address** command to view the IP address of the NIC. + - Windows ECS: In the search box, enter **cmd** and press **Enter**. In the displayed command prompt, run the **ipconfig** command. + + If the ECS NIC has no IP address assigned, see + +#. Check whether the subnet gateway of the ECS can be pinged. + + a. In the ECS list, click the ECS name. + + The ECS details page is displayed. + + b. On the ECS details page, click the hyperlink of VPC. + + The **Virtual Private Cloud** page is displayed. + + c. In the VPC list, locate the target VPC and click the number in the **Subnets** column. + + The **Subnets** page is displayed. + + d. In the subnet list, click the subnet name. + + The subnet details page is displayed. + + e. Click the **IP Addresses** tab and view the gateway address of the subnet. + + f. Check whether the gateway communication is normal: + + **ping** *Subnet gateway address* + + Example command: **ping 172.17.0.1** diff --git a/umn/source/faqs/vpc_and_subnet/can_subnets_communicate_with_each_other.rst b/umn/source/faq/vpcs_and_subnets/can_subnets_communicate_with_each_other.rst similarity index 100% rename from umn/source/faqs/vpc_and_subnet/can_subnets_communicate_with_each_other.rst rename to umn/source/faq/vpcs_and_subnets/can_subnets_communicate_with_each_other.rst diff --git a/umn/source/faqs/vpc_and_subnet/how_many_subnets_can_i_create.rst b/umn/source/faq/vpcs_and_subnets/how_many_subnets_can_i_create.rst similarity index 100% rename from umn/source/faqs/vpc_and_subnet/how_many_subnets_can_i_create.rst rename to umn/source/faq/vpcs_and_subnets/how_many_subnets_can_i_create.rst diff --git a/umn/source/faqs/vpc_and_subnet/index.rst b/umn/source/faq/vpcs_and_subnets/index.rst similarity index 80% rename from umn/source/faqs/vpc_and_subnet/index.rst rename to umn/source/faq/vpcs_and_subnets/index.rst index 7b92fde..1c78314 100644 --- a/umn/source/faqs/vpc_and_subnet/index.rst +++ b/umn/source/faq/vpcs_and_subnets/index.rst @@ -2,16 +2,16 @@ .. _faq_vpc: -VPC and Subnet -============== +VPCs and Subnets +================ - :ref:`What Is Virtual Private Cloud? ` - :ref:`Which CIDR Blocks Are Available for the VPC Service? ` - :ref:`Can Subnets Communicate with Each Other? ` - :ref:`What Subnet CIDR Blocks Are Available? ` - :ref:`How Many Subnets Can I Create? ` -- :ref:`How Can I Delete a Subnet That Is Being Used by Other Resources? ` - :ref:`What Are the Differences Between the Network ID and Subnet ID of a Subnet? ` +- :ref:`Why Can't I Delete My VPCs and Subnets? ` .. toctree:: :maxdepth: 1 @@ -22,5 +22,5 @@ VPC and Subnet can_subnets_communicate_with_each_other what_subnet_cidr_blocks_are_available how_many_subnets_can_i_create - how_can_i_delete_a_subnet_that_is_being_used_by_other_resources what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet + why_cant_i_delete_my_vpcs_and_subnets diff --git a/umn/source/faqs/vpc_and_subnet/what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet.rst b/umn/source/faq/vpcs_and_subnets/what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet.rst similarity index 100% rename from umn/source/faqs/vpc_and_subnet/what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet.rst rename to umn/source/faq/vpcs_and_subnets/what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet.rst diff --git a/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst b/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst similarity index 58% rename from umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst rename to umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst index 926fa50..ce92b9f 100644 --- a/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst +++ b/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst @@ -5,9 +5,9 @@ What Is Virtual Private Cloud? ============================== -The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. +The Virtual Private Cloud (VPC) service enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. -Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules for communication between ECSs in the same security group or in different security groups. +Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. .. figure:: /_static/images/en-us_image_0209606948.png diff --git a/umn/source/faqs/vpc_and_subnet/what_subnet_cidr_blocks_are_available.rst b/umn/source/faq/vpcs_and_subnets/what_subnet_cidr_blocks_are_available.rst similarity index 100% rename from umn/source/faqs/vpc_and_subnet/what_subnet_cidr_blocks_are_available.rst rename to umn/source/faq/vpcs_and_subnets/what_subnet_cidr_blocks_are_available.rst diff --git a/umn/source/faqs/vpc_and_subnet/which_cidr_blocks_are_available_for_the_vpc_service.rst b/umn/source/faq/vpcs_and_subnets/which_cidr_blocks_are_available_for_the_vpc_service.rst similarity index 100% rename from umn/source/faqs/vpc_and_subnet/which_cidr_blocks_are_available_for_the_vpc_service.rst rename to umn/source/faq/vpcs_and_subnets/which_cidr_blocks_are_available_for_the_vpc_service.rst diff --git a/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst new file mode 100644 index 0000000..4d32cd9 --- /dev/null +++ b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst @@ -0,0 +1,111 @@ +:original_name: vpc_faq_0075.html + +.. _vpc_faq_0075: + +Why Can't I Delete My VPCs and Subnets? +======================================= + +If VPCs and subnets are being used by other resources, you need to delete these resources first based on the prompts on the console before deleting the VPCs and subnets. This following provides detailed deletion prompts and corresponding deletion guide. + +- :ref:`Deleting Subnets ` +- :ref:`Deleting VPCs ` + +.. _vpc_faq_0075__section16966157133218: + +Deleting Subnets +---------------- + +You can refer to :ref:`Table 1 ` to delete subnets. + +.. _vpc_faq_0075__table4284113316400: + +.. table:: **Table 1** Deleting subnets + + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause | Solution | + +=================================================================================================+============================================================================+============================================================================================================================================================+ + | You do not have permission to perform this operation. | Your account does not have permissions to delete subnets. | Contact the account administrator to grant permissions to your account and then delete the subnet. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete custom routes from the associated route table of the subnet and then delete the subnet. | The route table has custom routes with the following as the next hop type: | Delete the custom route from the route table and then delete the subnet. | + | | | | + | | - Server | #. :ref:`Viewing the Route Table Associated with a Subnet ` | + | | - Extension NIC | #. :ref:`Deleting a Route ` | + | | - Virtual IP address | | + | | - NAT gateway | | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Release any virtual IP addresses configured in the subnet and then delete the subnet. | The subnet has virtual IP addresses configured. | Release the virtual IP addresses from the subnet and then delete the subnet. | + | | | | + | | | :ref:`Releasing a Virtual IP Address ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Release any private IP addresses configured in the subnet and then delete the subnet. | The subnet has virtual IP addresses that are not used by any instance. | On the **IP Addresses** tab, view and release these private IP addresses and then delete the subnet. | + | | | | + | | | #. :ref:`Viewing IP Addresses in a Subnet ` | + | | | #. In the private IP address list, locate the IP address that is not being used and click **Release** in the **Operation** column. | + | | | | + | | | .. important:: | + | | | | + | | | NOTICE: | + | | | If you want to release an in-use private IP address, you need to delete the resource that uses the IP address first. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the resource (ECS or load balancer) that is using the subnet and then delete the subnet. | The subnet is being used by an ECS or a load balancer. | Delete the ECS or load balancer and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the load balancer that is using the subnet and then delete the subnet. | The subnet is being used by a load balancer. | Delete the load balancer and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the NAT gateway that is using the subnet and then delete the subnet. | The subnet is being used by a NAT gateway. | Delete the NAT gateway and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the resource that is using the subnet and then delete the subnet. | The subnet is being used by cloud resources. | On the **IP Addresses** tab, view the usage of the IP address, find the resource that is using the IP address, delete the resource, and delete the subnet. | + | | | | + | | | #. :ref:`Viewing IP Addresses in a Subnet ` | + | | | #. Locate resource based on the usage of the IP address. | + | | | #. Delete the resource and then delete the subnet. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Deleting VPCs +------------- + +Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You can refer to :ref:`Table 2 ` to delete VPCs. + +.. _vpc_faq_0075__table95312065138: + +.. table:: **Table 2** Deleting VPCs + + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause | Solution | + +===========================================================================================================================+=========================================================================================================================+===============================================================================================================+ + | You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | + | | | | + | | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | + | | | | + | | | The route table list is displayed. | + | | | | + | | | #. :ref:`Deleting a Route ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | + | | | | + | | - Subnet | - :ref:`Table 1 ` | + | | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection ` | + | | - Custom route table | - :ref:`Deleting a Route Table ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | + | | | | + | | .. important:: | :ref:`Deleting a Security Group ` | + | | | | + | | NOTICE: | | + | | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | + | | | | + | | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst b/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst deleted file mode 100644 index 8cc5623..0000000 --- a/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_faq_0068.html - -.. _vpc_faq_0068: - -Are There Any Constraints on Using VPC Peering Connections? -=========================================================== - -- If two VPCs connected by a VPC peering connection overlap with each other, there will be route conflicts and the VPC peering connection may not be usable. - - After a VPC peering connection is created, the ping command can be used to check whether two VPCs can communicate with each other, but cannot be used to check whether the gateway of the peer subnet is connected. - -- If two VPCs overlap with each other, you can only create a VPC peering connection to enable communication between specific (non-overlapping) subnets in the VPCs. Ensure that the subnets to be peered do not overlap. - -- If there are three VPCs, A, B, and C, and VPC A is peered with both VPC B and VPC C, but VPC B and VPC C overlap with each other, you cannot configure routes with the same destinations for VPC A. - -- You cannot have more than one VPC peering connection between the same two VPCs at the same time. - -- A VPC peering connection between VPCs in different regions will not take effect. - -- You cannot use the EIPs in a VPC to access resources in a peered VPC. For example, VPC A is peered with VPC B, and VPC B has EIPs that can be used to access the Internet, you cannot use EIPs in VPC B to access the Internet from VPC A. - -- If you request a VPC peering connection with a VPC of another account, the connection takes effect only after the peer account accept the request. If you request a VPC peering connection with a VPC of your own, the system automatically accepts the request and activates the connection. - -- To ensure security, do not accept VPC peering connections from unknown accounts. - -- The owner either of a VPC in a peering connection can delete the VPC peering connection at any time. If a VPC peering connection is deleted by one of its owners, all information about this connection will also be deleted immediately, including routes added for the VPC peering connection. - -- After a VPC peering connection is established, the local and peer accounts must add routes to the route tables of the local and peer VPCs to enable communication between the two VPCs. - -- You cannot delete a VPC that has routes configured for a VPC peering connection. diff --git a/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst b/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst deleted file mode 100644 index 7aa5274..0000000 --- a/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst +++ /dev/null @@ -1,14 +0,0 @@ -:original_name: vpc_faq_0070.html - -.. _vpc_faq_0070: - -How Many VPC Peering Connections Can I Create? -============================================== - -Each account can have a maximum of 50 VPC peering connections in each region by default. - -- VPC peering connections between VPCs in one account: Each account can create a maximum of 50 VPC peering connections in one region. - -- VPC peering connections between VPCs of different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. - - An account can create VPC peering connections with different accounts if the account has enough quota. diff --git a/umn/source/faqs/connectivity/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst b/umn/source/faqs/connectivity/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst deleted file mode 100644 index 2d3d58f..0000000 --- a/umn/source/faqs/connectivity/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst +++ /dev/null @@ -1,15 +0,0 @@ -:original_name: vpc_faq_0069.html - -.. _vpc_faq_0069: - -Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? -======================================================================================== - -#. Check whether the VPC IDs are correctly configured for the VPC peering connection. -#. Check whether the VPCs have routes that point to the CIDR block of the other VPC. -#. Check whether the VPCs have routes that point to the subnet CIDR block of the other VPC if the two VPCs have overlapping CIDR blocks. -#. Check whether the VPCs contain overlapping subnets. -#. Check whether required security group rules have been configured for the ECSs that need to communicate with each other and whether restriction rules have been added to the iptables or firewalls used by the ECSs. -#. If a message indicating that this route already exists is displayed when you add a route for a VPC peering connection, check whether the destination of a VPN, Direct Connect, or VPC peering connection route already exists. -#. If the route destination of the VPC peering connection overlaps with that of a Direct Connect or VPN connection, the route may be invalid. -#. If VPCs in a VPC peering connection cannot communicate with each other after all these possible faults have been rectified, contact customer service. diff --git a/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst b/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst deleted file mode 100644 index b812843..0000000 --- a/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0019.html - -.. _vpc_faq_0019: - -Can I Bind an EIP to Multiple ECSs? -=================================== - -Each EIP can be bound to only one ECS at a time. diff --git a/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst b/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst deleted file mode 100644 index 446cce6..0000000 --- a/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst +++ /dev/null @@ -1,18 +0,0 @@ -:original_name: vpc_faq_0020.html - -.. _vpc_faq_0020: - -How Do I Access an ECS with an EIP Bound from the Internet? -=========================================================== - -Each ECS is automatically added to a security group after being created to ensure its security. The security group denies access traffic from the Internet by default. To allow external access to ECSs in the security group, add an inbound rule to the security group. - -You can set **Protocol** to **TCP**, **UDP**, **ICMP**, or **All** as required on the page for creating a security group rule. - -- If the ECS needs to be accessible over the Internet and the IP address used to access the ECS over the Internet has been configured on the ECS, or the ECS does not need to be accessible over the Internet, set **Source** to the IP address range containing the IP address that is allowed to access the ECS over the Internet. -- If the ECS needs to be accessible over the Internet and the IP address used to access the ECS over the Internet has not been configured on the ECS, it is recommended that you retain the default setting **0.0.0.0/0** for **Source**, and then set allowed ports to improve network security. -- Allocate ECSs that have different Internet access policies to different security groups. - - .. note:: - - The default source IP address **0.0.0.0/0** indicates that all IP addresses can access ECSs in the security group. diff --git a/umn/source/faqs/routing/can_a_route_table_span_multiple_vpcs.rst b/umn/source/faqs/routing/can_a_route_table_span_multiple_vpcs.rst deleted file mode 100644 index 7e5b6d7..0000000 --- a/umn/source/faqs/routing/can_a_route_table_span_multiple_vpcs.rst +++ /dev/null @@ -1,12 +0,0 @@ -:original_name: vpc_faq_0062.html - -.. _vpc_faq_0062: - -Can a Route Table Span Multiple VPCs? -===================================== - -A route table cannot span multiple VPCs. - -A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. A VPC has a default route table and can have multiple custom route tables. - -Each subnet in a VPC must be associated with a route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets in a VPC with the same route table. diff --git a/umn/source/faqs/routing/how_many_routes_can_be_added_in_a_vpc.rst b/umn/source/faqs/routing/how_many_routes_can_be_added_in_a_vpc.rst deleted file mode 100644 index 6a2923b..0000000 --- a/umn/source/faqs/routing/how_many_routes_can_be_added_in_a_vpc.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0071.html - -.. _vpc_faq_0071: - -How Many Routes Can Be Added in a VPC? -====================================== - -By default, a maximum of 100 routes can be added for a VPC. The routes include custom routes and those added for Direct Connect and VPC peering connections. diff --git a/umn/source/faqs/routing/will_a_route_table_be_billed.rst b/umn/source/faqs/routing/will_a_route_table_be_billed.rst deleted file mode 100644 index 9ec35d3..0000000 --- a/umn/source/faqs/routing/will_a_route_table_be_billed.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0065.html - -.. _vpc_faq_0065: - -Will a Route Table Be Billed? -============================= - -The route table function itself is free, but you are charged for the ECSs and bandwidth that you use together with the route table function. diff --git a/umn/source/faqs/vpc_and_subnet/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst b/umn/source/faqs/vpc_and_subnet/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst deleted file mode 100644 index 10cb287..0000000 --- a/umn/source/faqs/vpc_and_subnet/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst +++ /dev/null @@ -1,26 +0,0 @@ -:original_name: vpc_faq_0075.html - -.. _vpc_faq_0075: - -How Can I Delete a Subnet That Is Being Used by Other Resources? -================================================================ - -The VPC service allows you to create private, isolated virtual networks. In a VPC, you can manage private IP address ranges, subnets, route tables, and gateways. ECSs, BMSs, databases, and some applications can use subnets created in VPCs. - -A subnet cannot be deleted if it is being used by other resources. You must delete all resources in the subnet before you can delete the subnet. - -You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. - -The resources may include: - -- ECS -- BMS -- CCE cluster -- RDS instance -- MRS cluster -- DCS instance -- Load balancer -- VPN -- Private IP address -- Custom route -- NAT gateway diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index 1d37017..0256770 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -5,6 +5,134 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs ============================================================== +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. Click **Create VPC**. + +#. On the **Create VPC** page, set parameters as prompted. + + A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. table:: **Table 1** VPC parameter descriptions + + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + + .. _en-us_topic_0017816228__en-us_topic_0013935842_table248245914136: + + .. table:: **Table 2** VPC tag key and value requirements + + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+============================================================================+=======================+ + | Key | - Cannot be left blank. | vpc_key1 | + | | - Must be unique for the same VPC and can be the same for different VPCs. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | vpc-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + + .. _en-us_topic_0017816228__en-us_topic_0013935842_table6536185812515: + + .. table:: **Table 3** Subnet tag key and value requirements + + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+=====================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + +#. Click **Create Now**. + - :ref:`Overview ` - :ref:`Step 1: Create a VPC ` - :ref:`Step 2: Create a Subnet for the VPC ` @@ -12,6 +140,9 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs - :ref:`Step 4: Create a Security Group ` - :ref:`Step 5: Add a Security Group Rule ` +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png + .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst index e1f5548..e6c2375 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst @@ -5,45 +5,45 @@ Overview ======== -If your ECSs need to access the Internet (for example, the ECSs functioning as the service nodes for deploying a website), you can follow the procedure shown in :ref:`Figure 1 ` to bind EIPs to the ECSs. +If your ECSs need to access the Internet (for example, the ECSs functioning as the service nodes for deploying a website), you can follow the procedure shown in :ref:`Figure 1 ` to bind EIPs to the ECSs. -.. _vpc_qs_0022__en-us_topic_0118499056_fe457c1ec47c84d6fa3b87210d5b284eb: +.. _vpc_qs_0022__fe457c1ec47c84d6fa3b87210d5b284eb: .. figure:: /_static/images/en-us_image_0162332046.png :alt: **Figure 1** Configuring the network **Figure 1** Configuring the network -:ref:`Table 1 ` describes the different tasks in the procedure for configuring the network. +:ref:`Table 1 ` describes the different tasks in the procedure for configuring the network. -.. _vpc_qs_0022__en-us_topic_0118499056_t5143cea7d59f4c31b1c56ab35e86f71f: +.. _vpc_qs_0022__t5143cea7d59f4c31b1c56ab35e86f71f: .. table:: **Table 1** Configuration process description - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Task | Description | - +======================================+===============================================================================================================================================================================================================================================================================================+ - | Create a VPC. | This task is mandatory. | - | | | - | | A created VPC comes with a default subnet you specified. | - | | | - | | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Create another subnet for the VPC. | This task is optional. | - | | | - | | If the default subnet cannot meet your requirements, you can create one. | - | | | - | | The new subnet is used to assign IP addresses to NICs added to the ECS. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Assign an EIP and bind it to an ECS. | This task is mandatory. | - | | | - | | You can assign an EIP and bind it to an ECS so that the ECS can access the Internet. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Create a security group. | This task is mandatory. | - | | | - | | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. After a security group is created, it has a default rule, which allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Add a security group rule. | This task is optional. | - | | | - | | If the default rule does not meet your service requirements, you can add security group rules. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Task | Description | + +======================================+=============================================================================================================================================================================================================================================================================================+ + | Create a VPC. | This task is mandatory. | + | | | + | | A created VPC comes with a default subnet you specified. | + | | | + | | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Create another subnet for the VPC. | This task is optional. | + | | | + | | If the default subnet cannot meet your requirements, you can create one. | + | | | + | | The new subnet is used to assign IP addresses to NICs added to the ECS. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Assign an EIP and bind it to an ECS. | This task is mandatory. | + | | | + | | You can assign an EIP and bind it to an ECS for Internet access. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Create a security group. | This task is mandatory. | + | | | + | | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. After a security group is created, it has default rules, which allow all outgoing data packets. ECSs in a security group can access each other without the need to add rules. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Add a security group rule. | This task is optional. | + | | | + | | If the default rule does not meet your service requirements, you can add security group rules. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst index 85c47af..cd828ea 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst @@ -19,7 +19,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. Click **Create VPC**. @@ -29,51 +29,67 @@ Procedure .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + + .. _vpc_qs_0009__en-us_topic_0013935842_table248245914136: .. table:: **Table 2** VPC tag key and value requirements @@ -99,7 +115,7 @@ Procedure | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+----------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0009__en-us_topic_0118498853_en-us_topic_0118498861_table6536185812515: + .. _vpc_qs_0009__en-us_topic_0013935842_table6536185812515: .. table:: **Table 3** Subnet tag key and value requirements @@ -128,3 +144,4 @@ Procedure #. Click **Create Now**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst index 903bfae..f636c1b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -19,9 +19,9 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Subnets**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. 5. Click **Create Subnet**. @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -64,10 +62,10 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0010__en-us_topic_0118498982_en-us_topic_0118498823_table42131827173915: + .. _vpc_qs_0010__en-us_topic_0013748726_table42131827173915: .. table:: **Table 2** Subnet tag key and value requirements @@ -109,3 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst index 2ab28e0..25113bd 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst @@ -12,11 +12,17 @@ You can assign an EIP and bind it to an ECS so that the ECS can access the Inter .. note:: - EIPs for dedicated load balancers: + Note the following when you use EIPs of the Dedicated Load Balancer (**5_gray**) type: - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. + - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. + - Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see `Binding an EIP `__ and `Unbinding an EIP `__. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + - You are advised to bind BGP EIPs to or unbind them from dedicated load balancers. + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Assigning an EIP ---------------- @@ -25,7 +31,7 @@ Assigning an EIP #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. #. On the displayed page, click **Assign EIP**. @@ -39,28 +45,41 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Billed By | Two options are available: | Dedicated | + | | | | + | | - **Dedicated**: The bandwidth can be used by only one EIP. | | + | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Name | The EIP name. | eip-test | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Enterprise Project | The enterprise project that the EIP belongs to. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 3005eip | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Quantity | The number of EIPs you want to assign. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0011__en-us_topic_0118499041_en-us_topic_0118498850_table36606052153313: + .. _vpc_qs_0011__en-us_topic_0013748738_table36606052153313: .. table:: **Table 2** EIP tag requirements @@ -77,7 +96,7 @@ Assigning an EIP | | - Digits | | | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | + | Value | - Can contain a maximum of 43 characters. | 3005eip | | | - Can contain only the following character types: | | | | | | | | - Uppercase letters | | @@ -95,7 +114,7 @@ Binding an EIP #. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. -#. Select the instance to which you want to bind the EIP. +#. Select the instance that you want to bind the EIP to. .. figure:: /_static/images/en-us_image_0000001166028070.png @@ -105,7 +124,7 @@ Binding an EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` Follow-Up Procedure ------------------- @@ -119,3 +138,4 @@ You can use any of the following commands to obtain the domain name of an EIP: - dig -x *EIP* .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst index aae35ff..c9d6c67 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst @@ -8,22 +8,26 @@ Step 4: Create a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. + +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. + +You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -31,26 +35,39 @@ Procedure **Figure 1** Create Security Group - .. _vpc_qs_0012__en-us_topic_0118646265_en-us_topic_0118534004_table65377617111335: + .. _vpc_qs_0012__en-us_topic_0013748715_table65377617111335: .. table:: **Table 1** Parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Name | The security group name. This parameter is mandatory. | sg-318b | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group. This parameter is optional. | N/A | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================+============================+ + | Name | The security group name. This parameter is mandatory. | sg-318b | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server | + | | | | + | | - **Custom**: This template allows you to create security groups with custom security group rules. | | + | | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | + | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Supplementary information about the security group. This parameter is optional. | N/A | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index 4f8f9df..a27fa52 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -24,7 +24,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -42,26 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,25 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst index 3ea3842..1a336aa 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst @@ -5,18 +5,18 @@ Overview ======== -If your ECSs do not require Internet access or need to access the Internet using IP addresses on the default network (100.64.0.0/11) with limited bandwidth (for example, the ECSs functioning as the database nodes or server nodes for deploying a website), you can follow the procedure shown in :ref:`Figure 1 ` to configure a VPC for the ECSs. +If your ECSs do not require Internet access or need to access the Internet using IP addresses on the default network (100.64.0.0/11) with limited bandwidth (for example, the ECSs functioning as the database nodes or server nodes for deploying a website), you can follow the procedure shown in :ref:`Figure 1 ` to configure a VPC for the ECSs. -.. _vpc_qs_0004__en-us_topic_0118498946_fd87108563a6848bba1a0f0295fef3515: +.. _vpc_qs_0004__fd87108563a6848bba1a0f0295fef3515: .. figure:: /_static/images/en-us_image_0162329244.png :alt: **Figure 1** Configuring the network **Figure 1** Configuring the network -:ref:`Table 1 ` describes the different tasks in the procedure for configuring the network. +:ref:`Table 1 ` describes the different tasks in the procedure for configuring the network. -.. _vpc_qs_0004__en-us_topic_0118498946_t1b39acc5d1d449eabbea2aab68bfab25: +.. _vpc_qs_0004__t1b39acc5d1d449eabbea2aab68bfab25: .. table:: **Table 1** Configuration process description diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst index b30bc31..159554b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst @@ -19,7 +19,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. Click **Create VPC**. @@ -29,51 +29,67 @@ Procedure .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + + .. _vpc_qs_0005__en-us_topic_0013935842_table248245914136: .. table:: **Table 2** VPC tag key and value requirements @@ -99,7 +115,7 @@ Procedure | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+----------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0005__en-us_topic_0118499007_en-us_topic_0118498861_table6536185812515: + .. _vpc_qs_0005__en-us_topic_0013935842_table6536185812515: .. table:: **Table 3** Subnet tag key and value requirements @@ -128,3 +144,4 @@ Procedure #. Click **Create Now**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst index bfdc646..3350c1b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -19,9 +19,9 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Subnets**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. 5. Click **Create Subnet**. @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -64,10 +62,10 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0006__en-us_topic_0118498844_en-us_topic_0118498823_table42131827173915: + .. _vpc_qs_0006__en-us_topic_0013748726_table42131827173915: .. table:: **Table 2** Subnet tag key and value requirements @@ -109,3 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst index b20e13e..06740e7 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst @@ -8,22 +8,26 @@ Step 3: Create a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. + +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. + +You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -31,26 +35,39 @@ Procedure **Figure 1** Create Security Group - .. _vpc_qs_0007__en-us_topic_0118646263_en-us_topic_0118534004_table65377617111335: + .. _vpc_qs_0007__en-us_topic_0013748715_table65377617111335: .. table:: **Table 1** Parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Name | The security group name. This parameter is mandatory. | sg-318b | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group. This parameter is optional. | N/A | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================+============================+ + | Name | The security group name. This parameter is mandatory. | sg-318b | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server | + | | | | + | | - **Custom**: This template allows you to create security groups with custom security group rules. | | + | | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | + | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Supplementary information about the security group. This parameter is optional. | N/A | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 3426390..63f0ed4 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -24,7 +24,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -42,26 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,25 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/typical_application_scenarios.rst b/umn/source/getting_started/typical_application_scenarios.rst index 240187e..c56e2e0 100644 --- a/umn/source/getting_started/typical_application_scenarios.rst +++ b/umn/source/getting_started/typical_application_scenarios.rst @@ -7,16 +7,7 @@ Typical Application Scenarios A VPC provides an isolated virtual network for ECSs. You can configure and manage the network as required. -- If your ECSs, for example, ECSs that function as databases, do not need to access the Internet or need to access the Internet using specific IP addresses with limited bandwidth, you can configure a VPC for the ECSs by following the instructions described in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access `. -- If your ECSs, for example, ECSs where websites are deployed, need to communicate with the Internet, you can bind EIPs to them. To configure a VPC for these ECSs, follow the instructions provided in :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. - -.. note:: - - Click |image1| in the lower right corner of the console to switch between the new and the old consoles. The old edition does not have the function of associating a subnet with a route table. - - This document provides two sets of operation guides. The "Getting Started" chapter uses the new console edition as an example. - - - If you use the new console edition, see :ref:`Operation Guide (New Console Edition) `. - - If you use the old console edition, see :ref:`Operation Guide (Old Console Edition) `. - -.. |image1| image:: /_static/images/en-us_image_0000001207253746.png +- If any of your ECSs, for example, ECSs that function as the database of server nodes for website deployment, do not need to access the Internet or need to access the Internet specific IP addresses on the default network with limited bandwidth, you can configure a VPC for the ECSs by following the instructions described in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access `. +- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. Then, you can configure a VPC for these ECSs by following the instructions provided in :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. +- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. For details, see :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. +- When you need to access the IPv6 services on the Internet or provide services accessible from users using an IPv6 client, you need to enable the IPv6 function. After the IPv6 function is enabled, you can provide services for users using an IPv4 or IPv6 client. diff --git a/umn/source/index.rst b/umn/source/index.rst index cf324b4..25cf7f3 100644 --- a/umn/source/index.rst +++ b/umn/source/index.rst @@ -7,8 +7,17 @@ Virtual Private Cloud - User Guide service_overview/index getting_started/index - operation_guide_new_console_edition/index - operation_guide_old_console_edition/index - faqs/index + vpc_and_subnet/index + security/index + elastic_ip/index + shared_bandwidth/index + route_tables/index + vpc_peering_connection/index + vpc_flow_log/index + direct_connect + virtual_ip_address/index + monitoring/index + permissions_management/index + faq/index change_history glossary diff --git a/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst b/umn/source/monitoring/creating_an_alarm_rule.rst similarity index 94% rename from umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst rename to umn/source/monitoring/creating_an_alarm_rule.rst index 1580b78..73c022e 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst +++ b/umn/source/monitoring/creating_an_alarm_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. In the left navigation pane on the left, choose **Alarm Management** > **Alarm Rules**. diff --git a/umn/source/operation_guide_new_console_edition/monitoring/index.rst b/umn/source/monitoring/index.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/monitoring/index.rst rename to umn/source/monitoring/index.rst diff --git a/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst b/umn/source/monitoring/supported_metrics.rst similarity index 52% rename from umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst rename to umn/source/monitoring/supported_metrics.rst index 3bde4f0..b082875 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst +++ b/umn/source/monitoring/supported_metrics.rst @@ -20,25 +20,25 @@ Monitoring Metrics .. table:: **Table 1** EIP and bandwidth metrics - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | - +======================+====================+=================================================+=============+==================+================================+ - | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | up_stream | Outbound Traffic | Network traffic going out of the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | down_stream | Inbound Traffic | Network traffic going into the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | + +======================+====================+=============================================================+=============+==================+================================+ + | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | up_stream | Outbound Traffic | Network traffic going out of the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | down_stream | Inbound Traffic | Network traffic going into the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ Dimensions ---------- diff --git a/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst b/umn/source/monitoring/viewing_metrics.rst similarity index 52% rename from umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst rename to umn/source/monitoring/viewing_metrics.rst index 99442c8..2e014aa 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst +++ b/umn/source/monitoring/viewing_metrics.rst @@ -10,14 +10,17 @@ Scenarios View related metrics to see bandwidth and EIP usage information. +You can view the inbound bandwidth, outbound bandwidth, inbound bandwidth usage, outbound bandwidth usage, inbound traffic, and outbound traffic in a specified period. + Procedure --------- #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. -5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. +5. Select the EIP, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details. +6. Select the shared bandwidth, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst deleted file mode 100644 index 205c6f0..0000000 --- a/umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst +++ /dev/null @@ -1,60 +0,0 @@ -:original_name: vpc_eip_0001.html - -.. _vpc_eip_0001: - -Unbinding an EIP from an ECS and Releasing the EIP -================================================== - -Scenarios ---------- - -If you no longer need an EIP, unbind it from the ECS and release the EIP to avoid wasting network resources. - -Notes and Constraints ---------------------- - -- EIP assigned together with your load balancers will also be displayed in the EIP list on the VPC console. On the EIP console or using EIP APIs, you cannot bind EIPs to or unbind them from dedicated load balancers, but you can bind EIPs to or unbind them from shared load balancers. -- You can only release EIPs that are not bound to any resources. - -Procedure ---------- - -**Unbinding a single EIP** - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, locate the row that contains the target EIP, and click **Unbind**. -#. Click **Yes** in the displayed dialog box. - -**Releasing a single EIP** - -#. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. -5. Click **Yes** in the displayed dialog box. - -**Unbinding multiple EIPs at once** - -#. Log in to the management console. -#. Click |image3| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, select the EIPs to be unbound. -#. Click the **Unbind** button located above the EIP list. -#. Click **Yes** in the displayed dialog box. - -**Releasing multiple EIPs at once** - -#. Log in to the management console. -#. Click |image4| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, select the EIPs to be released. -#. Click the **Release** button located above the EIP list. -#. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/index.rst b/umn/source/operation_guide_new_console_edition/index.rst deleted file mode 100644 index 4ac0003..0000000 --- a/umn/source/operation_guide_new_console_edition/index.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_newui_0000.html - -.. _vpc_newui_0000: - -Operation Guide (New Console Edition) -===================================== - -- :ref:`VPC and Subnet ` -- :ref:`Security ` -- :ref:`EIP ` -- :ref:`Shared Bandwidth ` -- :ref:`Route Table ` -- :ref:`VPC Peering Connection ` -- :ref:`VPC Flow Log ` -- :ref:`Direct Connect ` -- :ref:`Virtual IP Address ` -- :ref:`Monitoring ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - vpc_and_subnet/index - security/index - eip/index - shared_bandwidth/index - route_table/index - vpc_peering_connection/index - vpc_flow_log/index - direct_connect - virtual_ip_address/index - monitoring/index diff --git a/umn/source/operation_guide_new_console_edition/route_table/adding_a_custom_route.rst b/umn/source/operation_guide_new_console_edition/route_table/adding_a_custom_route.rst deleted file mode 100644 index 95551f5..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/adding_a_custom_route.rst +++ /dev/null @@ -1,60 +0,0 @@ -:original_name: vpc_route_0006.html - -.. _vpc_route_0006: - -Adding a Custom Route -===================== - -Scenarios ---------- - -Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can add custom routes as required to forward the traffic destined for the destination to the specified next hop. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Route Tables**. - -#. In the route table list, click the name of the route table to which you want to add a route. - -#. Click **Add Route** and set parameters as prompted. - - You can click **+** to add more routes. - - - .. figure:: /_static/images/en-us_image_0173155793.png - :alt: **Figure 1** Add Route - - **Figure 1** Add Route - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+===================================================================================================================================================================+=======================+ - | Destination | The destination CIDR block. | 192.168.0.0/16 | - | | | | - | | The destination of each route must be unique. The destination cannot overlap with any subnet CIDR block in the VPC. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop Type | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | ECS | - | | | | - | | .. note:: | | - | | | | - | | When you add a custom route to or modify a custom route in a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | ecs-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst deleted file mode 100644 index 6a6b651..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst +++ /dev/null @@ -1,41 +0,0 @@ -:original_name: vpc_route_0007.html - -.. _vpc_route_0007: - -Associating a Subnet with a Route Table -======================================= - -Scenarios ---------- - -After a route table is associated with a subnet, the routes in the route table control the routing for the subnet and apply to all cloud resources in the subnet. Determine the impact on services before performing this operation. - -Notes and Constraints ---------------------- - -A subnet can only be associated with one route table. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Route Tables**. - -#. In the route table list, locate the row that contains the target route table and click **Associate Subnet** in the **Operation** column. - -#. Select the subnet to be associated. - - - .. figure:: /_static/images/en-us_image_0173155870.png - :alt: **Figure 1** Associate Subnet - - **Figure 1** Associate Subnet - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst deleted file mode 100644 index e864816..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_route_0008.html - -.. _vpc_route_0008: - -Changing the Route Table Associated with a Subnet -================================================= - -Scenarios ---------- - -You can change the route table associated with the subnet to another one in the VPC. If the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. Determine the impact on services before performing this operation. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Route Tables**. - -#. In the route table list, click the name of the target route table. - -#. On the **Associated Subnets** tab page, click **Change Route Table** in the **Operation** column and select a new route table as prompted. - -#. Click **OK**. - - After the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst b/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst deleted file mode 100644 index 67c1bb0..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst +++ /dev/null @@ -1,139 +0,0 @@ -:original_name: vpc_route_0004.html - -.. _vpc_route_0004: - -Configuring an SNAT Server -========================== - -Scenarios ---------- - -To use the route table function provided by the VPC service, you need to configure SNAT on an ECS to enable other ECSs that do not have EIPs bound in a VPC to access the Internet through this ECS. - -The configured SNAT takes effect for all subnets in a VPC. - -Prerequisites -------------- - -- You have an ECS where SNAT is to be configured. -- The ECS where SNAT is to be configured runs the Linux OS. -- The ECS where SNAT is to be configured has only one network interface card (NIC). - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Compute**, click **Elastic Cloud Server**. - -4. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. - -5. On the displayed ECS details page, click the **NICs** tab. - -6. Click the NIC IP address. In the displayed area showing the NIC details, disable the source/destination check function. - - By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. Therefore, you need to disable the source/destination check for SNAT servers. - -7. Bind an EIP. - - - Bind an EIP with the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. - - Bind an EIP with the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. - -8. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. - -9. Run the following command and enter the password of user **root** to switch to user **root**: - - **su - root** - -10. Run the following command to check whether the ECS can successfully connect to the Internet: - - .. note:: - - Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and enable the security group rules. - - **ping www.google.com** - - The ECS can access the Internet if the following information is displayed: - - .. code-block:: console - - [root@localhost ~]# ping www.google.com - PING www.a.shifen.com (xxx.xxx.xxx.xxx) 56(84) bytes of data. - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms - -11. Run the following command to check whether IP forwarding of the Linux OS is enabled: - - **cat /proc/sys/net/ipv4/ip_forward** - - In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - - - If IP forwarding in Linux is enabled, go to step :ref:`14 `. - - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable IP forwarding in Linux. - - Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. - -12. .. _vpc_route_0004__en-us_topic_0118499009_li3948189019612: - - Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. - -13. Run the following command to make the change take effect: - - **sysctl -p /etc/sysctl.conf** - -14. .. _vpc_route_0004__en-us_topic_0118499009_li2168883919851: - - Configure SNAT. - - Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: :ref:`Figure 1 ` shows the example command. - - **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** - - .. _vpc_route_0004__en-us_topic_0118499009_fig27328760201321: - - .. figure:: /_static/images/en-us_image_0118498992.png - :alt: **Figure 1** Configuring SNAT - - **Figure 1** Configuring SNAT - - .. note:: - - - To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. - - a. Run the following command to switch to the **/etc/sysctl.conf** file: - - **vi /etc/rc.local** - - b. Perform :ref:`14 ` to configure SNAT. - - c. Run the following command to save the configuration and exit: - - **:wq** - - d. Run the following command to add the execute permission for the **rc.local** file: - - **# chmod +x /etc/rc.local** - - - To ensure that the configuration takes effect, run the **iptables -L** command to check whether the configured rules conflict with each other. - -15. Run the following command to check whether the operation is successful: If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the operation was successful. - - **iptables -t nat --list** - - .. _vpc_route_0004__en-us_topic_0118499009_fig8358771201535: - - .. figure:: /_static/images/en-us_image_0118499109.png - :alt: **Figure 2** Verifying configuration - - **Figure 2** Verifying configuration - -16. Add a route. For details, see section :ref:`Adding a Custom Route `. - - Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. - -After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst deleted file mode 100644 index c3b97e0..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst +++ /dev/null @@ -1,25 +0,0 @@ -:original_name: vpc_route_0012.html - -.. _vpc_route_0012: - -Deleting a Route -================ - -Scenarios ---------- - -Delete a route if it is no longer required. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC that the route to be deleted belongs to and click the VPC name. -6. Click the **Route Tables** tab. On the displayed page, locate the row that contains the route to be deleted, and click **Delete** in the **Operation** column. -7. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst deleted file mode 100644 index 520838f..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst +++ /dev/null @@ -1,28 +0,0 @@ -:original_name: vpc_route_0010.html - -.. _vpc_route_0010: - -Deleting a Route Table -====================== - -Scenarios ---------- - -You can delete custom route tables but cannot delete the default route table. - -Prerequisites -------------- - -Before deleting a route table, ensure that no subnet has been associated with the custom route table. If there is an associated subnet, associate the subnet with another route table by clicking **Change Route Table** and then delete the custom route table. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. -#. In the route table list, locate the row that contains the route table to be deleted and click **Delete** in the **Operation** column. -#. Click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/index.rst b/umn/source/operation_guide_new_console_edition/route_table/index.rst deleted file mode 100644 index c91cf91..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/index.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_route_0000.html - -.. _vpc_route_0000: - -Route Table -=========== - -- :ref:`Route Table Overview ` -- :ref:`Configuring an SNAT Server ` -- :ref:`Creating a Custom Route Table ` -- :ref:`Adding a Custom Route ` -- :ref:`Associating a Subnet with a Route Table ` -- :ref:`Changing the Route Table Associated with a Subnet ` -- :ref:`Viewing a Route Table ` -- :ref:`Deleting a Route Table ` -- :ref:`Modifying a Route ` -- :ref:`Deleting a Route ` -- :ref:`Replicating a Route ` -- :ref:`Exporting Route Table Information ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - route_table_overview - configuring_an_snat_server - creating_a_custom_route_table - adding_a_custom_route - associating_a_subnet_with_a_route_table - changing_the_route_table_associated_with_a_subnet - viewing_a_route_table - deleting_a_route_table - modifying_a_route - deleting_a_route - replicating_a_route - exporting_route_table_information diff --git a/umn/source/operation_guide_new_console_edition/route_table/modifying_a_route.rst b/umn/source/operation_guide_new_console_edition/route_table/modifying_a_route.rst deleted file mode 100644 index 7457328..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/modifying_a_route.rst +++ /dev/null @@ -1,54 +0,0 @@ -:original_name: vpc_route_0011.html - -.. _vpc_route_0011: - -Modifying a Route -================= - -Scenarios ---------- - -Modify a route. - -Notes and Constraints ---------------------- - -- The system route cannot be modified. -- The routes delivered by the VPN, Direct Connect services to the default route table cannot be modified. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. -#. In the route table list, click the name of the target route table. -#. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. -#. Modify the route information in the displayed dialog box. - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+===================================================================================================================================================================+=======================+ - | Destination | The destination CIDR block. | 192.168.0.0/16 | - | | | | - | | The destination of each route must be unique. The destination cannot overlap with any subnet CIDR block in the VPC. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop Type | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | ECS | - | | | | - | | .. note:: | | - | | | | - | | When you add a custom route to or modify a custom route in a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | ecs-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst b/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst deleted file mode 100644 index e79c80b..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst +++ /dev/null @@ -1,39 +0,0 @@ -:original_name: vpc_route_0013.html - -.. _vpc_route_0013: - -Replicating a Route -=================== - -Scenarios ---------- - -You can replicate a created route as required. - -Notes and Constraints ---------------------- - -- The routes delivered by the VPN service to the default route table cannot be replicated. -- The routes delivered to the default route table by the Direct Connect service that is enabled by call or email cannot be replicated. -- Black hole routes cannot be replicated. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Route Tables**. - -#. In the route table list, locate the row that contains the target route table and click **Replicate Route** in the **Operation** column. - -#. Select the target route table and then the route to be replicated as prompted. - - The routes listed on the page are those that do not exist in the target route table. You can select one or more routes to replicate to the target route table. - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst b/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst deleted file mode 100644 index 30deb5e..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst +++ /dev/null @@ -1,117 +0,0 @@ -:original_name: route_0001.html - -.. _route_0001: - -Route Table Overview -==================== - -A custom route is a user-defined routing rule added to a VPC. - -Route Table ------------ - -A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. - - -.. figure:: /_static/images/en-us_image_0167573711.png - :alt: **Figure 1** Route table - - **Figure 1** Route table - -Default Route Table and Custom Route Table ------------------------------------------- - -When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. You can add, delete, and modify routes in the default route table, but you cannot delete the route table. When you create a VPN, Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you want to modify or delete the route, you can associate your subnet with a custom route table and replicate the route to the custom route table to modify or delete it. - -If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. You can delete the custom route table if it is no longer required. - -.. note:: - - The custom route table associated with a subnet affects only the outbound traffic. The default route table determines the inbound traffic. - -For details about how to create a custom route table, see section :ref:`Creating a Custom Route Table `. - -Route ------ - -A route is configured with the destination, next hop type, and next hop to determine where network traffic is directed. Routes are classified into system routes and custom routes. - -- System routes: These routes are automatically added by the system and cannot be modified or deleted. - - After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other. - - - Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20. - - Routes whose destination is a subnet CIDR block. - - .. note:: - - In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address. - -- Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. - - You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. - - .. _route_0001__en-us_topic_0121831807_table1727714140542: - - .. table:: **Table 1** Next hop type - - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | Description | Supported Route Table | - +========================+==============================================================================================================================================================+========================+ - | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - - .. note:: - - If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered. - - For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN connection or Direct Connect gateway, you need to specify the remote subnet, that is, the destination of a route. In this case, the system delivers this system route. Do not modify the route destination on the **Route Tables** page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly. - -Custom Route Table Configuration Process ----------------------------------------- - -:ref:`Figure 2 ` shows the process of creating and configuring a custom route table. - -.. _route_0001__en-us_topic_0121831807_fig16862186152219: - -.. figure:: /_static/images/en-us_image_0163203842.png - :alt: **Figure 2** Route table configuration process - - **Figure 2** Route table configuration process - -#. For details about how to create a custom route table, see :ref:`Creating a Custom Route Table `. -#. For details about how to add a custom route, see :ref:`Adding a Custom Route `. -#. For details about how to associate a subnet with a route table, see :ref:`Associating a Subnet with a Route Table `. After the association, the routes in the route table control the routing for the subnet. - -Notes and Constraints ---------------------- - -- A maximum of 10 route tables, including the default one, can be created for each VPC. -- A maximum of 200 routes can be added to each route table. -- The default route table cannot be deleted. -- The system route cannot be modified or deleted. -- The routes delivered by the VPN service to the default route table cannot be modified, replicated, or deleted. -- The routes delivered by the Direct Connect service to the default route table cannot be modified or deleted. - - - If the Direct Connect service is enabled in the self-service mode, the routes delivered to the default route table can be replicated to the custom route table. - - If the Direct Connect service is enabled by call or email, the routes delivered to the default route table cannot be replicated to the custom route table. - -- Black hole routes cannot be replicated. -- When you add a custom route to a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. diff --git a/umn/source/operation_guide_new_console_edition/route_table/viewing_a_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/viewing_a_route_table.rst deleted file mode 100644 index f0c7a9e..0000000 --- a/umn/source/operation_guide_new_console_edition/route_table/viewing_a_route_table.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_route_0009.html - -.. _vpc_route_0009: - -Viewing a Route Table -===================== - -Scenarios ---------- - -You can view details about a route table. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC that is associated with the route table to be queried and click the VPC name. -6. View details about the route table. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst deleted file mode 100644 index 88aa884..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst +++ /dev/null @@ -1,48 +0,0 @@ -:original_name: SecurityGroup_0017.html - -.. _SecurityGroup_0017: - -Adding Instances to and Removing Them from a Security Group -=========================================================== - -Scenarios ---------- - -After a security group is created, you can add instances to the security group to protect the instances. You can also remove them from the security group as required. - -You can add multiple instances to or remove them from a security group. - -Adding Instances to a Security Group ------------------------------------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, click **Add** and add one or more servers to the current security group. -7. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. -8. Click **OK**. - -Removing Instances from a Security Group ----------------------------------------- - -#. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. -7. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. -8. Click **Yes**. - -**Removing multiple instances from a security group** - -Select multiple servers and click **Remove** above the server list to remove the selected servers from the current security group all at once. - -Select multiple extension NICs and click **Remove** above the extension NIC list to remove the selected extension NICs from the current security group all at once. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst deleted file mode 100644 index cc2dda4..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst +++ /dev/null @@ -1,56 +0,0 @@ -:original_name: en-us_topic_0013748715.html - -.. _en-us_topic_0013748715: - -Creating a Security Group -========================= - -Scenarios ---------- - -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - -5. On the **Security Groups** page, click **Create Security Group**. - -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0000001197426329.png - :alt: **Figure 1** Create Security Group - - **Figure 1** Create Security Group - - .. _en-us_topic_0013748715__en-us_topic_0118534004_table65377617111335: - - .. table:: **Table 1** Parameter description - - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Name | The security group name. This parameter is mandatory. | sg-318b | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group. This parameter is optional. | N/A | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst deleted file mode 100644 index a54f0ed..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_SecurityGroup_0008.html - -.. _vpc_SecurityGroup_0008: - -Deleting a Security Group -========================= - -Scenarios ---------- - -This section describes how to delete security groups that you are no longer required. - -Notes and Constraints ---------------------- - -- The default security group cannot be deleted. -- If a security group is associated with resources other than servers and extension NICs, the security group cannot be deleted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/fast-adding_security_group_rules.rst b/umn/source/operation_guide_new_console_edition/security/security_group/fast-adding_security_group_rules.rst deleted file mode 100644 index 6582ec6..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/fast-adding_security_group_rules.rst +++ /dev/null @@ -1,44 +0,0 @@ -:original_name: SecurityGroup_0004.html - -.. _SecurityGroup_0004: - -Fast-Adding Security Group Rules -================================ - -Scenarios ---------- - -You can add multiple security group rules with different protocols and ports at the same time. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - -5. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules. - -6. On the **Inbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select the protocols and ports you wish to add all at once. - - - .. figure:: /_static/images/en-us_image_0211552164.png - :alt: **Figure 1** Fast-Add Inbound Rule - - **Figure 1** Fast-Add Inbound Rule - -7. On the **Outbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select required protocols and ports to add multiple rules at a time. - - - .. figure:: /_static/images/en-us_image_0211560998.png - :alt: **Figure 2** Fast-Add Outbound Rule - - **Figure 2** Fast-Add Outbound Rule - -8. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst b/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst deleted file mode 100644 index beda16e..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst +++ /dev/null @@ -1,25 +0,0 @@ -:original_name: vpc_SecurityGroup_0005.html - -.. _vpc_SecurityGroup_0005: - -Modifying a Security Group Rule -=============================== - -Scenarios ---------- - -You can modify the port, protocol, and IP address of a security group rule to meet your specific requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. -7. Modify the rule and click **Confirm**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst deleted file mode 100644 index 89a12cc..0000000 --- a/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst +++ /dev/null @@ -1,23 +0,0 @@ -:original_name: vpc_SecurityGroup_0011.html - -.. _vpc_SecurityGroup_0011: - -Viewing the Security Group of an ECS -==================================== - -Scenarios ---------- - -View inbound and outbound rules of a security group used by an ECS. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. On the **Elastic Cloud Server** page, click the name of the target ECS. -5. Click the **Security Groups** tab and view information about the security group used by the ECS. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst deleted file mode 100644 index 1074a93..0000000 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ /dev/null @@ -1,46 +0,0 @@ -:original_name: vpc010005.html - -.. _vpc010005: - -Assigning a Shared Bandwidth -============================ - -Scenarios ---------- - -Assign a shared bandwidth for use with EIPs. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Elastic IP**. - -#. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. - -#. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0000001163949251.png - :alt: **Figure 1** Assigning Shared Bandwidth - - **Figure 1** Assigning Shared Bandwidth - - .. table:: **Table 1** Parameter descriptions - - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Parameter | Description | Example Value | - +================+=========================================================================================================================================================================================================================================================================================================+===============+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth | The bandwidth size in Mbit/s. The value ranges from starting with 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth Name | The name of the shared bandwidth. | Bandwidth-001 | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - -#. Click **Create Now**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst b/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst deleted file mode 100644 index 7d05eba..0000000 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst +++ /dev/null @@ -1,18 +0,0 @@ -:original_name: vpc010004.html - -.. _vpc010004: - -Shared Bandwidth Overview -========================= - -Shared bandwidth allows multiple EIPs to share the same bandwidth. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. - -When you host a large number of applications on the cloud, if each EIP uses an independent bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. - -- Easy to Manage - - Region-level bandwidth sharing and multiplexing simplify O&M statistics, management, and operations cost settlement. - -- Flexible Operations - - You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the instances to which they are bound. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst deleted file mode 100644 index 9823614..0000000 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ /dev/null @@ -1,35 +0,0 @@ -:original_name: vpc_vip_0002.html - -.. _vpc_vip_0002: - -Assigning a Virtual IP Address -============================== - -Scenarios ---------- - -If an ECS requires a virtual IP address or if a virtual IP address needs to be reserved, you can assign a virtual IP address from the subnet. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet where a virtual IP address is to be assigned, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet where a virtual IP address is to be assigned. -7. Click the **Virtual IP Addresses** tab and click **Assign Virtual IP Address**. -8. Select a virtual IP address assignment mode. - - - **Automatic**: The system assigns an IP address automatically. - - **Manual**: You can specify an IP address. - -9. Select **Manual** and enter a virtual IP address. -10. Click **OK**. - -You can then query the assigned virtual IP address in the IP address list. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst deleted file mode 100644 index 4696b08..0000000 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ /dev/null @@ -1,133 +0,0 @@ -:original_name: en-us_topic_0067802474.html - -.. _en-us_topic_0067802474: - -Binding a Virtual IP Address to an EIP or ECS -============================================= - -Scenarios ---------- - -You can bind a virtual IP address to an EIP so that you can access the ECSs bound with the same virtual IP address from the Internet. These ECSs can work in the active/standby mode to improve fault tolerance. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the virtual IP address and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet that the virtual IP address belongs to. -7. Click the **IP Addresses** tab, locate the row that contains the virtual IP address to be bound to an EIP or ECS, and choose **Bind to EIP** or **Bind to Server** in the **Operation** column. -8. Select the desired EIP, or ECS and its NIC. - - .. note:: - - - If the ECS has multiple NICs, bind the virtual IP address to the primary NIC. - - Multiple virtual IP addresses can be bound to an ECS NIC. - -9. Click **OK**. - -10. Manually configure the virtual IP address bound to an ECS. - - After a virtual IP address is bound to an ECS NIC, you need to manually configure the virtual IP address on the ECS. - - **Linux OS** (CentOS 7.2 64bit is used as an example.) - - a. .. _en-us_topic_0067802474__en-us_topic_0118499077_li528316578916: - - Run the following command to obtain the NIC to which the virtual IP address is to be bound and the connection of the NIC: - - **nmcli connection** - - Information similar to the following is displayed: - - |image2| - - The command output in this example is described as follows: - - - **eth0** in the **DEVICE** column indicates the NIC to which the virtual IP address is to be bound. - - **Wired connection 1** in the **NAME** column indicates the connection of the NIC. - - b. Run the following command to add the virtual IP address for the target connection: - - **nmcli connection modify "**\ *CONNECTION*\ **" ipv4.addresses** *VIP* - - Configure the parameters as follows: - - - CONNECTION: connection of the NIC obtained in :ref:`10.a `. - - VIP: virtual IP address to be added. - - - If you add multiple virtual IP addresses at a time, separate them with commas (,). - - If a virtual IP address already exists and you need to add a new one, the command must contain both the new and original virtual IP addresses. - - Example commands: - - - Adding a single virtual IP address: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125** - - Adding multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125,172.16.0.126** - - c. Run the following command to make the configuration take effect: - - **nmcli connection up "**\ *CONNECTION*\ **"** - - In this example, run the following command: - - **nmcli connection up "Wired connection 1"** - - Information similar to the following is displayed: - - |image3| - - d. Run the following command to check whether the virtual IP address has been bound: - - **ip a** - - Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. - - |image4| - - **Windows OS** (Windows Server is used as an example here.) - - a. In **Control Panel**, click **Network and Sharing Center**, and click the corresponding local connection. - - b. On the displayed page, click **Properties**. - - c. On the **Network** tab page, select **Internet Protocol Version 4 (TCP/IPv4)**. - - d. Click **Properties**. - - e. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. - - - .. figure:: /_static/images/en-us_image_0000001179761510.png - :alt: **Figure 1** Configuring private IP address - - **Figure 1** Configuring private IP address - - f. Click **Advanced**. - - g. On the **IP Settings** tab, click **Add** in the **IP addresses** area. - - Add the virtual IP address. For example, 10.0.0.154. - - - .. figure:: /_static/images/en-us_image_0000001225081545.png - :alt: **Figure 2** Configuring virtual IP address - - **Figure 2** Configuring virtual IP address - - h. Click **OK**. - - i. In the **Start** menu, open the Windows command line window and run the following command to check whether the virtual IP address has been configured: - - **ipconfig /all** - - In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001281210233.png -.. |image3| image:: /_static/images/en-us_image_0000001237328110.png -.. |image4| image:: /_static/images/en-us_image_0000001237013856.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst deleted file mode 100644 index ca48083..0000000 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_vip_0009.html - -.. _vpc_vip_0009: - -Releasing a Virtual IP Address -============================== - -Scenarios ---------- - -If you no longer need a virtual IP address or a reserved virtual IP address, you can release it to avoid wasting resources. - -Prerequisites -------------- - -Before deleting a virtual IP address, ensure that the virtual IP address has been unbound from the following resources: - -- ECS -- EIP -- CCE cluster - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet from which a virtual IP address is to be released, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet from which a virtual IP address is to be released. -7. Click the **Virtual IP Addresses** tab, locate the row that contains the virtual IP address to be released, click **More** in the **Operation** column, and select **Release**. -8. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst deleted file mode 100644 index b842d85..0000000 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst +++ /dev/null @@ -1,14 +0,0 @@ -:original_name: vpc_vip_0006.html - -.. _vpc_vip_0006: - -Using a VPC Peering Connection to Access the Virtual IP Address -=============================================================== - -Procedure ---------- - -#. Configure the ECS networking based on :ref:`Networking `. -#. Create a :ref:`VPC peering connection `. - -You can access the virtual IP address of the ECS through the VPC peering connection. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_vpc.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_vpc.rst deleted file mode 100644 index c714358..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_vpc.rst +++ /dev/null @@ -1,130 +0,0 @@ -:original_name: en-us_topic_0013935842.html - -.. _en-us_topic_0013935842: - -Creating a VPC -============== - -Scenarios ---------- - -A VPC provides an isolated virtual network for ECSs. You can configure and manage the network as required. - -You can create a VPC by following the procedure provided in this section. Then, create subnets, security groups, and assign EIPs by following the procedure provided in subsequent sections based on your actual network requirements. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. Click **Create VPC**. - -#. On the **Create VPC** page, set parameters as prompted. - - A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. - - .. table:: **Table 1** VPC parameter descriptions - - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - - .. table:: **Table 2** VPC tag key and value requirements - - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+============================================================================+=======================+ - | Key | - Cannot be left blank. | vpc_key1 | - | | - Must be unique for the same VPC and can be the same for different VPCs. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | vpc-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - - .. _en-us_topic_0013935842__en-us_topic_0118498861_table6536185812515: - - .. table:: **Table 3** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **Create Now**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst deleted file mode 100644 index 957c4d0..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst +++ /dev/null @@ -1,51 +0,0 @@ -:original_name: vpc_vpc_0002.html - -.. _vpc_vpc_0002: - -Deleting a Subnet -================= - -Scenarios ---------- - -You can delete a subnet to release network resources if the subnet is no longer required. - -Prerequisites -------------- - -You can delete a subnet only if there are no resources in the subnet. If there are resources in the subnet, you must delete those resources before you can delete the subnet. - -You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. - -The resources may include: - -- ECS -- BMS -- CCE cluster -- RDS instance -- MRS cluster -- DCS instance -- Load balancer -- VPN -- Private IP address -- Custom route -- NAT gateway - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. - -5. In the subnet list, locate the row that contains the subnet you want to delete and click **Delete** in the **Operation** column. - - A confirmation dialog box is displayed. - -6. Click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst deleted file mode 100644 index 77afe95..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst +++ /dev/null @@ -1,39 +0,0 @@ -:original_name: vpc_vpc_0003.html - -.. _vpc_vpc_0003: - -Deleting a VPC -============== - -Scenarios ---------- - -You can delete a VPC if the VPC is no longer required. - -You can delete a VPC only if there are no resources in the VPC. If there are resources in the VPC, you must delete those resources before you can delete the VPC. - -A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. - -- Subnets. For details, see section :ref:`Deleting a Subnet `. -- VPNs. For details, see *Virtual Private Network User Guide*. -- Direct Connect connections. For details, see the *Direct Connect User Guide*. -- Custom routes. For details, see section :ref:`Deleting a Route `. -- VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. - -Notes and Constraints ---------------------- - -If there are any EIPs or security groups, the last VPC cannot be deleted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/index.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/index.rst deleted file mode 100644 index dea873c..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: en-us_topic_0030969460.html - -.. _en-us_topic_0030969460: - -VPC and Subnet -============== - -- :ref:`Creating a VPC ` -- :ref:`Modifying a VPC ` -- :ref:`Creating a Subnet for the VPC ` -- :ref:`Modifying a Subnet ` -- :ref:`Deleting a Subnet ` -- :ref:`Deleting a VPC ` -- :ref:`Managing VPC Tags ` -- :ref:`Managing Subnet Tags ` -- :ref:`Exporting VPC List ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - creating_a_vpc - modifying_a_vpc - creating_a_subnet_for_the_vpc - modifying_a_subnet - deleting_a_subnet - deleting_a_vpc - managing_vpc_tags - managing_subnet_tags - exporting_vpc_list diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst deleted file mode 100644 index c61bf07..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ /dev/null @@ -1,221 +0,0 @@ -:original_name: en-us_topic_0046655038.html - -.. _en-us_topic_0046655038: - -Creating a VPC Peering Connection with a VPC in Another Account -=============================================================== - -Scenarios ---------- - -The VPC service also allows you to create a VPC peering connection with a VPC in another account. The two VPCs must be in the same region. If you request a VPC peering connection with a VPC in another account in the same region, the owner of the peer account must accept the request to activate the connection. - -Creating a VPC Peering Connection ---------------------------------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the right pane displayed, click **Create VPC Peering Connection**. - -6. Configure parameters as prompted. You must select **Another account** for **Account**. - - - .. figure:: /_static/images/en-us_image_0167840073.png - :alt: **Figure 1** Create VPC Peering Connection - - **Figure 1** Create VPC Peering Connection - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================+======================================+ - | Name | The name of the VPC peering connection. | peering-001 | - | | | | - | | The name contains a maximum of 64 characters, which consist of letters, digits, hyphens (-), and underscores (_). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Local VPC | The local VPC. You can select one from the drop-down list. | vpc_002 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Account | The account to which the VPC to peer with belongs. | Another account | - | | | | - | | - **My account**: The VPC peering connection will be created between two VPCs, in the same region, in your account. | | - | | - **Another account**: The VPC peering connection will be created between your VPC and a VPC in another account, in the same region. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Peer Project ID | This parameter is available only when **Another account** is selected. | N/A | - | | | | - | | For details about how to obtain the peer project ID, see :ref:`Obtaining the Peer Project ID `. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Peer VPC ID | This parameter is available only when **Another account** is selected. | 65d062b3-40fa-4204-8181-3538f527d2ab | - | | | | - | | For details about how to obtain the peer VPC ID, see :ref:`Obtaining the Peer VPC ID `. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - -7. Click **OK**. - -Accepting a VPC Peering Connection Request ------------------------------------------- - -To request a VPC peering connection with a VPC in another account, the owner of the peer account must accept the request to activate the connection. - -#. The owner of the peer account logs in to the management console. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. - - - .. figure:: /_static/images/en-us_image_0162391155.png - :alt: **Figure 2** VPC peering connection list - - **Figure 2** VPC peering connection list - -#. Click **Yes** in the displayed dialog box. - -Refusing a VPC Peering Connection ---------------------------------- - -The owner of the peer account can reject any VPC peering connection request that they receive. If a VPC peering connection request is rejected, the connection will not be established. You must delete the rejected VPC peering connection request before creating a VPC peering connection between the same VPCs as those in the rejected request. - -#. The owner of the peer account logs in to the management console. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **VPC Peering**. -#. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Reject Request** in the **Operation** column. -#. Click **Yes** in the displayed dialog box. - -Adding Routes for a VPC Peering Connection ------------------------------------------- - -If you request a VPC peering connection with a VPC in another account, the owner of the peer account must accept the request. To enable communication between the two VPCs, the owners of both the local and peer accounts need to add routes on the **Route Tables** page for the VPC peering connection. The owner of the local account can add only the local route because the owner does not have the required permission to perform operations on the peer VPC. The owner of the peer account must add the peer route. The procedure for adding a local route and a peer route is the same. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. Locate the VPC peering connection that you want to configure routes for in the connection list and click the connection name. - - The page showing the VPC peering connection details is displayed. - -#. Add routes for the VPC peering connection to the route table of the local VPC: - - a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the local VPC is displayed. - - b. Click the **Associated Subnets** tab to view the subnets associated with the default route table. - - - If there is the subnet to be connected by the VPC peering connection, - - #. Click the **Summary** tab of the route table and click **Add Route** to add a route to the default route table. - - :ref:`Table 2 ` describes the route parameters. - - - If the subnet to be connected by the VPC peering connection is not there, - - #. Return to the VPC list and switch to the subnet list of the VPC. - - #. Locate the row that contains the target subnet to be connected by the VPC peering connection, and click the route table name in the **Route Table** column. - - The **Summary** tab of the route table associated with the subnet is displayed. - - #. Click **Add Route** to add a route to the route table. - - :ref:`Table 2 ` describes the route parameters. - - .. _en-us_topic_0046655038__en-us_topic_0118498933_table97163496270: - - .. table:: **Table 2** Parameter description - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================+========================+ - | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Configuration Plans `. | 192.168.0.0/16 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - -#. Add routes for the VPC peering connection to the route table of the peer VPC: - - a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Click the **Associated Subnets** tab to view the subnets associated with the default route table. - - - If there is the subnet to be connected by the VPC peering connection, - - #. Click the **Summary** tab of the route table and click **Add Route** to add a route to the default route table. - - :ref:`Table 3 ` describes the route parameters. - - #. Click **OK**. - - - If the subnet to be connected by the VPC peering connection is not there, - - #. Return to the VPC list and switch to the subnet list of the VPC. - - #. Locate the row that contains the target subnet to be connected by the VPC peering connection, and click the route table name in the **Route Table** column. - - The **Summary** tab of the route table associated with the subnet is displayed. - - #. Click **Add Route** to add a route to the route table. - - :ref:`Table 3 ` describes the route parameters. - - #. Click **OK**. - - .. _en-us_topic_0046655038__en-us_topic_0118498933_table13697163914393: - - .. table:: **Table 3** Parameter description - - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Parameter | Description | Example Value | - +=======================+==============================================================================================================================================================+========================+ - | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Configuration Plans `. | 192.168.2.0/16 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-001 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - -After a VPC peering connection is created, the two VPCs can communicate with each other through private IP addresses. You can run the **ping** command to check whether the two VPCs can communicate with each other. - -If two VPCs cannot communicate with each other, check the configuration by following the instructions provided in :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` - -.. _en-us_topic_0046655038__en-us_topic_0118498933_section41291933224121: - -Obtaining the Peer Project ID ------------------------------ - -#. The owner of the peer account logs in to the management console. -#. Select **My Credentials** from the username drop-down list. -#. On the **Projects** tab, obtain the required project ID. - -.. _en-us_topic_0046655038__en-us_topic_0118498933_section19734314164713: - -Obtaining the Peer VPC ID -------------------------- - -#. The owner of the peer account logs in to the management console. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Click the target VPC name and view VPC ID on the VPC details page. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst deleted file mode 100644 index f246086..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ /dev/null @@ -1,179 +0,0 @@ -:original_name: en-us_topic_0046655037.html - -.. _en-us_topic_0046655037: - -Creating a VPC Peering Connection with Another VPC in Your Account -================================================================== - -Scenarios ---------- - -To create a VPC peering connection, first create a request to peer with another VPC. You can request a VPC peering connection with another VPC in your account, but the two VPCs must be in the same region. The system automatically accepts the request. - -Prerequisites -------------- - -Two VPCs in the same region have been created. - -Creating a VPC Peering Connection ---------------------------------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the right pane displayed, click **Create VPC Peering Connection**. - -6. Configure parameters as prompted. You must select **My account** for **Account**. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0167839112.png - :alt: **Figure 1** Create VPC Peering Connection - - **Figure 1** Create VPC Peering Connection - - .. _en-us_topic_0046655037__en-us_topic_0118498960_table1215761020244: - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+==========================================================================================================================================================+=======================+ - | Name | The name of the VPC peering connection. | peering-001 | - | | | | - | | The name contains a maximum of 64 characters, which consist of letters, digits, hyphens (-), and underscores (_). | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Local VPC | The local VPC. You can select one from the drop-down list. | vpc_002 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Local VPC CIDR Block | The CIDR block for the local VPC. | 192.168.10.0/24 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Account | The account to which the peer VPC belongs. | My account | - | | | | - | | - **My account**: The VPC peering connection will be created between two VPCs, in the same region, in your account. | | - | | - **Another account**: The VPC peering connection will be created between your VPC and a VPC in another account, in the same region. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer Project | The peer project name. The project name of the current project is used by default. | aaa | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer VPC | The peer VPC. You can select one from the drop-down list if the VPC peering connection is created between two VPCs in your own account. | vpc_fab1 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer VPC CIDR Block | The CIDR block for the peer VPC. | 192.168.2.0/24 | - | | | | - | | The local and peer VPCs cannot have matching or overlapping CIDR blocks. Otherwise, the routes added for the VPC peering connection may not take effect. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -Adding Routes for a VPC Peering Connection ------------------------------------------- - -If you request a VPC peering connection with another VPC in your own account, the system automatically accepts the request. To enable communication between the two VPCs, you need to add local and peer routes on the **Route Tables** page for the VPC peering connection. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. Locate the VPC peering connection that you want to configure routes for in the connection list and click the connection name. - - The page showing the VPC peering connection details is displayed. - -#. Add routes for the VPC peering connection to the route table of the local VPC: - - a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the local VPC is displayed. - - b. Click the **Associated Subnets** tab to view the subnets associated with the default route table. - - - If there is the subnet to be connected by the VPC peering connection, - - #. Click the **Summary** tab of the route table and click **Add Route** to add a route to the default route table. - - :ref:`Table 2 ` describes the route parameters. - - - If the subnet to be connected by the VPC peering connection is not there, - - #. Return to the VPC list and switch to the subnet list of the VPC. - - #. Locate the row that contains the target subnet to be connected by the VPC peering connection, and click the route table name in the **Route Table** column. - - The **Summary** tab of the route table associated with the subnet is displayed. - - #. Click **Add Route** to add a route to the route table. - - :ref:`Table 2 ` describes the route parameters. - - .. _en-us_topic_0046655037__en-us_topic_0118498960_table97163496270: - - .. table:: **Table 2** Parameter description - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================+========================+ - | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Configuration Plans `. | 192.168.0.0/16 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - -5. Add routes for the VPC peering connection to the route table of the peer VPC: - - a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Click the **Associated Subnets** tab to view the subnets associated with the default route table. - - - If there is the subnet to be connected by the VPC peering connection, - - #. Click the **Summary** tab of the route table and click **Add Route** to add a route to the default route table. - - :ref:`Table 3 ` describes the route parameters. - - #. Click **OK**. - - - If the subnet to be connected by the VPC peering connection is not there, - - #. Return to the VPC list and switch to the subnet list of the VPC. - - #. Locate the row that contains the target subnet to be connected by the VPC peering connection, and click the route table name in the **Route Table** column. - - The **Summary** tab of the route table associated with the subnet is displayed. - - #. Click **Add Route** to add a route to the route table. - - :ref:`Table 3 ` describes the route parameters. - - #. Click **OK**. - - .. _en-us_topic_0046655037__en-us_topic_0118498960_table13697163914393: - - .. table:: **Table 3** Parameter description - - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Parameter | Description | Example Value | - +=======================+==============================================================================================================================================================+========================+ - | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Configuration Plans `. | 192.168.2.0/16 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-001 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - -After a VPC peering connection is created, the two VPCs can communicate with each other through private IP addresses. You can run the **ping** command to check whether the two VPCs can communicate with each other. - -If two VPCs cannot communicate with each other, check the configuration by following the instructions provided in :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst deleted file mode 100644 index a50e20e..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_peering_0003.html - -.. _vpc_peering_0003: - -Deleting a VPC Peering Connection -================================= - -Scenarios ---------- - -The owners of both the local and peer accounts can delete a VPC peering connection in any state. After a VPC peering connection is deleted, routes configured for the connection will be automatically deleted as well. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Locate the target VPC peering connection and click **Delete** in the **Operation** column. - -7. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst deleted file mode 100644 index f078cd5..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst +++ /dev/null @@ -1,41 +0,0 @@ -:original_name: vpc_peering_0006.html - -.. _vpc_peering_0006: - -Deleting a VPC Peering Route -============================ - -Scenarios ---------- - -After routes are added for a VPC peering connection, the owners of both the local and peer accounts can delete the routes on the **Route Tables** page. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the connection list, locate the VPC peering connection that you need to delete routes. -#. Click the name of the VPC peering connection to switch to the page showing details about the connection. -#. Delete the route added to the route table of the local VPC: - - a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the local VPC is displayed. - - b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - c. Click **Yes**. - -#. Delete the route added to the route table of the peer VPC: - - a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - c. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst deleted file mode 100644 index 9966475..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_peering_0002.html - -.. _vpc_peering_0002: - -Modifying a VPC Peering Connection -================================== - -Scenarios ---------- - -The owners of both the local and peer accounts can modify a VPC peering connection in any state. The VPC peering connection name can be changed. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Locate the target VPC peering connection and click **Modify** in the **Operation** column. In the displayed dialog box, modify information about the VPC peering connection. - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst deleted file mode 100644 index 217dd5f..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ /dev/null @@ -1,26 +0,0 @@ -:original_name: vpc_peering_0004.html - -.. _vpc_peering_0004: - -Viewing Routes Configured for a VPC Peering Connection -====================================================== - -Scenarios ---------- - -After routes are added for a VPC peering connection, the owners of both the local and peer accounts can view information about the routes on the page showing details about the VPC peering connection. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **VPC Peering**. -5. Locate the target VPC peering connection in the connection list. -6. Click the name of the VPC peering connection to switch to the page showing details about the connection. -7. On the displayed page, click the **Local Routes** tab and view information about the local route added for the VPC peering connection. -8. On the page showing details about the VPC peering connection, click the **Peer Routes** tab and view information about the peer route added for the VPC peering connection. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst deleted file mode 100644 index 247a72b..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_peering_0001.html - -.. _vpc_peering_0001: - -Viewing VPC Peering Connections -=============================== - -Scenarios ---------- - -The owners of both the local and peer accounts can view information about the created VPC peering connections and those that are still waiting to be accepted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Click the VPC peering connection name. On the displayed page, view detailed information about the VPC peering connection. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst deleted file mode 100644 index ff32167..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst +++ /dev/null @@ -1,75 +0,0 @@ -:original_name: en-us_topic_0046809840.html - -.. _en-us_topic_0046809840: - -VPC Peering Connection Configuration Plans -========================================== - -To enable two VPCs in the same region to communicate with each other, you can create a VPC peering connection between them. The VPC and subnet CIDR blocks must meet the requirements in :ref:`Table 1 `. - -.. _en-us_topic_0046809840__en-us_topic_0118499087_table461583720304: - -.. table:: **Table 1** Requirements for VPC and subnet CIDR blocks - - +-----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+ - | Requirement | Description | - +=============================================================================+=====================================================================================================================================================+ - | - VPC CIDR blocks do not overlap. | A VPC peering connection can enable communications between the entire VPC CIDR blocks. The destination of a route is a VPC CIDR block. | - | - There are no requirements on subnet CIDR blocks. | | - | | For details, see :ref:`Route Configurations for Connecting Entire VPCs `. | - +-----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+ - | - VPC CIDR blocks overlap. | A VPC peering connection can enable communications between subnets in the VPCs. The destination of a route is a subnet CIDR block. | - | - Subnet CIDR blocks connected by a VPC peering connection cannot overlap. | | - | | For details, see :ref:`Route Configurations for Connecting Specific Subnets `. | - +-----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _en-us_topic_0046809840__en-us_topic_0118499087_section11900751101219: - -Route Configurations for Connecting Entire VPCs ------------------------------------------------ - -- Connections can be: - - - Between two VPCs - - Among multiple VPCs - -- If you need to configure routes that point to entire VPCs, none of the VPCs involved in VPC peering connections can overlap. Otherwise, VPC peering connections will not take effect because the routes will be unreachable. -- The destination of the route that points to an entire VPC is the CIDR block of the peer VPC, and the next hop is the VPC peering connection ID. - -.. _en-us_topic_0046809840__en-us_topic_0118499087_section1370341061310: - -Route Configurations for Connecting Specific Subnets ----------------------------------------------------- - -If VPCs connected by a VPC peering connection have overlapping CIDR blocks, the connection can only enable communications between non-overlapping subnets in the VPCs. If subnets in the two VPCs of a VPC peering connection overlap with each other, the connection will not take effect. When you create a VPC peering connection, ensure that the VPCs involved do not contain overlapping subnets. - -For example, VPC 1 and VPC 2 have matching CIDR blocks, but the subnets in the two VPCs do not overlap. A VPC peering connection can be created between pairs of subnets that do not overlap with each other. The route table is used to control the specific subnets that the VPC peering connection is created for. :ref:`Figure 1 ` shows a VPC peering connection created between two subnets. Routes are required to enable communication between Subnet A in VPC 1 and Subnet X in VPC 2. - -.. _en-us_topic_0046809840__en-us_topic_0118499087_fig95191521148: - -.. figure:: /_static/images/en-us_image_0194358487.png - :alt: **Figure 1** VPC peering connection between Subnet A and Subnet X - - **Figure 1** VPC peering connection between Subnet A and Subnet X - -:ref:`Figure 2 ` shows the routes configured for the VPC peering connection between Subnet A and Subnet X. After the routes are configured, Subnet A and Subnet X can communicate with each other. - -.. _en-us_topic_0046809840__en-us_topic_0118499087_fig13211186151514: - -.. figure:: /_static/images/en-us_image_0194358495.png - :alt: **Figure 2** Route tables for the VPC peering connection between Subnet A and Subnet X - - **Figure 2** Route tables for the VPC peering connection between Subnet A and Subnet X - -If two VPCs have overlapping subnets, a VPC peering connection created between the two subnets will not take effect, and the subnets cannot communicate with each other. - -As shown in :ref:`Figure 3 `, a VPC peering connection is created between subnet A of VPC1 and subnet X of VPC2. Subnet B of VPC1 and subnet X of VPC2 overlap with each other. If the destination of a route in the route table of VPC1 is set to the CIDR block of subnet X in VPC2, this route will conflict with the system route of subnet B in VPC1. Subnet A preferentially accesses subnet B and the VPC peering connection does not take effect. - -.. _en-us_topic_0046809840__en-us_topic_0118499087_fig1253173812157: - -.. figure:: /_static/images/en-us_image_0194358504.png - :alt: **Figure 3** Invalid VPC peering connection - - **Figure 3** Invalid VPC peering connection - -If peering connections are used to link VPC 1 to multiple VPCs, for example, VPC 2, VPC 3, and VPC 4, the subnets of VPC 1 cannot overlap with those of VPC 2, VPC 3, and VPC 4. If VPC 2, VPC 3, and VPC 4 have overlapping subnets, a VPC peering connection can be created between only one of these overlapping subnets and a subnet of VPC 1. If a VPC peering connection is created between a subnet and the other *N* subnets, none of the subnets can overlap. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst deleted file mode 100644 index aa87a53..0000000 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: en-us_topic_0046655036.html - -.. _en-us_topic_0046655036: - -VPC Peering Connection Creation Procedure -========================================= - -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. - -- Creating a VPC peering connection between VPCs in your account - - - .. figure:: /_static/images/en-us_image_0162335561.png - :alt: **Figure 1** Creating a VPC peering connection between VPCs in your account - - **Figure 1** Creating a VPC peering connection between VPCs in your account - - If you create a VPC peering connection between two VPCs in your account, the system accepts the connection by default. You need to add routes for the local and peer VPCs to enable communication between the two VPCs. - -- Creating a VPC peering connection with a VPC in another account - - - .. figure:: /_static/images/en-us_image_0162335565.png - :alt: **Figure 2** Creating a VPC peering connection with a VPC in another account - - **Figure 2** Creating a VPC peering connection with a VPC in another account - - If you create a VPC peering connection between your VPC and a VPC that is in another account, the VPC peering connection will be in the **Awaiting acceptance** state. After the owner of the peer account accepts the connection, the connection status changes to **Accepted**. The owners of both the local and peer accounts must configure the routes required by the VPC peering connection to enable communication between the two VPCs. - - If the local and peer VPCs have overlapping CIDR blocks, the routes added for the VPC peering connection may become invalid. Before creating a VPC peering connection between two VPCs that have overlapping CIDR blocks, ensure that none of the subnets in the two VPCs overlap. If none of the subnets in the two VPCs overlap, the VPC peering connection you created enables communication between subnets in the two VPCs. - - After a VPC peering connection is created, you can use the ping command to check whether the local network is connected. The ping command cannot be used to check whether the gateway of the peer subnet is connected. diff --git a/umn/source/operation_guide_old_console_edition/direct_connect.rst b/umn/source/operation_guide_old_console_edition/direct_connect.rst deleted file mode 100644 index 5dfb4fe..0000000 --- a/umn/source/operation_guide_old_console_edition/direct_connect.rst +++ /dev/null @@ -1,10 +0,0 @@ -:original_name: vpc_dc02_0001.html - -.. _vpc_dc02_0001: - -Direct Connect -============== - -Direct Connect allows you to establish a dedicated network connection between your data center and the cloud platform. With Direct Connect, you can establish a private connection between the cloud platform and your data center, office, or collocation environment, which can reduce your network latency and provide a more consistent network experience than Internet-based connections. - -For more information about Direct Connect, see the *Direct Connect User Guide*. diff --git a/umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst deleted file mode 100644 index ed57fd2..0000000 --- a/umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ /dev/null @@ -1,121 +0,0 @@ -:original_name: vpc_eip02_0001.html - -.. _vpc_eip02_0001: - -Assigning an EIP and Binding It to an ECS -========================================= - -Scenarios ---------- - -You can assign an EIP and bind it to an ECS so that the ECS can access the Internet. - -.. note:: - - EIPs for dedicated load balancers: - - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. - -Assigning an EIP ----------------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Elastic IP**. - -#. On the displayed page, click **Assign EIP**. - -#. Set the parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0000001117669274.png - :alt: **Figure 1** Assign EIP - - **Figure 1** Assign EIP - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - - .. _vpc_eip02_0001__en-us_topic_0118498850_table36606052153313: - - .. table:: **Table 2** EIP tag requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirement | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | Ipv4_key1 | - | | - Must be unique for each EIP. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **Create Now**. - -#. Click **Submit**. - -Binding an EIP --------------- - -#. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. - -#. Select the instance to which you want to bind the EIP. - - - .. figure:: /_static/images/en-us_image_0000001166028070.png - :alt: **Figure 2** Bind EIP - - **Figure 2** Bind EIP - -#. Click **OK**. - -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` - -Follow-Up Procedure -------------------- - -After an ECS with an EIP bound is created, the system generates a domain name in the format of **ecs-**\ *xx-xx-xx-xx*\ **.compute.**\ *xxx*\ **.com** for the EIP by default. *xx-xx-xx-xx* indicates the EIP, and xxx indicates the domain name of the cloud service provider. You can use the domain name to access the ECS. - -You can use any of the following commands to obtain the domain name of an EIP: - -- ping -a *EIP* -- nslookup [-qt=ptr] *EIP* -- dig -x *EIP* - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/eip/index.rst b/umn/source/operation_guide_old_console_edition/eip/index.rst deleted file mode 100644 index 9b20f37..0000000 --- a/umn/source/operation_guide_old_console_edition/eip/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -:original_name: vpc_eip02_0000.html - -.. _vpc_eip02_0000: - -EIP -=== - -- :ref:`Assigning an EIP and Binding It to an ECS ` -- :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` -- :ref:`Managing EIP Tags ` -- :ref:`Modifying an EIP Bandwidth ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - assigning_an_eip_and_binding_it_to_an_ecs - unbinding_an_eip_from_an_ecs_and_releasing_the_eip - managing_eip_tags - modifying_an_eip_bandwidth diff --git a/umn/source/operation_guide_old_console_edition/eip/managing_eip_tags.rst b/umn/source/operation_guide_old_console_edition/eip/managing_eip_tags.rst deleted file mode 100644 index c47119c..0000000 --- a/umn/source/operation_guide_old_console_edition/eip/managing_eip_tags.rst +++ /dev/null @@ -1,93 +0,0 @@ -:original_name: vpc_eip02_0003.html - -.. _vpc_eip02_0003: - -Managing EIP Tags -================= - -Scenarios ---------- - -Tags can be added to EIPs to facilitate EIP identification and administration. You can add a tag to an EIP when assigning the EIP. Alternatively, you can add a tag to an assigned EIP on the EIP details page. A maximum of 20 tags can be added to each EIP. - -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. - -.. _vpc_eip02_0003__en-us_topic_0118499005_ted9687ca14074ef785241145365a6175: - -.. table:: **Table 1** EIP tag requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirement | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | Ipv4_key1 | - | | - Must be unique for each EIP. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -Procedure ---------- - -**Searching for EIPs by tag key and value on the page showing the EIP list** - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Elastic IP**. - -#. In the upper right corner of the EIP list, click **Search by Tag**. - -#. In the displayed area, enter the tag key and value of the EIP you are looking for. - - You must specify both the tag key and value. The system will display the EIPs that contain the tag you specified. - -#. Click **+** to add another tag key and value. - - You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for EIPs, the system will display only the EIPs that contain all of the tags you specified. - -#. Click **Search**. - - The system displays the EIPs you are looking for based on the entered tag keys and values. - -**Adding, deleting, editing, and viewing tags on the Tags tab of an EIP** - -#. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, locate the EIP whose tags you want to manage, and click the EIP name. -#. On the page showing EIP details, click the **Tags** tab and perform desired operations on tags. - - - View tags. - - On the **Tags** tab, you can view details about tags added to the current EIP, including the number of tags and the key and value of each tag. - - - Add a tag. - - Click **Add Tag** in the upper left corner. In the displayed **Add Tag** dialog box, enter the tag key and value, and click **OK**. - - - Edit a tag. - - Locate the row that contains the tag you want to edit, and click **Edit** in the **Operation** column. Enter the new tag value, and click **OK**. - - The tag key cannot be modified. - - - Delete a tag. - - Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/eip/modifying_an_eip_bandwidth.rst b/umn/source/operation_guide_old_console_edition/eip/modifying_an_eip_bandwidth.rst deleted file mode 100644 index 1a27bdc..0000000 --- a/umn/source/operation_guide_old_console_edition/eip/modifying_an_eip_bandwidth.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_eip02_0004.html - -.. _vpc_eip02_0004: - -Modifying an EIP Bandwidth -========================== - -Scenarios ---------- - -Modify the EIP bandwidth name or size. - -.. note:: - - This section describes how to modify the dedicated bandwidth or shared bandwidth of an EIP. For details about how to modify a shared bandwidth, see :ref:`Modifying a Shared Bandwidth `. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Elastic IP**. - -#. Locate the row that contains the target EIP in the EIP list, click **More** in the **Operation** column, and select **Modify Bandwidth**. - -#. Modify the bandwidth parameters as prompted. - -#. Click **Next**. - -#. Click **Submit**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst deleted file mode 100644 index 772e299..0000000 --- a/umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst +++ /dev/null @@ -1,60 +0,0 @@ -:original_name: vpc_eip02_0002.html - -.. _vpc_eip02_0002: - -Unbinding an EIP from an ECS and Releasing the EIP -================================================== - -Scenarios ---------- - -If you no longer need an EIP, unbind it from the ECS and release the EIP to avoid wasting network resources. - -Notes and Constraints ---------------------- - -- EIP assigned together with your load balancers will also be displayed in the EIP list on the VPC console. On the EIP console or using EIP APIs, you cannot bind EIPs to or unbind them from dedicated load balancers, but you can bind EIPs to or unbind them from shared load balancers. -- You can only release EIPs that are not bound to any resources. - -Procedure ---------- - -**Unbinding a single EIP** - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, locate the row that contains the target EIP, and click **Unbind**. -#. Click **Yes** in the displayed dialog box. - -**Releasing a single EIP** - -#. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. -5. Click **Yes** in the displayed dialog box. - -**Unbinding multiple EIPs at once** - -#. Log in to the management console. -#. Click |image3| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, select the EIPs to be unbound. -#. Click the **Unbind** button located above the EIP list. -#. Click **Yes** in the displayed dialog box. - -**Releasing multiple EIPs at once** - -#. Log in to the management console. -#. Click |image4| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Elastic IP**. -#. On the displayed page, select the EIPs to be released. -#. Click the **Release** button located above the EIP list. -#. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/index.rst b/umn/source/operation_guide_old_console_edition/index.rst deleted file mode 100644 index 59f889f..0000000 --- a/umn/source/operation_guide_old_console_edition/index.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_oldui_0000.html - -.. _vpc_oldui_0000: - -Operation Guide (Old Console Edition) -===================================== - -- :ref:`VPC and Subnet ` -- :ref:`Security ` -- :ref:`EIP ` -- :ref:`Shared Bandwidth ` -- :ref:`Route Table ` -- :ref:`VPC Peering Connection ` -- :ref:`VPC Flow Log ` -- :ref:`Direct Connect ` -- :ref:`Virtual IP Address ` -- :ref:`Monitoring ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - vpc_and_subnet/index - security/index - eip/index - shared_bandwidth/index - route_table/index - vpc_peering_connection/index - vpc_flow_log/index - direct_connect - virtual_ip_address/index - monitoring/index diff --git a/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst b/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst deleted file mode 100644 index dfcc52c..0000000 --- a/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_monitor02_0003.html - -.. _vpc_monitor02_0003: - -Creating an Alarm Rule -====================== - -Scenarios ---------- - -You can configure alarm rules to customize the monitored objects and notification policies. You can learn your resource statuses at any time. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. - -4. In the left navigation pane on the left, choose **Alarm Management** > **Alarm Rules**. - -5. On the **Alarm Rules** page, click **Create Alarm Rule** and set required parameters, or modify an existing alarm rule. - -6. After the parameters are set, click **Create**. - - After the alarm rule is created, the system automatically notifies you if an alarm is triggered for the VPC service. - - .. note:: - - For more information about alarm rules, see the *Cloud Eye User Guide*. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/monitoring/index.rst b/umn/source/operation_guide_old_console_edition/monitoring/index.rst deleted file mode 100644 index 6136150..0000000 --- a/umn/source/operation_guide_old_console_edition/monitoring/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -:original_name: vpc_monitor02_0000.html - -.. _vpc_monitor02_0000: - -Monitoring -========== - -- :ref:`Supported Metrics ` -- :ref:`Viewing Metrics ` -- :ref:`Creating an Alarm Rule ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - supported_metrics - viewing_metrics - creating_an_alarm_rule diff --git a/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst b/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst deleted file mode 100644 index 59c9fd2..0000000 --- a/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst +++ /dev/null @@ -1,79 +0,0 @@ -:original_name: vpc_monitor02_0001.html - -.. _vpc_monitor02_0001: - -Supported Metrics -================= - -Description ------------ - -This section describes the namespace, list, and measurement dimensions of EIP and bandwidth metrics that you can check on Cloud Eye. You can use APIs or the Cloud Eye console to query the metrics of the monitored metrics and alarms generated for EIPs and bandwidths. - -Namespace ---------- - -SYS.VPC - -Monitoring Metrics ------------------- - -.. table:: **Table 1** EIP and bandwidth metrics - - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | - +======================+====================+=================================================+=============+==================+================================+ - | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | up_stream | Outbound Traffic | Network traffic going out of the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | down_stream | Inbound Traffic | Network traffic going into the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - -Dimensions ----------- - -============ ============ -Key Value -============ ============ -publicip_id EIP ID -bandwidth_id Bandwidth ID -============ ============ - -If a monitored object has multiple dimensions, all dimensions are mandatory when you use APIs to query the metrics. - -- Query a monitoring metric: - - dim.0=bandwidth_id,530cd6b0-86d7-4818-837f-935f6a27414d&dim.1=publicip_id,3773b058-5b4f-4366-9035-9bbd9964714a - -- Query monitoring metrics in batches: - - "dimensions": [ - - { - - "name": "bandwidth_id", - - "value": "530cd6b0-86d7-4818-837f-935f6a27414d" - - } - - { - - "name": "publicip_id", - - "value": "3773b058-5b4f-4366-9035-9bbd9964714a" - - } - - ], diff --git a/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst b/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst deleted file mode 100644 index 54f97e5..0000000 --- a/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst +++ /dev/null @@ -1,23 +0,0 @@ -:original_name: vpc_monitor02_0002.html - -.. _vpc_monitor02_0002: - -Viewing Metrics -=============== - -Scenarios ---------- - -View related metrics to see bandwidth and EIP usage information. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. -4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. -5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/adding_a_custom_route.rst b/umn/source/operation_guide_old_console_edition/route_table/adding_a_custom_route.rst deleted file mode 100644 index 86cf28e..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/adding_a_custom_route.rst +++ /dev/null @@ -1,33 +0,0 @@ -:original_name: vpc_route02_0003.html - -.. _vpc_route02_0003: - -Adding a Custom Route -===================== - -Scenarios ---------- - -If ECSs in a VPC need to access the Internet, add a custom route to enable the ECSs to access the Internet through an ECS that has an EIP bound. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC to which a route is to be added and click the VPC name. -#. On the **Route Tables** tab, click **Add Route**. -#. Set route details on the displayed page. - - - **Destination** indicates the destination CIDR block. The default value is **0.0.0.0/0**. If the traffic originates from a VPC, the destination can be a subnet CIDR block in this VPC. If the traffic originates from outside the VPC, the destination CIDR block cannot conflict with any of the subnet CIDR blocks in this VPC. The destination of each route must be unique. - - **Next Hop**: indicates the IP address of the next hop. Set it to a private IP address or a virtual IP address in a VPC. - - .. note:: - - If the next hop is a virtual IP address, an EIP must be bound to the virtual IP address. Otherwise, access to the Internet through this virtual IP address is not possible. (A custom route is used to forward traffic from the virtual IP address to the Internet.) - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0226820252.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst b/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst deleted file mode 100644 index f2c9420..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst +++ /dev/null @@ -1,139 +0,0 @@ -:original_name: vpc_route02_0002.html - -.. _vpc_route02_0002: - -Configuring an SNAT Server -========================== - -Scenarios ---------- - -To use the route table function provided by the VPC service, you need to configure SNAT on an ECS to enable other ECSs that do not have EIPs bound in a VPC to access the Internet through this ECS. - -The configured SNAT takes effect for all subnets in a VPC. - -Prerequisites -------------- - -- You have an ECS where SNAT is to be configured. -- The ECS where SNAT is to be configured runs the Linux OS. -- The ECS where SNAT is to be configured has only one network interface card (NIC). - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Compute**, click **Elastic Cloud Server**. - -4. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. - -5. On the displayed ECS details page, click the **NICs** tab. - -6. Click the NIC IP address. In the displayed area showing the NIC details, disable the source/destination check function. - - By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. Therefore, you need to disable the source/destination check for SNAT servers. - -7. Bind an EIP. - - - Bind an EIP with the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. - - Bind an EIP with the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. - -8. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. - -9. Run the following command and enter the password of user **root** to switch to user **root**: - - **su - root** - -10. Run the following command to check whether the ECS can successfully connect to the Internet: - - .. note:: - - Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and enable the security group rules. - - **ping www.google.com** - - The ECS can access the Internet if the following information is displayed: - - .. code-block:: console - - [root@localhost ~]# ping www.google.com - PING www.a.shifen.com (xxx.xxx.xxx.xxx) 56(84) bytes of data. - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms - -11. Run the following command to check whether IP forwarding of the Linux OS is enabled: - - **cat /proc/sys/net/ipv4/ip_forward** - - In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - - - If IP forwarding in Linux is enabled, go to step :ref:`14 `. - - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable IP forwarding in Linux. - - Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. - -12. .. _vpc_route02_0002__en-us_topic_0118499009_li3948189019612: - - Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. - -13. Run the following command to make the change take effect: - - **sysctl -p /etc/sysctl.conf** - -14. .. _vpc_route02_0002__en-us_topic_0118499009_li2168883919851: - - Configure SNAT. - - Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: :ref:`Figure 1 ` shows the example command. - - **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** - - .. _vpc_route02_0002__en-us_topic_0118499009_fig27328760201321: - - .. figure:: /_static/images/en-us_image_0118498992.png - :alt: **Figure 1** Configuring SNAT - - **Figure 1** Configuring SNAT - - .. note:: - - - To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. - - a. Run the following command to switch to the **/etc/sysctl.conf** file: - - **vi /etc/rc.local** - - b. Perform :ref:`14 ` to configure SNAT. - - c. Run the following command to save the configuration and exit: - - **:wq** - - d. Run the following command to add the execute permission for the **rc.local** file: - - **# chmod +x /etc/rc.local** - - - To ensure that the configuration takes effect, run the **iptables -L** command to check whether the configured rules conflict with each other. - -15. Run the following command to check whether the operation is successful: If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the operation was successful. - - **iptables -t nat --list** - - .. _vpc_route02_0002__en-us_topic_0118499009_fig8358771201535: - - .. figure:: /_static/images/en-us_image_0118499109.png - :alt: **Figure 2** Verifying configuration - - **Figure 2** Verifying configuration - -16. Add a route. For details, see section :ref:`Adding a Custom Route `. - - Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. - -After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/deleting_a_route.rst b/umn/source/operation_guide_old_console_edition/route_table/deleting_a_route.rst deleted file mode 100644 index 02934db..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/deleting_a_route.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_route02_0006.html - -.. _vpc_route02_0006: - -Deleting a Route -================ - -Scenarios ---------- - -Delete a route if it is no longer required. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC that the route to be deleted belongs to and click the VPC name. -#. Click the **Route Tables** tab. On the displayed page, locate the row that contains the route to be deleted, and click **Delete** in the **Operation** column. -#. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0226820247.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/index.rst b/umn/source/operation_guide_old_console_edition/route_table/index.rst deleted file mode 100644 index 6aeb808..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_route02_0000.html - -.. _vpc_route02_0000: - -Route Table -=========== - -- :ref:`Route Table Overview ` -- :ref:`Configuring an SNAT Server ` -- :ref:`Adding a Custom Route ` -- :ref:`Querying a Route Table ` -- :ref:`Modifying a Route ` -- :ref:`Deleting a Route ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - route_table_overview - configuring_an_snat_server - adding_a_custom_route - querying_a_route_table - modifying_a_route - deleting_a_route diff --git a/umn/source/operation_guide_old_console_edition/route_table/modifying_a_route.rst b/umn/source/operation_guide_old_console_edition/route_table/modifying_a_route.rst deleted file mode 100644 index 48edb56..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/modifying_a_route.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_route02_0005.html - -.. _vpc_route02_0005: - -Modifying a Route -================= - -Scenarios ---------- - -Change the destination and next hop of the route. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC to which the route to be modified belongs and click the VPC name. -#. Click the **Route Tables** tab. On the displayed page, locate the row that contains the route to be modified, and click **Modify** in the **Operation** column. Modify the route information in the displayed dialog box. -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/querying_a_route_table.rst b/umn/source/operation_guide_old_console_edition/route_table/querying_a_route_table.rst deleted file mode 100644 index fdc79d8..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/querying_a_route_table.rst +++ /dev/null @@ -1,23 +0,0 @@ -:original_name: vpc_route02_0004.html - -.. _vpc_route02_0004: - -Querying a Route Table -====================== - -Scenarios ---------- - -You can query information about a route table or all route tables. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC that the route to be queried belongs to and click the VPC name. -#. View information about a single route or all routes in the route list. - -.. |image1| image:: /_static/images/en-us_image_0226820250.png diff --git a/umn/source/operation_guide_old_console_edition/route_table/route_table_overview.rst b/umn/source/operation_guide_old_console_edition/route_table/route_table_overview.rst deleted file mode 100644 index f44aae1..0000000 --- a/umn/source/operation_guide_old_console_edition/route_table/route_table_overview.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_route02_0001.html - -.. _vpc_route02_0001: - -Route Table Overview -==================== - -A custom route is a user-defined routing rule added to a VPC. diff --git a/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst b/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst deleted file mode 100644 index 3d4e941..0000000 --- a/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst +++ /dev/null @@ -1,40 +0,0 @@ -:original_name: vpc_acl02_0015.html - -.. _vpc_acl02_0015: - -Differences Between Security Groups and Firewalls -================================================= - -You can configure security groups and firewall to increase the security of ECSs in your VPC. - -- Security groups operate at the ECS level. -- Firewalls operate at the subnet level. - -For details, see :ref:`Figure 1 `. - -.. _vpc_acl02_0015__en-us_topic_0118534001_fig9582182315479: - -.. figure:: /_static/images/en-us_image_0148244691.png - :alt: **Figure 1** Security groups and firewalls - - **Figure 1** Security groups and firewalls - -:ref:`Table 1 ` describes the differences between security groups and firewalls. - -.. _vpc_acl02_0015__en-us_topic_0118534001_table53053071174845: - -.. table:: **Table 1** Differences between security groups and firewalls - - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Category | Security Group | Firewall | - +==========+================================================================================================================================================+=============================================================================================================================================================================================================================================================================================================================+ - | Targets | Operates at the ECS level. | Operates at the subnet level. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Rules | Supports both **Allow** and **Deny** rules. | Supports both **Allow** and **Deny** rules. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Priority | If there are conflicting rules, they are combined and applied together. | If rules conflict, the rule with the highest priority takes effect. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Usage | Automatically applies to ECSs in the security group that is selected during ECS creation. You must select a security group when creating ECSs. | Applies to all ECSs in the subnets associated with the firewall. Selecting a firewall is not allowed during subnet creation. You must create a firewall, associate subnets with it, add inbound and outbound rules, and enable firewall. The firewall then takes effect for the associated subnets and ECSs in the subnets. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Packets | Only packet filtering based on the 3-tuple (protocol, port, and peer IP address) is supported. | Only packet filtering based on the 5-tuple (protocol, source port, destination port, source IP address, and destination IP address) is supported. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/adding_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/adding_a_firewall_rule.rst deleted file mode 100644 index 1a2606b..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/adding_a_firewall_rule.rst +++ /dev/null @@ -1,81 +0,0 @@ -:original_name: vpc_acl02_0004.html - -.. _vpc_acl02_0004: - -Adding a Firewall Rule -====================== - -Scenarios ---------- - -Add an inbound or outbound rule based on your network security requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, click **Add Rule** to add an inbound or outbound rule. - - - Click **+** to add more rules. - - Locate the row that contains the firewall rule and click **Replicate** in the **Operation** column to replicate an existing rule. - - - .. figure:: /_static/images/en-us_image_0152238989.png - :alt: **Figure 1** Add Inbound Rule - - **Figure 1** Add Inbound Rule - - .. table:: **Table 1** Parameter descriptions - - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +========================+================================================================================================================================================================================================================================================================+=======================+ - | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | - | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | - | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/associating_subnets_with_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/associating_subnets_with_a_firewall.rst deleted file mode 100644 index c5bb100..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/associating_subnets_with_a_firewall.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_acl02_0005.html - -.. _vpc_acl02_0005: - -Associating Subnets with a Firewall -=================================== - -Scenarios ---------- - -On the page showing firewall details, associate desired subnets with a firewall. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click the **Associated Subnets** tab. -7. On the **Associated Subnets** page, click **Associate**. -8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**. - -.. note:: - - Subnets that have already been associated with firewalls will not be displayed on the page for you to select. One-click subnet association and disassociation are not currently supported. Furthermore, a subnet can only be associated with one firewall. If you want to reassociate a subnet that has already been associated with another firewall, you must first disassociate the subnet from the original firewall. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst deleted file mode 100644 index 5b97bc7..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_acl02_0007.html - -.. _vpc_acl02_0007: - -Changing the Sequence of a Firewall Rule -======================================== - -Scenarios ---------- - -If you need a rule to take effect before or after a specific rule, you can insert that rule before or after the specific rule. - -If multiple firewall rules conflict, only the rule with the highest priority takes effect. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the target rule, click **More** in the **Operation** column, and select **Insert Rule Above** or **Insert Rule Below**. - -7. In the displayed dialog box, configure required parameters and click **OK**. - - The rule is inserted. The procedure for inserting an outbound rule is the same as that for inserting an inbound rule. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/creating_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/creating_a_firewall.rst deleted file mode 100644 index cb5f37d..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/creating_a_firewall.rst +++ /dev/null @@ -1,52 +0,0 @@ -:original_name: vpc_acl02_0003.html - -.. _vpc_acl02_0003: - -Creating a Firewall -=================== - -Scenarios ---------- - -You can create a custom firewall, but any newly created firewall will be disabled by default. It will not have any inbound or outbound rules, or have any subnets associated. Each user can create up to 200 firewalls by default. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. - -5. In the right pane displayed, click **Create firewall**. - -6. In the displayed dialog box, enter firewall information as prompted. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0129304042.png - :alt: **Figure 1** Create Firewall - - **Figure 1** Create Firewall - - .. _vpc_acl02_0003__en-us_topic_0118499011_table145313414319: - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================+=======================+ - | Name | The firewall name. This parameter is mandatory. | fw-92d3 | - | | | | - | | The name contains a maximum of 64 characters, which may consist of letters, digits, underscores (_), and hyphens (-). The name cannot contain spaces. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall.rst deleted file mode 100644 index dffa15a..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall.rst +++ /dev/null @@ -1,28 +0,0 @@ -:original_name: vpc_acl02_0014.html - -.. _vpc_acl02_0014: - -Deleting a Firewall -=================== - -Scenarios ---------- - -Delete a firewall when it is no longer required. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall in the right pane, click **More** in the **Operation** column, and click **Delete**. -6. Click **Yes**. - - .. note:: - - After a firewall is deleted, associated subnets are disassociated and added rules are deleted from the firewall. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall_rule.rst deleted file mode 100644 index 86787ce..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/deleting_a_firewall_rule.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_acl02_0010.html - -.. _vpc_acl02_0010: - -Deleting a Firewall Rule -======================== - -Scenarios ---------- - -Delete an inbound or outbound rule based on your network security requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Delete** in the **Operation** column. -7. Click **Yes** in the displayed dialog box. - -**Deleting multiple Firewall rules at a time** - -You can also select multiple firewall rules and click **Delete** above the firewall rule list to delete multiple rules at a time. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst deleted file mode 100644 index 9e63878..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_acl02_0006.html - -.. _vpc_acl02_0006: - -Disassociating a Subnet from a Firewall -======================================= - -Scenarios ---------- - -Disassociate a subnet from a firewall when necessary. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click the **Associated Subnets** tab. -7. On the **Associated Subnets** page, locate the row that contains the target subnet and click **Disassociate** in the **Operation** column. -8. Click **Yes** in the displayed dialog box. - -**Disassociating subnets from a firewall** - -Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the current firewall at a time. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst deleted file mode 100644 index 13691b7..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst +++ /dev/null @@ -1,26 +0,0 @@ -:original_name: vpc_acl02_0013.html - -.. _vpc_acl02_0013: - -Enabling or Disabling a Firewall -================================ - -Scenarios ---------- - -After a firewall is created, you may need to enable it based on network security requirements. You can also disable an enabled firewall if need. Before enabling a firewall, ensure that subnets have been associated with the firewall and that inbound and outbound rules have been added to the firewall. - -When a firewall is disabled, custom rules will become invalid. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules `. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the row that contains the target firewall in the right pane, click **More** in the **Operation** column, and click **Enable** or **Disable**. -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst deleted file mode 100644 index 56ea4c4..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_acl02_0009.html - -.. _vpc_acl02_0009: - -Enabling or Disabling a Firewall Rule -===================================== - -Scenarios ---------- - -Enable or disable an inbound or outbound rule based on your network security requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule, and click **More** and then **Enable** or **Disable** in the **Operation** column. - -7. Click **Yes** in the displayed dialog box. - - The rule is enabled or disabled. The procedure for enabling or disabling an outbound rule is the same as that for enabling or disabling an inbound rule. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst b/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst deleted file mode 100644 index 98027dd..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst +++ /dev/null @@ -1,84 +0,0 @@ -:original_name: vpc_acl02_0002.html - -.. _vpc_acl02_0002: - -Firewall Configuration Examples -=============================== - -This section provides examples for configuring firewalls. - -- :ref:`Denying Access from a Specific Port ` -- :ref:`Allowing Access from Specific Ports and Protocols ` - -.. _vpc_acl02_0002__en-us_topic_0144643911_section11312173319432: - -Denying Access from a Specific Port ------------------------------------ - -You might want to block TCP 445 to protect against the WannaCry ransomware attacks. You can add a firewall rule to deny all incoming traffic from TCP port 445. - -Firewall Configuration - -:ref:`Table 1 ` lists the inbound rule required. - -.. _vpc_acl02_0002__en-us_topic_0144643911_table553618145582: - -.. table:: **Table 1** firewall rules - - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------+ - | Direction | Action | Protocol | Source | Source Port Range | Destination | Destination Port Range | Description | - +===========+========+==========+===========+===================+=============+========================+==================================================================+ - | Inbound | Deny | TCP | 0.0.0.0/0 | 1-65535 | 0.0.0.0/0 | 445 | Denies inbound traffic from any IP address through TCP port 445. | - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------+ - | Inbound | Allow | All | 0.0.0.0/0 | 1-65535 | 0.0.0.0/0 | All | Allows all inbound traffic. | - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------+ - -.. note:: - - - By default, a firewall denies all inbound traffic. You need to allow all inbound traffic if necessary. - - If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see :ref:`Changing the Sequence of a Firewall Rule `. - -.. _vpc_acl02_0002__en-us_topic_0144643911_section61291659102216: - -Allowing Access from Specific Ports and Protocols -------------------------------------------------- - -In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic regardless of the port. You need to configure both the firewall rules and security group rules to allow the traffic. - -Firewall Configuration - -:ref:`Table 2 ` lists the inbound rule required. - -.. _vpc_acl02_0002__en-us_topic_0144643911_table195634095313: - -.. table:: **Table 2** firewall rules - - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------------------------------+ - | Direction | Action | Protocol | Source | Source Port Range | Destination | Destination Port Range | Description | - +===========+========+==========+===========+===================+=============+========================+==========================================================================================+ - | Inbound | Allow | TCP | 0.0.0.0/0 | 1-65535 | 0.0.0.0/0 | 80 | Allows inbound HTTP traffic from any IP address to ECSs in the subnet through port 80. | - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------------------------------+ - | Inbound | Allow | TCP | 0.0.0.0/0 | 1-65535 | 0.0.0.0/0 | 443 | Allows inbound HTTPS traffic from any IP address to ECSs in the subnet through port 443. | - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------------------------------+ - | Outbound | Allow | All | 0.0.0.0/0 | All | 0.0.0.0/0 | All | Allows all outbound traffic from the subnet. | - +-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------------------------------+ - -**Security group configuration** - -:ref:`Table 3 ` lists the inbound and outbound security group rules required. - -.. _vpc_acl02_0002__en-us_topic_0144643911_table30323767195135: - -.. table:: **Table 3** Security group rules - - +-----------+----------------------+------+------------------------+---------------------------------------------------------------------------------------------------------------+ - | Direction | Protocol/Application | Port | Source/Destination | Description | - +===========+======================+======+========================+===============================================================================================================+ - | Inbound | TCP | 80 | Source: 0.0.0.0/0 | Allows inbound HTTP traffic from any IP address to ECSs associated with the security group through port 80. | - +-----------+----------------------+------+------------------------+---------------------------------------------------------------------------------------------------------------+ - | Inbound | TCP | 443 | Source: 0.0.0.0/0 | Allows inbound HTTPS traffic from any IP address to ECSs associated with the security group through port 443. | - +-----------+----------------------+------+------------------------+---------------------------------------------------------------------------------------------------------------+ - | Outbound | All | All | Destination: 0.0.0.0/0 | Allows all outbound traffic from the security group. | - +-----------+----------------------+------+------------------------+---------------------------------------------------------------------------------------------------------------+ - -A firewall adds an additional layer of security. Even if the security group rules allow more traffic than that actually required, the firewall rules allow only access from HTTP port 80 and HTTPS port 443 and deny other inbound traffic. diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_overview.rst b/umn/source/operation_guide_old_console_edition/security/firewall/firewall_overview.rst deleted file mode 100644 index efe9932..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_overview.rst +++ /dev/null @@ -1,100 +0,0 @@ -:original_name: vpc_acl02_0001.html - -.. _vpc_acl02_0001: - -Firewall Overview -================= - -A firewall is an optional layer of security for your subnets. After you associate one or more subnets with a firewall, you can control traffic in and out of the subnets. - -:ref:`Figure 1 ` shows how a firewall works. - -.. _vpc_acl02_0001__en-us_topic_0144643910_fig9582182315479: - -.. figure:: /_static/images/en-us_image_0148244691.png - :alt: **Figure 1** Security groups and firewalls - - **Figure 1** Security groups and firewalls - -Similar to security groups, firewalls control access to subnets and add an additional layer of defense to your subnets. Security groups only have the "allow" rules, but firewalls have both "allow" and "deny" rules. You can use firewalls together with security groups to implement comprehensive and fine-grained access control. - -:ref:`Differences Between Security Groups and Firewalls ` summarizes the basic differences between security groups and firewalls. - -Firewall Basics ---------------- - -- Your VPC does not come with a firewall, but you can create a firewall and associate it with a VPC subnet if required. By default, each firewall denies all inbound traffic to and outbound traffic from the associated subnet until you add rules. -- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. -- Each newly created firewall is in the **Inactive** state until you associate subnets with it. - -.. _vpc_acl02_0001__en-us_topic_0144643910_section99541345213: - -Default Firewall Rules ----------------------- - -By default, each firewall has preset rules that allow the following packets: - -- Packets whose source and destination are in the same subnet - -- Broadcast packets with the destination 255.255.255.255/32, which is used to configure host startup information. - -- Multicast packets with the destination 224.0.0.0/24, which is used by routing protocols. - -- Metadata packets with the destination 169.254.169.254/32 and TCP port number 80, which is used to obtain metadata. - -- Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16) - -- A firewall denies all traffic in and out of a subnet excepting the preceding ones. :ref:`Table 1 ` shows the default firewall rules. You cannot modify or delete the default rules. - - .. _vpc_acl02_0001__en-us_topic_0144643910_table1034601475112: - - .. table:: **Table 1** Default firewall rules - - +-----------+----------+--------+----------+-----------+-------------+------------------------------+ - | Direction | Priority | Action | Protocol | Source | Destination | Description | - +===========+==========+========+==========+===========+=============+==============================+ - | Inbound | \* | Deny | All | 0.0.0.0/0 | 0.0.0.0/0 | Denies all inbound traffic. | - +-----------+----------+--------+----------+-----------+-------------+------------------------------+ - | Outbound | \* | Deny | All | 0.0.0.0/0 | 0.0.0.0/0 | Denies all outbound traffic. | - +-----------+----------+--------+----------+-----------+-------------+------------------------------+ - -Rule Priorities ---------------- - -- Each firewall rule has a priority value where a smaller value corresponds to a higher priority. Any time two rules conflict, the rule with the higher priority is the one that gets applied. The rule whose priority value is an asterisk (*) has the lowest priority. -- If multiple firewall rules conflict, only the rule with the highest priority takes effect. If you need a rule to take effect before or after a specific rule, you can insert that rule before or after the specific rule. - -Application Scenarios ---------------------- - -- If the application layer needs to provide services for users, traffic must be allowed to reach the application layer from all IP addresses. However, you also need to prevent illegal access from malicious users. - - Solution: You can add firewall rules to deny access from suspect IP addresses. - -- How can I isolate ports with identified vulnerabilities? For example, how do I isolate port 445 that can be exploited by WannaCry worm? - - Solution: You can add firewall rules to deny access traffic from a specific port and protocol, for example, TCP port 445. - -- No defense is required for the east-west traffic between subnets, but access control is required for north-south traffic. - - Solution: You can add firewall rules to protect north-south traffic. - -- For frequently accessed applications, a security rule sequence may need to be adjusted to improve performance. - - Solution: A firewall allows you to adjust the rule sequence so that frequently used rules are applied before other rules. - -Configuration Procedure ------------------------ - -:ref:`Figure 2 ` shows the procedure for configuring a firewall. - -.. _vpc_acl02_0001__en-us_topic_0144643910_fig1643183218163: - -.. figure:: /_static/images/en-us_image_0162335382.png - :alt: **Figure 2** firewall configuration procedure - - **Figure 2** firewall configuration procedure - -#. Create a firewall by following the steps described in :ref:`Creating a Firewall `. -#. Add firewall rules by following the steps described in :ref:`Adding a Firewall Rule `. -#. Associate subnets with the firewall by following the steps described in :ref:`Associating Subnets with a Firewall `. After subnets are associated with the firewall, the subnets will be protected by the configured firewall rules. diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/index.rst b/umn/source/operation_guide_old_console_edition/security/firewall/index.rst deleted file mode 100644 index 5e4ef2f..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/index.rst +++ /dev/null @@ -1,40 +0,0 @@ -:original_name: vpc_acl02_0000.html - -.. _vpc_acl02_0000: - -Firewall -======== - -- :ref:`Firewall Overview ` -- :ref:`Firewall Configuration Examples ` -- :ref:`Creating a Firewall ` -- :ref:`Adding a Firewall Rule ` -- :ref:`Associating Subnets with a Firewall ` -- :ref:`Disassociating a Subnet from a Firewall ` -- :ref:`Changing the Sequence of a Firewall Rule ` -- :ref:`Modifying a Firewall Rule ` -- :ref:`Enabling or Disabling a Firewall Rule ` -- :ref:`Deleting a Firewall Rule ` -- :ref:`Viewing a Firewall ` -- :ref:`Modifying a Firewall ` -- :ref:`Enabling or Disabling a Firewall ` -- :ref:`Deleting a Firewall ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - firewall_overview - firewall_configuration_examples - creating_a_firewall - adding_a_firewall_rule - associating_subnets_with_a_firewall - disassociating_a_subnet_from_a_firewall - changing_the_sequence_of_a_firewall_rule - modifying_a_firewall_rule - enabling_or_disabling_a_firewall_rule - deleting_a_firewall_rule - viewing_a_firewall - modifying_a_firewall - enabling_or_disabling_a_firewall - deleting_a_firewall diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall.rst deleted file mode 100644 index 3c2359c..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_acl02_0012.html - -.. _vpc_acl02_0012: - -Modifying a Firewall -==================== - -Scenarios ---------- - -Modify the name and description of a firewall. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click |image2| on the right of **Name** and edit the firewall name. -7. Click Y to save the new firewall name. -8. Click |image3| on the right of Description and edit the firewall description. -9. Click Y to save the new firewall description. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0142359884.png -.. |image3| image:: /_static/images/en-us_image_0142359884.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst deleted file mode 100644 index 73d56c2..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst +++ /dev/null @@ -1,80 +0,0 @@ -:original_name: vpc_acl02_0008.html - -.. _vpc_acl02_0008: - -Modifying a Firewall Rule -========================= - -Scenarios ---------- - -Modify an inbound or outbound firewall rule based on your network security requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Modify** in the **Operation** column. In the displayed dialog box, configure parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0285048674.png - :alt: **Figure 1** Modify Rule - - **Figure 1** Modify Rule - - .. _vpc_acl02_0008__en-us_topic_0118498887_table59686157164549: - - .. table:: **Table 1** Parameter descriptions - - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +========================+================================================================================================================================================================================================================================================================+=======================+ - | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | - | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | - | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **Confirm**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/viewing_a_firewall.rst b/umn/source/operation_guide_old_console_edition/security/firewall/viewing_a_firewall.rst deleted file mode 100644 index 0f5c051..0000000 --- a/umn/source/operation_guide_old_console_edition/security/firewall/viewing_a_firewall.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_acl02_0011.html - -.. _vpc_acl02_0011: - -Viewing a Firewall -================== - -Scenarios ---------- - -View details about a firewall. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/index.rst b/umn/source/operation_guide_old_console_edition/security/index.rst deleted file mode 100644 index c95086a..0000000 --- a/umn/source/operation_guide_old_console_edition/security/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -:original_name: vpc_security02_0000.html - -.. _vpc_security02_0000: - -Security -======== - -- :ref:`Security Group ` -- :ref:`Firewall ` -- :ref:`Differences Between Security Groups and Firewalls ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - security_group/index - firewall/index - differences_between_security_groups_and_firewalls diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst deleted file mode 100644 index adbe0ae..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst +++ /dev/null @@ -1,48 +0,0 @@ -:original_name: vpc_SecurityGroup02_0012.html - -.. _vpc_SecurityGroup02_0012: - -Adding Instances to and Removing Them from a Security Group -=========================================================== - -Scenarios ---------- - -After a security group is created, you can add instances to the security group to protect the instances. You can also remove them from the security group as required. - -You can add multiple instances to or remove them from a security group. - -Adding Instances to a Security Group ------------------------------------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, click **Add** and add one or more servers to the current security group. -7. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. -8. Click **OK**. - -Removing Instances from a Security Group ----------------------------------------- - -#. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. -7. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. -8. Click **Yes**. - -**Removing multiple instances from a security group** - -Select multiple servers and click **Remove** above the server list to remove the selected servers from the current security group all at once. - -Select multiple extension NICs and click **Remove** above the extension NIC list to remove the selected extension NICs from the current security group all at once. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/changing_the_security_group_of_an_ecs.rst b/umn/source/operation_guide_old_console_edition/security/security_group/changing_the_security_group_of_an_ecs.rst deleted file mode 100644 index bd24221..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/changing_the_security_group_of_an_ecs.rst +++ /dev/null @@ -1,44 +0,0 @@ -:original_name: vpc_SecurityGroup02_0015.html - -.. _vpc_SecurityGroup02_0015: - -Changing the Security Group of an ECS -===================================== - -Scenarios ---------- - -Change the security group associated with an ECS NIC. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select your region and project. - -#. Under **Computing**, click **Elastic Cloud Server**. - -#. In the ECS list, locate the row that contains the target ECS. Click **More** in the **Operation** column and select **Manage Network** > **Change Security Group**. - - The **Change Security Group** dialog box is displayed. - - - .. figure:: /_static/images/en-us_image_0122999741.png - :alt: **Figure 1** Change Security Group - - **Figure 1** Change Security Group - -#. Select the target NIC and security groups as prompted. - - You can select multiple security groups. In such a case, the rules of all the selected security groups will be aggregated to apply on the ECS. - - To create a security group, click **Create Security Group**. - - .. note:: - - Using multiple security groups may deteriorate ECS network performance. You are suggested to select no more than five security groups. - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0093507575.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst deleted file mode 100644 index 6f01087..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst +++ /dev/null @@ -1,56 +0,0 @@ -:original_name: vpc_SecurityGroup02_0004.html - -.. _vpc_SecurityGroup02_0004: - -Creating a Security Group -========================= - -Scenarios ---------- - -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - -5. On the **Security Groups** page, click **Create Security Group**. - -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0000001197426329.png - :alt: **Figure 1** Create Security Group - - **Figure 1** Create Security Group - - .. _vpc_securitygroup02_0004__en-us_topic_0118534004_table65377617111335: - - .. table:: **Table 1** Parameter description - - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Name | The security group name. This parameter is mandatory. | sg-318b | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group. This parameter is optional. | N/A | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst b/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst deleted file mode 100644 index 90dfa05..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst +++ /dev/null @@ -1,31 +0,0 @@ -:original_name: vpc_SecurityGroup02_0002.html - -.. _vpc_SecurityGroup02_0002: - -Default Security Groups and Security Group Rules -================================================ - -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. - -:ref:`Figure 1 ` shows the default security group rules. The following uses access between ECSs as an example. - -.. _vpc_securitygroup02_0002__en-us_topic_0118534003_fig997718156161: - -.. figure:: /_static/images/en-us_image_0000001230120807.png - :alt: **Figure 1** Default security group - - **Figure 1** Default security group - -:ref:`Table 1 ` describes the default rules for the default security group. - -.. _vpc_securitygroup02_0002__en-us_topic_0118534003_table493045171919: - -.. table:: **Table 1** Default security group rules - - +-----------+----------+------------+--------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+ - | Direction | Protocol | Port/Range | Source/Destination | Description | - +===========+==========+============+==============================================================+====================================================================================================================+ - | Outbound | All | All | Destination: 0.0.0.0/0 | Allows all outbound traffic. | - +-----------+----------+------------+--------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+ - | Inbound | All | All | Source: the current security group (for example, sg-*xxxxx*) | Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). | - +-----------+----------+------------+--------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst deleted file mode 100644 index c60a6c1..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_SecurityGroup02_0011.html - -.. _vpc_SecurityGroup02_0011: - -Deleting a Security Group -========================= - -Scenarios ---------- - -This section describes how to delete security groups that you are no longer required. - -Notes and Constraints ---------------------- - -- The default security group cannot be deleted. -- If a security group is associated with resources other than servers and extension NICs, the security group cannot be deleted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group_rule.rst deleted file mode 100644 index 9b9b43c..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group_rule.rst +++ /dev/null @@ -1,33 +0,0 @@ -:original_name: vpc_SecurityGroup02_0009.html - -.. _vpc_SecurityGroup02_0009: - -Deleting a Security Group Rule -============================== - -Scenarios ---------- - -If the source of an inbound security group rule or destination of an outbound security group rule needs to be changed, you need to first delete the security group rule and add a new one. - -.. note:: - - Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. If you do not need a security group rule, locate the row that contains the target rule, and click **Delete**. -7. Click **Yes** in the displayed dialog box. - -**Deleting multiple security group rules at once** - -You can also select multiple security group rules and click **Delete** above the security group rule list to delete multiple rules at a time. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/fast-adding_security_group_rules.rst b/umn/source/operation_guide_old_console_edition/security/security_group/fast-adding_security_group_rules.rst deleted file mode 100644 index 7a5ccd4..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/fast-adding_security_group_rules.rst +++ /dev/null @@ -1,44 +0,0 @@ -:original_name: vpc_SecurityGroup02_0006.html - -.. _vpc_SecurityGroup02_0006: - -Fast-Adding Security Group Rules -================================ - -Scenarios ---------- - -You can add multiple security group rules with different protocols and ports at the same time. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - -5. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules. - -6. On the **Inbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select the protocols and ports you wish to add all at once. - - - .. figure:: /_static/images/en-us_image_0211552164.png - :alt: **Figure 1** Fast-Add Inbound Rule - - **Figure 1** Fast-Add Inbound Rule - -7. On the **Outbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select required protocols and ports to add multiple rules at a time. - - - .. figure:: /_static/images/en-us_image_0211560998.png - :alt: **Figure 2** Fast-Add Outbound Rule - - **Figure 2** Fast-Add Outbound Rule - -8. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst deleted file mode 100644 index 3b100b8..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst +++ /dev/null @@ -1,76 +0,0 @@ -:original_name: vpc_SecurityGroup02_0010.html - -.. _vpc_SecurityGroup02_0010: - -Importing and Exporting Security Group Rules -============================================ - -Scenarios ---------- - -If you want to quickly apply the rules of one security group to another, or if you want to modify multiple rules of the current security group at once, you can import or export existing rules. - -Security group rules are imported or exported to an Excel file. - -Notes and Constraints ---------------------- - -When modifying exported security group rules, you can only modify existing fields in the exported file based on the template and cannot add new fields or modify the field names. Otherwise, the file will fail to be imported. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. Export and import security group rules. - - - Click |image2| to export all rules of the current security group to an Excel file. - - - Click |image3| to import security group rules from an Excel file into the current security group. - - :ref:`Table 1 ` describes the parameters in the template for importing rules. - - .. _vpc_securitygroup02_0010__en-us_topic_0123534210_table111445216564: - - .. table:: **Table 1** Template parameters - - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - Inbound rules control incoming traffic to cloud resources in the security group. | | - | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Last Modified | The time when the security group was modified. | ``-`` | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0142360062.png -.. |image3| image:: /_static/images/en-us_image_0142360094.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/index.rst b/umn/source/operation_guide_old_console_edition/security/security_group/index.rst deleted file mode 100644 index 74ad6be..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/index.rst +++ /dev/null @@ -1,42 +0,0 @@ -:original_name: vpc_SecurityGroup02_0000.html - -.. _vpc_SecurityGroup02_0000: - -Security Group -============== - -- :ref:`Security Group Overview ` -- :ref:`Default Security Groups and Security Group Rules ` -- :ref:`Security Group Configuration Examples ` -- :ref:`Creating a Security Group ` -- :ref:`Adding a Security Group Rule ` -- :ref:`Fast-Adding Security Group Rules ` -- :ref:`Replicating a Security Group Rule ` -- :ref:`Modifying a Security Group Rule ` -- :ref:`Deleting a Security Group Rule ` -- :ref:`Importing and Exporting Security Group Rules ` -- :ref:`Deleting a Security Group ` -- :ref:`Adding Instances to and Removing Them from a Security Group ` -- :ref:`Modifying a Security Group ` -- :ref:`Viewing the Security Group of an ECS ` -- :ref:`Changing the Security Group of an ECS ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - security_group_overview - default_security_groups_and_security_group_rules - security_group_configuration_examples - creating_a_security_group - adding_a_security_group_rule - fast-adding_security_group_rules - replicating_a_security_group_rule - modifying_a_security_group_rule - deleting_a_security_group_rule - importing_and_exporting_security_group_rules - deleting_a_security_group - adding_instances_to_and_removing_them_from_a_security_group - modifying_a_security_group - viewing_the_security_group_of_an_ecs - changing_the_security_group_of_an_ecs diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group.rst deleted file mode 100644 index 9a3688a..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group.rst +++ /dev/null @@ -1,41 +0,0 @@ -:original_name: vpc_SecurityGroup02_0013.html - -.. _vpc_SecurityGroup02_0013: - -Modifying a Security Group -========================== - -**Scenarios** -------------- - -Modify the name and description of a created security group. - -Procedure ---------- - -**Method 1** - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -#. On the **Security Groups** page, locate the target security group and choose **More** > **Modify** in the **Operation** column. -#. Modify the name and description of the security group as required. -#. Click **OK**. - -**Method 2** - -#. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -#. On the **Security Groups** page, click the security group name. -#. On the displayed page, click |image3| on the right of **Name** and edit the security group name. -#. Click **Y** to save the security group name. -#. Click |image4| on the right of **Description** and edit the security group description. -#. Click **Y** to save the security group description. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0239476777.png -.. |image4| image:: /_static/images/en-us_image_0239476777.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst deleted file mode 100644 index c4248f0..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst +++ /dev/null @@ -1,25 +0,0 @@ -:original_name: vpc_SecurityGroup02_0008.html - -.. _vpc_SecurityGroup02_0008: - -Modifying a Security Group Rule -=============================== - -Scenarios ---------- - -You can modify the port, protocol, and IP address of a security group rule to meet your specific requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. -7. Modify the rule and click **Confirm**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst deleted file mode 100644 index a1bac05..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_SecurityGroup02_0007.html - -.. _vpc_SecurityGroup02_0007: - -Replicating a Security Group Rule -================================= - -**Scenarios** -------------- - -Replicate an existing security group rule to generate a new rule. When replicating a security group rule, you can make changes so that it is not a perfect copy. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - -5. On the **Security Groups** page, click the security group name. - -6. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. - - You can also modify the security group rule as required to quickly generate a new rule. - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst deleted file mode 100644 index e7a0e25..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst +++ /dev/null @@ -1,195 +0,0 @@ -:original_name: vpc_SecurityGroup02_0003.html - -.. _vpc_SecurityGroup02_0003: - -Security Group Configuration Examples -===================================== - -Common security group configurations are presented here. The examples in this section allow all outgoing data packets by default. This section will only describe how to configure inbound rules. - -- .. _vpc_securitygroup02_0003__en-us_topic_0118534011_li2921164192410: - - :ref:`Allowing External Access to a Specified Port ` - -- :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network ` - -- :ref:`Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group ` - -- :ref:`Remotely Connecting to Linux ECSs Using SSH ` - -- :ref:`Remotely Connecting to Windows ECSs Using RDP ` - -- :ref:`Enabling Communication Between ECSs ` - -- :ref:`Hosting a Website on ECSs ` - -- :ref:`Enabling an ECS to Function as a DNS Server ` - -- :ref:`Uploading or Downloading Files Using FTP ` - -You can use the default security group or create a security group in advance. For details, see sections :ref:`Creating a Security Group ` and :ref:`Adding a Security Group Rule `. - -Allowing External Access to a Specified Port --------------------------------------------- - -- Example scenario: - - After services are deployed, you can add security group rules to allow external access to a specified port (for example, 1100). - -- Security group rule: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound TCP 1100 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section14197522283: - -Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network ------------------------------------------------------------------------------------------------------ - -- Example scenario: - - Resources on an ECS in a security group need to be copied to an ECS associated with another security group. The two ECSs are in the same VPC. We recommend that you enable private network communication between the ECSs and then copy the resources. - -- Security group configuration: - - Within a given VPC, ECSs in the same security group can communicate with one another by default. However, ECSs in different security groups cannot communicate with each other by default. To enable these ECSs to communicate with each other, you need to add certain security group rules. - - You can add an inbound rule to the security groups containing the ECSs to allow access from ECSs in the other security group. The required rule is as follows. - - +-----------+----------------------------------------------------+--------------------+------------------------------+ - | Direction | Protocol/Application | Port | Source | - +===========+====================================================+====================+==============================+ - | Inbound | Used for communication through an internal network | Port or port range | ID of another security group | - +-----------+----------------------------------------------------+--------------------+------------------------------+ - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section17693183118306: - -Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group ---------------------------------------------------------------------------- - -- Example scenario: - - To prevent ECSs from being attacked, you can change the port for remote login and configure security group rules that allow only specified IP addresses to remotely access the ECSs. - -- Security group configuration: - - To allow IP address **192.168.20.2** to remotely access Linux ECSs in a security group over the SSH protocol (port 22), you can configure the following security group rule. - - +-----------------+-----------------+-----------------+-------------------------------------------------+ - | Direction | Protocol | Port | Source | - +=================+=================+=================+=================================================+ - | Inbound | SSH | 22 | IPv4 CIDR block or ID of another security group | - | | | | | - | | | | For example, 192.168.20.2/32 | - +-----------------+-----------------+-----------------+-------------------------------------------------+ - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section115069253338: - -Remotely Connecting to Linux ECSs Using SSH -------------------------------------------- - -- Example scenario: - - After creating Linux ECSs, you can add a security group rule to enable remote SSH access to the ECSs. - -- Security group rule: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound SSH 22 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section168046312349: - -Remotely Connecting to Windows ECSs Using RDP ---------------------------------------------- - -- Example scenario: - - After creating Windows ECSs, you can add a security group rule to enable remote RDP access to the ECSs. - -- Security group rule: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound RDP 3389 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section34721049193411: - -Enabling Communication Between ECSs ------------------------------------ - -- Example scenario: - - After creating ECSs, you need to add a security group rule so that you can run the **ping** command to test communication between the ECSs. - -- Security group rule: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound ICMP All 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section1517991516357: - -Hosting a Website on ECSs -------------------------- - -- Example scenario: - - If you deploy a website on your ECSs and require that your website be accessed over HTTP or HTTPS, you can add rules to the security group used by the ECSs that function as the web servers. - -- Security group rule: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound HTTP 80 0.0.0.0/0 - Inbound HTTPS 443 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section2910346123520: - -Enabling an ECS to Function as a DNS Server -------------------------------------------- - -- Example scenario: - - If you need to use an ECS as a DNS server, you must allow TCP and UDP access from port 53 to the DNS server. You can add the following rules to the security group associated with the ECS. - -- Security group rules: - - ========= ======== ==== ========= - Direction Protocol Port Source - ========= ======== ==== ========= - Inbound TCP 53 0.0.0.0/0 - Inbound UDP 53 0.0.0.0/0 - ========= ======== ==== ========= - -.. _vpc_securitygroup02_0003__en-us_topic_0118534011_section5964121693610: - -Uploading or Downloading Files Using FTP ----------------------------------------- - -- Example scenario: - - If you want to use File Transfer Protocol (FTP) to upload files to or download files from ECSs, you need to add a security group rule. - - .. note:: - - You must first install the FTP server program on the ECSs and check whether ports 20 and 21 are working properly. - -- Security group rule: - - ========= ======== ===== ========= - Direction Protocol Port Source - ========= ======== ===== ========= - Inbound TCP 20-21 0.0.0.0/0 - ========= ======== ===== ========= diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst deleted file mode 100644 index 2f2527d..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst +++ /dev/null @@ -1,52 +0,0 @@ -:original_name: vpc_SecurityGroup02_0001.html - -.. _vpc_SecurityGroup02_0001: - -Security Group Overview -======================= - -Security Group --------------- - -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. - -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. You can directly use the default security group. For details, see :ref:`Default Security Groups and Security Group Rules `. - -You can also create custom security groups to meet your specific service requirements. For details, see :ref:`Creating a Security Group `. - -Security Group Basics ---------------------- - -- You can associate instances, such as servers and extension NICs, with one or more security groups. - - You can change the security groups that are associated with instances, such as servers or extension NICs. By default, when you create an instance, it is associated with the default security group of its VPC unless you specify another security group. - -- You need to add security group rules to allow instances in the same security group to communicate with each other. - -- Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules. - - Security groups use connection tracking to track traffic to and from instances that they contain and security group rules are applied based on the connection status of the traffic to determine whether to allow or deny traffic. If you add, modify, or delete a security group rule, or create or delete an instance in the security group, the connection tracking of all instances in the security group will be automatically cleared. In this case, the inbound or outbound traffic of the instance will be considered as new connections, which need to match the inbound or outbound security group rules to ensure that the rules take effect immediately and the security of incoming traffic. - - In addition, if the inbound or outbound traffic of an instance has no packets for a long time, the traffic will be considered as new connections after the connection tracking times out, and the connections need to match the outbound and inbound rules. The timeout period of connection tracking varies according to the protocol. The timeout period of a TCP connection in the established state is 600s, and the timeout period of an ICMP connection is 30s. For other protocols, if packets are received in both directions, the connection tracking timeout period is 180s. If one or more packets are received in one direction but no packet is received in the other direction, the connection tracking timeout period is 30s. For protocols other than TCP, UDP, and ICMP, only the IP address and protocol number are tracked. - -.. note:: - - If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs. - -Security Group Rules --------------------- - -After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group. - -Each security group has its default rules. For details, see :ref:`Table 1 `. You can also customize security group rules. For details, see :ref:`Adding a Security Group Rule `. - -Security Group Constraints --------------------------- - -- By default, you can create a maximum of 100 security groups in your cloud account. -- By default, you can add up to 50 security group rules to a security group. -- By default, you can add an ECS or an extension NIC to a maximum of five security groups. In such a case, the rules of all the selected security groups are aggregated to take effect. -- When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: - - - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. - - Inbound rules: only allow data packets from the selected security group or only data packets from the peer load balancer. diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst deleted file mode 100644 index 123b31a..0000000 --- a/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst +++ /dev/null @@ -1,23 +0,0 @@ -:original_name: vpc_SecurityGroup02_0014.html - -.. _vpc_SecurityGroup02_0014: - -Viewing the Security Group of an ECS -==================================== - -Scenarios ---------- - -View inbound and outbound rules of a security group used by an ECS. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. On the **Elastic Cloud Server** page, click the name of the target ECS. -5. Click the **Security Groups** tab and view information about the security group used by the ECS. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst deleted file mode 100644 index 711be77..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst +++ /dev/null @@ -1,41 +0,0 @@ -:original_name: vpc_bandwidth02_0003.html - -.. _vpc_bandwidth02_0003: - -Adding EIPs to a Shared Bandwidth -================================= - -Scenarios ---------- - -Add EIPs to a shared bandwidth and the EIPs can then share that bandwidth. You can add multiple EIPs to a shared bandwidth at the same time. - -Notes and Constraints ---------------------- - -- After an EIP is added to a shared bandwidth, the original bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth. -- The EIP's original dedicated bandwidth will be deleted. -- Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Elastic IP**. - -4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. - -5. In the shared bandwidth list, locate the row that contains the shared bandwidth to which you want to add EIPs. In the **Operation** column, choose **More** > **Add EIP**, and select the EIPs to be added. - - - .. figure:: /_static/images/en-us_image_0000001211006359.png - :alt: **Figure 1** Add EIP - - **Figure 1** Add EIP - -6. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst deleted file mode 100644 index 689b667..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ /dev/null @@ -1,46 +0,0 @@ -:original_name: vpc_bandwidth02_0002.html - -.. _vpc_bandwidth02_0002: - -Assigning a Shared Bandwidth -============================ - -Scenarios ---------- - -Assign a shared bandwidth for use with EIPs. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Elastic IP**. - -#. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. - -#. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0000001163949251.png - :alt: **Figure 1** Assigning Shared Bandwidth - - **Figure 1** Assigning Shared Bandwidth - - .. table:: **Table 1** Parameter descriptions - - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Parameter | Description | Example Value | - +================+=========================================================================================================================================================================================================================================================================================================+===============+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth | The bandwidth size in Mbit/s. The value ranges from starting with 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth Name | The name of the shared bandwidth. | Bandwidth-001 | - +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - -#. Click **Create Now**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst deleted file mode 100644 index 2568a70..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_bandwidth02_0006.html - -.. _vpc_bandwidth02_0006: - -Deleting a Shared Bandwidth -=========================== - -Scenarios ---------- - -Delete a shared bandwidth when it is no longer required. - -Prerequisites -------------- - -Before deleting a shared bandwidth, remove all the EIPs associated with it. For details, see :ref:`Removing EIPs from a Shared Bandwidth `. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. -5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to delete, click **More** in the **Operation** column, and then click **Delete**. -6. In the displayed dialog box, click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/index.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/index.rst deleted file mode 100644 index 12d366d..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_bandwidth02_0000.html - -.. _vpc_bandwidth02_0000: - -Shared Bandwidth -================ - -- :ref:`Shared Bandwidth Overview ` -- :ref:`Assigning a Shared Bandwidth ` -- :ref:`Adding EIPs to a Shared Bandwidth ` -- :ref:`Removing EIPs from a Shared Bandwidth ` -- :ref:`Modifying a Shared Bandwidth ` -- :ref:`Deleting a Shared Bandwidth ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - shared_bandwidth_overview - assigning_a_shared_bandwidth - adding_eips_to_a_shared_bandwidth - removing_eips_from_a_shared_bandwidth - modifying_a_shared_bandwidth - deleting_a_shared_bandwidth diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst deleted file mode 100644 index 8618167..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_bandwidth02_0005.html - -.. _vpc_bandwidth02_0005: - -Modifying a Shared Bandwidth -============================ - -Scenarios ---------- - -You can modify the name and size of a shared bandwidth as required. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Elastic IP**. - -4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. - -5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to modify, click **Modify Bandwidth** in the **Operation** column, and modify the bandwidth settings. - - - .. figure:: /_static/images/en-us_image_0000001117669524.png - :alt: **Figure 1** Modify Bandwidth - - **Figure 1** Modify Bandwidth - -6. Click **Next**. - -7. Click **Submit**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst deleted file mode 100644 index ba9251a..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_bandwidth02_0004.html - -.. _vpc_bandwidth02_0004: - -Removing EIPs from a Shared Bandwidth -===================================== - -Scenarios ---------- - -Remove EIPs that are no longer required from a shared bandwidth if needed. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Elastic IP**. - -4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. - -5. In the shared bandwidth list, locate the row that contains the bandwidth from which EIPs are to be removed, choose **More** > **Remove EIP** in the **Operation** column, and select the EIPs to be removed in the displayed dialog box. - - - .. figure:: /_static/images/en-us_image_0000001211445065.png - :alt: **Figure 1** Remove EIP - - **Figure 1** Remove EIP - -6. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst deleted file mode 100644 index 1ae3230..0000000 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst +++ /dev/null @@ -1,18 +0,0 @@ -:original_name: vpc_bandwidth02_0001.html - -.. _vpc_bandwidth02_0001: - -Shared Bandwidth Overview -========================= - -Shared bandwidth allows multiple EIPs to share the same bandwidth. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. - -When you host a large number of applications on the cloud, if each EIP uses an independent bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. - -- Easy to Manage - - Region-level bandwidth sharing and multiplexing simplify O&M statistics, management, and operations cost settlement. - -- Flexible Operations - - You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the instances to which they are bound. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst deleted file mode 100644 index fade059..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_vip02_0002.html - -.. _vpc_vip02_0002: - -Assigning a Virtual IP Address -============================== - -Scenarios ---------- - -If an ECS requires a virtual IP address or if a virtual IP address needs to be reserved, you can assign a virtual IP address from the subnet. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet where a virtual IP address is to be assigned, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet where a virtual IP address is to be assigned. -7. Click the **Virtual IP Addresses** tab and click **Assign Virtual IP Address**. -8. Select a virtual IP address assignment mode. - - - **Automatic**: The system assigns an IP address automatically. - - **Manual**: You can specify an IP address. - -9. Select **Manual** and enter a virtual IP address. -10. Click **OK**. - -You can then query the assigned virtual IP address in the IP address list. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst deleted file mode 100644 index 56ea6c7..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_vip02_0004.html - -.. _vpc_vip02_0004: - -Binding a Virtual IP Address to an EIP -====================================== - -Scenarios ---------- - -This section describes how to bind a virtual IP address to an EIP. - -Prerequisites -------------- - -- You have assigned an EIP. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. -5. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. -6. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst deleted file mode 100644 index e6804d4..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ /dev/null @@ -1,138 +0,0 @@ -:original_name: vpc_vip02_0003.html - -.. _vpc_vip02_0003: - -Binding a Virtual IP Address to an EIP or ECS -============================================= - -Scenarios ---------- - -You can bind a virtual IP address to an EIP so that you can access the ECSs bound with the same virtual IP address from the Internet. These ECSs can work in the active/standby mode to improve fault tolerance. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -5. On the **Virtual Private Cloud** page, locate the VPC containing the virtual IP address and click the VPC name. - -6. On the **Subnets** tab, click the name of the subnet that the virtual IP address belongs to. - -7. Click the **Virtual IP Addresses** tab. - - - To bind a virtual IP address to an EIP, locate the row that contains the virtual IP address and click **Bind to EIP** in the **Operation** column. - - To bind a virtual IP address to an ECS, locate the row that contains the virtual IP address and click **More** > **Bind to Server** in the **Operation** column. - -8. Select the desired EIP, or ECS and its NIC. - - .. note:: - - - If the ECS has multiple NICs, bind the virtual IP address to the primary NIC. - - Multiple virtual IP addresses can be bound to an ECS NIC. - -9. Click **OK**. - -10. Manually configure the virtual IP address bound to an ECS. - - After a virtual IP address is bound to an ECS NIC, you need to manually configure the virtual IP address on the ECS. - - **Linux OS** (CentOS 7.2 64bit is used as an example.) - - a. .. _vpc_vip02_0003__en-us_topic_0118499077_li528316578916: - - Run the following command to obtain the NIC to which the virtual IP address is to be bound and the connection of the NIC: - - **nmcli connection** - - Information similar to the following is displayed: - - |image2| - - The command output in this example is described as follows: - - - **eth0** in the **DEVICE** column indicates the NIC to which the virtual IP address is to be bound. - - **Wired connection 1** in the **NAME** column indicates the connection of the NIC. - - b. Run the following command to add the virtual IP address for the target connection: - - **nmcli connection modify "**\ *CONNECTION*\ **" ipv4.addresses** *VIP* - - Configure the parameters as follows: - - - CONNECTION: connection of the NIC obtained in :ref:`10.a `. - - VIP: virtual IP address to be added. - - - If you add multiple virtual IP addresses at a time, separate them with commas (,). - - If a virtual IP address already exists and you need to add a new one, the command must contain both the new and original virtual IP addresses. - - Example commands: - - - Adding a single virtual IP address: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125** - - Adding multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125,172.16.0.126** - - c. Run the following command to make the configuration take effect: - - **nmcli connection up "**\ *CONNECTION*\ **"** - - In this example, run the following command: - - **nmcli connection up "Wired connection 1"** - - Information similar to the following is displayed: - - |image3| - - d. Run the following command to check whether the virtual IP address has been bound: - - **ip a** - - Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. - - |image4| - - **Windows OS** (Windows Server is used as an example here.) - - a. In **Control Panel**, click **Network and Sharing Center**, and click the corresponding local connection. - - b. On the displayed page, click **Properties**. - - c. On the **Network** tab page, select **Internet Protocol Version 4 (TCP/IPv4)**. - - d. Click **Properties**. - - e. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. - - - .. figure:: /_static/images/en-us_image_0000001179761510.png - :alt: **Figure 1** Configuring private IP address - - **Figure 1** Configuring private IP address - - f. Click **Advanced**. - - g. On the **IP Settings** tab, click **Add** in the **IP addresses** area. - - Add the virtual IP address. For example, 10.0.0.154. - - - .. figure:: /_static/images/en-us_image_0000001225081545.png - :alt: **Figure 2** Configuring virtual IP address - - **Figure 2** Configuring virtual IP address - - h. Click **OK**. - - i. In the **Start** menu, open the Windows command line window and run the following command to check whether the virtual IP address has been configured: - - **ipconfig /all** - - In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png -.. |image2| image:: /_static/images/en-us_image_0000001281210233.png -.. |image3| image:: /_static/images/en-us_image_0000001237328110.png -.. |image4| image:: /_static/images/en-us_image_0000001237013856.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst deleted file mode 100644 index f1e724a..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst +++ /dev/null @@ -1,16 +0,0 @@ -:original_name: vpc_vip02_0009.html - -.. _vpc_vip02_0009: - -Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) -=========================================================================== - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. In the ECS list, click the ECS name. -5. On the displayed ECS details page, click the **NICs** tab. -6. Check that **Source/Destination Check** is disabled. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/index.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/index.rst deleted file mode 100644 index 2069f55..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_vip02_0000.html - -.. _vpc_vip02_0000: - -Virtual IP Address -================== - -- :ref:`Virtual IP Address Overview ` -- :ref:`Assigning a Virtual IP Address ` -- :ref:`Binding a Virtual IP Address to an EIP or ECS ` -- :ref:`Binding a Virtual IP Address to an EIP ` -- :ref:`Using a VPN to Access a Virtual IP Address ` -- :ref:`Using a Direct Connect Connection to Access the Virtual IP Address ` -- :ref:`Using a VPC Peering Connection to Access the Virtual IP Address ` -- :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) ` -- :ref:`Releasing a Virtual IP Address ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - virtual_ip_address_overview - assigning_a_virtual_ip_address - binding_a_virtual_ip_address_to_an_eip_or_ecs - binding_a_virtual_ip_address_to_an_eip - using_a_vpn_to_access_a_virtual_ip_address - using_a_direct_connect_connection_to_access_the_virtual_ip_address - using_a_vpc_peering_connection_to_access_the_virtual_ip_address - disabling_source_and_destination_check_ha_load_balancing_cluster_scenario - releasing_a_virtual_ip_address diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst deleted file mode 100644 index 51e0ae5..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ /dev/null @@ -1,37 +0,0 @@ -:original_name: vpc_vip02_0010.html - -.. _vpc_vip02_0010: - -Releasing a Virtual IP Address -============================== - -Scenarios ---------- - -If you no longer need a virtual IP address or a reserved virtual IP address, you can release it to avoid wasting resources. - -Prerequisites -------------- - -Before deleting a virtual IP address, ensure that the virtual IP address has been unbound from the following resources: - -- ECS -- EIP -- CCE cluster - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. - -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet from which a virtual IP address is to be released, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet from which a virtual IP address is to be released. -7. Click the **Virtual IP Addresses** tab, locate the row that contains the virtual IP address to be released, click **More** in the **Operation** column, and select **Release**. -8. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst deleted file mode 100644 index a46e893..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst +++ /dev/null @@ -1,14 +0,0 @@ -:original_name: vpc_vip02_0006.html - -.. _vpc_vip02_0006: - -Using a Direct Connect Connection to Access the Virtual IP Address -================================================================== - -Procedure ---------- - -#. Configure the ECS networking based on :ref:`Networking `. -#. Create a Direct Connect connection. - -The created Direct Connect connection can be used to access the virtual IP address of the ECS. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst deleted file mode 100644 index ea0a27e..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst +++ /dev/null @@ -1,14 +0,0 @@ -:original_name: vpc_vip02_0005.html - -.. _vpc_vip02_0005: - -Using a VPN to Access a Virtual IP Address -========================================== - -Procedure ---------- - -#. Configure the ECS networking based on :ref:`Networking `. -#. Create a VPN. - -The VPN can be used to access the virtual IP address of the ECS. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst deleted file mode 100644 index 01bf42a..0000000 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst +++ /dev/null @@ -1,90 +0,0 @@ -:original_name: vpc_vip02_0001.html - -.. _vpc_vip02_0001: - -Virtual IP Address Overview -=========================== - -What Is a Virtual IP Address? ------------------------------ - -A virtual IP address can be shared among multiple ECSs. An ECS can have both private and virtual IP addresses, and you can access the ECS through either IP address. A virtual IP address has the same network access capabilities as a private IP address, including layer 2 and layer 3 communication in VPCs, access between VPCs using VPC peering connections, as well as access through EIPs, VPN connections, and Direct Connect connections. - -You can bind ECSs deployed in active/standby mode with the same virtual IP address, and then bind an EIP to the virtual IP address. Virtual IP addresses can work together with Keepalived to ensure high availability and disaster recovery. If the active ECS is faulty, the standby ECS automatically takes over services from the active one. - -Networking ----------- - -Virtual IP addresses are used for high availability and can work together with Keepalived to make active/standby ECS switchover possible. This way if one ECS goes down for some reason, the other one can take over and services continue uninterrupted. ECSs can be configured for HA or as load balancing clusters. - -- **Networking mode 1**: HA - - If you want to improve service availability and avoid single points of failure, you can deploy ECSs in the active/standby mode or deploy one active ECS and multiple standby ECSs. In this arrangement, the ECSs all use the same virtual IP address. If the active ECS becomes faulty, a standby ECS takes over services from the active ECS and services continue uninterrupted. - - - .. figure:: /_static/images/en-us_image_0209608153.png - :alt: **Figure 1** Networking diagram of the HA mode - - **Figure 1** Networking diagram of the HA mode - - - In this configuration, a single virtual IP address is bound to two ECSs in the same subnet. - - Keepalived is then used to configure the two ECSs to work in the active/standby mode. Follow industry standards for configuring Keepalived. The details are not included here. - -- **Networking mode 2**: HA load balancing cluster - - If you want to build a high-availability load balancing cluster, use Keepalived and configure LVS nodes as direct routers. - - - .. figure:: /_static/images/en-us_image_0209608154.png - :alt: **Figure 2** HA load balancing cluster - - **Figure 2** HA load balancing cluster - - - Bind a single virtual IP address to two ECSs. - - Configure the two ECSs as LVS nodes working as direct routers and use Keepalived to configure the nodes in the active/standby mode. The two ECSs will evenly forward requests to different backend servers. - - Configure two more ECSs as backend servers. - - Disable the source/destination check for the two backend servers. - - Follow industry standards for configuring Keepalived. The details are not included here. - -Application Scenarios ---------------------- - -- Accessing the virtual IP address through an EIP - - If your application has high availability requirements and needs to provide services through the Internet, it is recommended that you bind an EIP to a virtual IP address. - -- Using a VPN, Direct Connect, or VPC peering connection to access a virtual IP address - - To ensure high availability and access to the Internet, use a VPN for security and Direct Connect for a stable connection. The VPC peering connection is needed so that the VPCs in the same region can communicate with each other. - -Precautions ------------ - -- Virtual IP addresses are not recommended when multiple NICs in the same subnet are configured on an ECS. It is too easy for there to be route conflicts on the ECS, which would cause communication failure using the virtual IP address. -- IP forwarding must be disabled on the standby ECS. Perform the following operations to confirm whether the IP forwarding is disabled on the standby ECS: - - #. Log in to standby ECS and run the following command to check whether the IP forwarding is enabled: - - cat /proc/sys/net/ipv4/ip_forward - - In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - - - If the command output is **1**, perform :ref:`2 ` and :ref:`3 ` to disable the IP forwarding. - - If the command output is **0**, no further action is required. - - #. .. _vpc_vip02_0001__en-us_topic_0118498951_en-us_topic_0206027322_en-us_topic_0095139658_li1473585332417: - - Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **0**, and enter **:wq** to save the change and exit. You can also use the **sed** command to modify the configuration. A command example is as follows: - - sed -i '/net.ipv4.ip_forward/s/1/0/g' /etc/sysctl.conf - - #. .. _vpc_vip02_0001__en-us_topic_0118498951_en-us_topic_0206027322_en-us_topic_0095139658_li88984711254: - - Run the following command to make the change take effect: - - sysctl -p /etc/sysctl.conf - -- The virtual IP address can use only the default security group, which cannot be changed to a custom security group. -- It is recommended that no more than eight virtual IP addresses be bound to an ECS. -- It is recommended that no more than 10 ECSs be bound to a virtual IP address. diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst deleted file mode 100644 index 3527c51..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst +++ /dev/null @@ -1,105 +0,0 @@ -:original_name: vpc_vpc02_0004.html - -.. _vpc_vpc02_0004: - -Creating a Subnet for the VPC -============================= - -Scenarios ---------- - -A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. - -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. On the **Virtual Private Cloud** page, locate the VPC for which a subnet is to be created and click the VPC name. - -#. On the displayed **Subnets** tab, click **Create Subnet**. - -#. Set the parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0226222517.png - :alt: **Figure 1** Create Subnet - - **Figure 1** Create Subnet - - .. table:: **Table 1** Parameter description - - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================================================================================================+=======================+ - | Name | Specifies the subnet name. | Subnet | - | | | | - | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | CIDR Block | Specifies the CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Gateway | Specifies the gateway address of the subnet. | 192.168.0.1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | NTP Server Address | Specifies the IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | - | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | - | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Tag | Specifies the subnet tag, which consists of a key and value pair. You can add a maximum of ten tags to each subnet. | - Key: subnet_key1 | - | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - - .. _vpc_vpc02_0004__table42131827173915: - - .. table:: **Table 2** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -Precautions ------------ - -When a subnet is created, there are five reserved IP addresses, which cannot be used. For example, in a subnet with CIDR block 192.168.0.0/24, the following IP addresses are reserved: - -- 192.168.0.0: Network ID. This address is the beginning of the private IP address range and will not be assigned to any instance. -- 192.168.0.1: Gateway address. -- 192.168.0.253: Reserved for the system interface. This IP address is used by the VPC for external communication. -- 192.168.0.254: DHCP service address. -- 192.168.0.255: Network broadcast address. - -If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_vpc.rst deleted file mode 100644 index 5845341..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_vpc.rst +++ /dev/null @@ -1,130 +0,0 @@ -:original_name: vpc_vpc02_0002.html - -.. _vpc_vpc02_0002: - -Creating a VPC -============== - -Scenarios ---------- - -A VPC provides an isolated virtual network for ECSs. You can configure and manage the network as required. - -You can create a VPC by following the procedure provided in this section. Then, create subnets, security groups, and assign EIPs by following the procedure provided in subsequent sections based on your actual network requirements. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. Click **Create VPC**. - -#. On the **Create VPC** page, set parameters as prompted. - - A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. - - .. table:: **Table 1** VPC parameter descriptions - - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - - .. table:: **Table 2** VPC tag key and value requirements - - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+============================================================================+=======================+ - | Key | - Cannot be left blank. | vpc_key1 | - | | - Must be unique for the same VPC and can be the same for different VPCs. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | vpc-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - - .. _vpc_vpc02_0002__en-us_topic_0118498861_table6536185812515: - - .. table:: **Table 3** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **Create Now**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst deleted file mode 100644 index 18af104..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst +++ /dev/null @@ -1,45 +0,0 @@ -:original_name: vpc_vpc02_0006.html - -.. _vpc_vpc02_0006: - -Deleting a Subnet -================= - -Scenarios ---------- - -You can delete a subnet to release network resources if the subnet is no longer required. - -Prerequisites -------------- - -You can delete a subnet only if there are no resources in the subnet. If there are resources in the subnet, you must delete those resources before you can delete the subnet. - -You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. - -The resources may include: - -- ECS -- BMS -- CCE cluster -- RDS instance -- MRS cluster -- DCS instance -- Load balancer -- VPN -- Private IP address -- Custom route -- NAT gateway - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC from which a subnet is to be deleted and click the VPC name. -#. On the **Subnets** page, locate the target subnet and click **Delete**. -#. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0226223279.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst deleted file mode 100644 index 345ed69..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst +++ /dev/null @@ -1,39 +0,0 @@ -:original_name: vpc_vpc02_0007.html - -.. _vpc_vpc02_0007: - -Deleting a VPC -============== - -Scenarios ---------- - -You can delete a VPC if the VPC is no longer required. - -You can delete a VPC only if there are no resources in the VPC. If there are resources in the VPC, you must delete those resources before you can delete the VPC. - -A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. - -- Subnets. For details, see section :ref:`Deleting a Subnet `. -- VPNs. For details, see *Virtual Private Network User Guide*. -- Direct Connect connections. For details, see the *Direct Connect User Guide*. -- Custom routes. For details, see section :ref:`Deleting a Route `. -- VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. - -Notes and Constraints ---------------------- - -If there are any EIPs or security groups, the last VPC cannot be deleted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst deleted file mode 100644 index 560b1ff..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_vpc02_0010.html - -.. _vpc_vpc02_0010: - -Exporting VPC List -================== - -Scenarios ---------- - -Information about all VPCs under your account can be exported as an Excel file to a local directory. This file records the names, ID, status, IP address ranges of VPCs, and the number of subnets. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **Virtual Private Cloud**. - -5. In the upper right corner of the VPC list, click |image2|. - - The system will automatically export information about all VPCs under your account in the current region. They will be exported in Excel format. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0233469654.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/index.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/index.rst deleted file mode 100644 index 4d69f5f..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_vpc02_0000.html - -.. _vpc_vpc02_0000: - -VPC and Subnet -============== - -- :ref:`Creating a VPC ` -- :ref:`Modifying a VPC ` -- :ref:`Creating a Subnet for the VPC ` -- :ref:`Modifying a Subnet ` -- :ref:`Deleting a Subnet ` -- :ref:`Deleting a VPC ` -- :ref:`Managing VPC Tags ` -- :ref:`Managing Subnet Tags ` -- :ref:`Exporting VPC List ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - creating_a_vpc - modifying_a_vpc - creating_a_subnet_for_the_vpc - modifying_a_subnet - deleting_a_subnet - deleting_a_vpc - managing_vpc_tags - managing_subnet_tags - exporting_vpc_list diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_subnet_tags.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_subnet_tags.rst deleted file mode 100644 index 28d06a1..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_subnet_tags.rst +++ /dev/null @@ -1,97 +0,0 @@ -:original_name: vpc_vpc02_0009.html - -.. _vpc_vpc02_0009: - -Managing Subnet Tags -==================== - -Scenarios ---------- - -A subnet tag identifies a subnet. Tags can be added to subnets to facilitate subnet identification and administration. You can add a tag to a subnet when creating the subnet, or you can add a tag to a created subnet on the subnet details page. A maximum of 20 tags can be added to each subnet. - -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. - -.. _vpc_vpc02_0009__en-us_topic_0118498932_ted9687ca14074ef785241145365a6175: - -.. table:: **Table 1** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -Procedure ---------- - -**Search for subnets by tag key and value on the page showing the subnet list.** - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. Under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. On the **Virtual Private Cloud** page, locate the VPC containing the target subnet and click the VPC name. - -#. In the upper right corner of the subnet list, click **Search by Tag**. - -#. Enter the tag key of the subnet to be queried. - - Both the tag key and value must be specified. The system automatically displays the subnets you are looking for if both the tag key and value are matched. - -#. Click **+** to specify additional tag keys and values. - - You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for subnets, the subnets containing all specified tags will be displayed. - -#. Click **Search**. - - The system displays the subnets you are looking for based on the entered tag keys and values. - -**Add, delete, edit, and view tags on the Tags tab of a subnet.** - -#. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. Under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. On the **Virtual Private Cloud** page, locate the VPC containing the target subnet and click the VPC name. -#. Click the name of the target subnet. -#. On the subnet details page, click the **Tags** tab and perform desired operations on tags. - - - View tags. - - On the **Tags** tab, you can view details about tags added to the current subnet, including the number of tags and the key and value of each tag. - - - Add a tag. - - Click **Add Tag** in the upper left corner. In the displayed **Add Tag** dialog box, enter the tag key and value, and click **OK**. - - - Edit a tag. - - Locate the row that contains the tag to be edited, and click **Edit** in the **Operation** column. Enter the new tag key and value, and click **OK**. - - - Delete a tag. - - Locate the row that contains the tag to be deleted, and click **Delete** in the **Operation** column. In the displayed **Delete Tag** dialog box, click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0226829589.png -.. |image2| image:: /_static/images/en-us_image_0226829587.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst deleted file mode 100644 index c5bbacb..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst +++ /dev/null @@ -1,101 +0,0 @@ -:original_name: vpc_vpc02_0008.html - -.. _vpc_vpc02_0008: - -Managing VPC Tags -================= - -Scenarios ---------- - -A VPC tag identifies a VPC. Tags can be added to VPCs to facilitate VPC identification and management. You can add a tag to a VPC when creating the VPC, or you can add a tag to a created VPC on the VPC details page. A maximum of 20 tags can be added to each VPC. - -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. - -.. _vpc_vpc02_0008__en-us_topic_0118498924_ted9687ca14074ef785241145365a6175: - -.. table:: **Table 1** VPC tag key and value requirements - - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+============================================================================+=======================+ - | Key | - Cannot be left blank. | vpc_key1 | - | | - Must be unique for the same VPC and can be the same for different VPCs. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | vpc-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+----------------------------------------------------------------------------+-----------------------+ - -Procedure ---------- - -**Search for VPCs by tag key and value on the page showing the VPC list.** - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. In the upper right corner of the VPC list, click **Search by Tag**. - -#. In the displayed area, enter the tag key and value of the VPC you are looking for. - - Both the tag key and value must be specified. The system automatically displays the VPCs you are looking for if both the tag key and value are matched. - -#. Click + to add more tag keys and values. - - You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for VPCs, the VPCs containing all specified tags will be displayed. - -#. Click **Search**. - - The system displays the VPCs you are looking for based on the entered tag keys and values. - -**Add, delete, edit, and view tags on the Tags tab of a VPC.** - -#. Log in to the management console. - -#. Click |image2| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. On the **Virtual Private Cloud** page, locate the VPC whose tags are to be managed and click the VPC name. - - The page showing details about the particular VPC is displayed. - -#. Click the **Tags** tab and perform desired operations on tags. - - - View tags. - - On the **Tags** tab, you can view details about tags added to the current VPC, including the number of tags and the key and value of each tag. - - - Add a tag. - - Click **Add Tag** in the upper left corner. In the displayed **Add Tag** dialog box, enter the tag key and value, and click **OK**. - - - Edit a tag. - - Locate the row that contains the tag you want to edit and click **Edit** in the **Operation** column. In the **Edit Tag** dialog box, change the tag value and click **OK**. - - - Delete a tag. - - Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_subnet.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_subnet.rst deleted file mode 100644 index c4b463e..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_subnet.rst +++ /dev/null @@ -1,59 +0,0 @@ -:original_name: vpc_vpc02_0005.html - -.. _vpc_vpc02_0005: - -Modifying a Subnet -================== - -Scenarios ---------- - -Modify the subnet name, NTP server address, and DNS server address. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. On the **Virtual Private Cloud** page, locate the VPC for which a subnet is to be modified and click the VPC name. - -#. In the subnet list, locate the target subnet and click **Modify**. Modify the parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0226829586.png - :alt: **Figure 1** Modify Subnet - - **Figure 1** Modify Subnet - - .. table:: **Table 1** Parameter description - - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================================================================================================+=======================+ - | Name | Specifies the subnet name. | Subnet | - | | | | - | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | NTP Server Address | Specifies the IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | - | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | - | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - | | | | - | | .. note:: | | - | | | | - | | - If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately. | | - | | - If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0226829591.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_vpc.rst deleted file mode 100644 index 9afa00e..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/modifying_a_vpc.rst +++ /dev/null @@ -1,70 +0,0 @@ -:original_name: vpc_vpc02_0003.html - -.. _vpc_vpc02_0003: - -Modifying a VPC -=============== - -Scenarios ---------- - -Change the VPC name and CIDR block. - -If the VPC CIDR block conflicts with the CIDR block of a VPN created in the VPC, you can modify its CIDR block. - -Notes and Constraints ---------------------- - -- When modifying the VPC CIDR block: - - - The VPC CIDR block to be modified must be in the supported CIDR blocks: 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255 - - If the VPC has subnets, the VPC CIDR block to be modified must contain all subnet CIDR blocks. - -When modifying the VPC CIDR block: - -- The VPC CIDR block to be modified must be in the supported CIDR blocks: 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255 -- If the VPC has subnets, the VPC CIDR block to be modified must contain all subnet CIDR blocks. - -Procedure ---------- - -**Modifying the VPC CIDR Block** - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. - -#. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be modified and click **Edit CIDR Block** in the **Operation** column. - -#. Set a new CIDR block. - - - .. figure:: /_static/images/en-us_image_0000001286573614.png - :alt: **Figure 1** Edit CIDR Block - - **Figure 1** Edit CIDR Block - -#. Click **OK**. - -**Modifying a VPC** - -#. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Modify the basic information about a VPC using either of the following methods : - - - In the VPC list, click |image3| on the right of the VPC name to change the VPC name. - - - In the VPC list, click the VPC name. - - On the VPC details page, click |image4| next to the VPC name or description to change the VPC name or description. - -.. |image1| image:: /_static/images/en-us_image_0000001338933333.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0000001222749226.png -.. |image4| image:: /_static/images/en-us_image_0000001222749910.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst deleted file mode 100644 index 158ecb1..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst +++ /dev/null @@ -1,78 +0,0 @@ -:original_name: vpc_FlowLog02_0002.html - -.. _vpc_FlowLog02_0002: - -Creating a VPC Flow Log -======================= - -Scenarios ---------- - -A VPC flow log records information about the traffic going to and from a VPC. - -Prerequisites -------------- - -Ensure that the following operations have been performed on the LTS console: - -- Create a log group. -- Create a log topic. - -For more information about the LTS service, see the *Log Tank Service User Guide*. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **VPC Flow Logs**. - -5. In the upper right corner, click **Create VPC Flow Log**. On the displayed page, configure parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0191544038.png - :alt: **Figure 1** Create VPC Flow Log - - **Figure 1** Create VPC Flow Log - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+============================================================================================================================================================================================================================================================+=======================+ - | Name | The VPC flow log name. | flowlog-495d | - | | | | - | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Resource Type | The type of resources whose traffic is to be logged. You can select **NIC**, **Subnet**, or **VPC**. | NIC | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Resource | The specific NIC whose traffic is to be logged. | N/A | - | | | | - | | .. note:: | | - | | | | - | | We recommend that you select an ECS that is in the running state. If an ECS in the stopped state is selected, restart the ECS after creating the VPC flow log for accurately recording the information about the traffic going to and from the ECS NIC. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Filter | - **All traffic**: specifies that both accepted and rejected traffic of the specified resource will be logged. | All | - | | - **Accepted traffic**: specifies that only accepted traffic of the specified resource will be logged. Accepted traffic refers to the traffic permitted by the security group or firewall. | | - | | - **Rejected traffic**: specifies that only rejected traffic of the specified resource will be logged. Rejected traffic refers to the traffic denied by the firewall. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Log Group | The log group created in LTS. | lts-group-wule | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Log Topic | The log topic created in LTS. | LogTopic1 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the VPC flow log. This parameter is optional. | N/A | - | | | | - | | The VPC flow log description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - - .. note:: - - Only two flow logs, each with a different filter, can be created for a single resource under the same log group and log topic. Each VPC flow log must be unique. - -6. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst deleted file mode 100644 index 49a4b54..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst +++ /dev/null @@ -1,38 +0,0 @@ -:original_name: vpc_FlowLog02_0005.html - -.. _vpc_FlowLog02_0005: - -Deleting a VPC Flow Log -======================= - -Scenarios ---------- - -Delete a VPC flow log that is not required. Deleting a VPC flow log will not delete the existing flow log records in LTS. - -.. note:: - - If a NIC that uses a VPC flow log is deleted, the flow log will be automatically deleted. However, the flow log records are not deleted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **VPC Flow Logs**. - -5. Locate the row that contains the VPC flow log to be deleted and click **Delete** in the **Operation** column. - - - .. figure:: /_static/images/en-us_image_0191594527.png - :alt: **Figure 1** Deleting a VPC flow log - - **Figure 1** Deleting a VPC flow log - -6. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst deleted file mode 100644 index c4af0ed..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst +++ /dev/null @@ -1,25 +0,0 @@ -:original_name: vpc_FlowLog02_0004.html - -.. _vpc_FlowLog02_0004: - -Enabling or Disabling VPC Flow Log -================================== - -Scenarios ---------- - -After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **VPC Flow Logs**. -5. Locate the VPC flow log to be enabled or disabled, and click **Enable** or **Disable** in the **Operation** column. -6. Click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/index.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/index.rst deleted file mode 100644 index 396b0a7..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/index.rst +++ /dev/null @@ -1,22 +0,0 @@ -:original_name: vpc_FlowLog02_0000.html - -.. _vpc_FlowLog02_0000: - -VPC Flow Log -============ - -- :ref:`VPC Flow Log Overview ` -- :ref:`Creating a VPC Flow Log ` -- :ref:`Viewing a VPC Flow Log ` -- :ref:`Enabling or Disabling VPC Flow Log ` -- :ref:`Deleting a VPC Flow Log ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - vpc_flow_log_overview - creating_a_vpc_flow_log - viewing_a_vpc_flow_log - enabling_or_disabling_vpc_flow_log - deleting_a_vpc_flow_log diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst deleted file mode 100644 index dcc4bae..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst +++ /dev/null @@ -1,121 +0,0 @@ -:original_name: vpc_FlowLog02_0003.html - -.. _vpc_FlowLog02_0003: - -Viewing a VPC Flow Log -====================== - -Scenarios ---------- - -View information about your flow log record. - -The capture window is approximately 10 minutes, which indicates that a flow log record will be generated every 10 minutes. After creating a VPC flow log, you need to wait about 10 minutes before you can view the flow log record. - -.. note:: - - If an ECS is in the stopped state, its flow log records will not be displayed. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, choose **VPC Flow Logs**. - -5. Locate the target VPC flow log and click **View Log Record** in the **Operation** column to view information about the flow log record in LTS. - - - .. figure:: /_static/images/en-us_image_0191577030.png - :alt: **Figure 1** Viewing a log record - - **Figure 1** Viewing a log record - - - .. figure:: /_static/images/en-us_image_0191588554.png - :alt: **Figure 2** Flow log record - - **Figure 2** Flow log record - - The flow log record is in the following format: - - .. code-block:: - - - - Example 1: The following is an example of a flow log record in which data was recorded during the capture window: - - .. code-block:: - - 1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK - - Value **1** indicates the VPC flow log version. Traffic with a size of 96 bytes to NIC **1d515d18-1b36-47dc-a983-bd6512aed4bd** during the past 10 minutes (from 16:55:36 to 17:05:36 on January 29, 2019) was allowed. A data packet was transmitted over the UDP protocol from source IP address **192.168.0.154** and port **38929** to destination IP address **192.168.3.25** and port **53**. - - Example 2: The following is an example of a flow log record in which no data was recorded during the capture window: - - .. code-block:: - - 1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd - - - - - - - 1431280876 1431280934 - NODATA - - Example 3: The following is an example of a flow log record in which data was skipped during the capture window: - - .. code-block:: - - 1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd - - - - - - - 1431280876 1431280934 - SKIPDATA - - :ref:`Table 1 ` describes the fields of a flow log record. - - .. _vpc_flowlog02_0003__en-us_topic_0151016582_table1313851722313: - - .. table:: **Table 1** Log field description - - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Field | Description | Example Value | - +=======================+===============================================================================================================================================================================================================================================================================================================================================+======================================+ - | version | The VPC flow log version. | 1 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | project-id | The project ID. | 5f67944957444bd6bb4fe3b367de8f3d | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | interface-id | The ID of the NIC for which the traffic is recorded. | 1d515d18-1b36-47dc-a983-bd6512aed4bd | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | srcaddr | The source IP address. | 192.168.0.154 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | dstaddr | The destination IP address. | 192.168.3.25 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | srcport | The source port. | 38929 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | dstport | The destination port. | 53 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | protocol | The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For details, see `Assigned Internet Protocol Numbers `__. | 17 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | packets | The number of packets transferred during the capture window. | 1 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | bytes | The number of bytes transferred during the capture window. | 96 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | start | The time, in Unix seconds, of the start of the capture window. | 1548752136 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | end | The time, in Unix seconds, of the end of the capture window. | 1548752736 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | action | The action associated with the traffic: | ACCEPT | - | | | | - | | - **ACCEPT**: The recorded traffic was allowed by the security groups or firewalls. | | - | | - **REJECT**: The recorded traffic was denied by the firewalls. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | log-status | The logging status of the VPC flow log: | OK | - | | | | - | | - **OK**: Data is logging normally to the chosen destinations. | | - | | - **NODATA**: There was no traffic of the **Filter** setting to or from the NIC during the capture window. | | - | | - **SKIPDATA**: Some flow log records were skipped during the capture window. This may be caused by an internal capacity constraint or an internal error. | | - | | | | - | | Example: | | - | | | | - | | When **Filter** is set to **Accepted traffic**, if there is accepted traffic, the value of **log-status** is **OK**. If there is no accepted traffic, the value of **log-status** is **NODATA** regardless of whether there is rejected traffic. If some accepted traffic is abnormally skipped, the value of **log-status** is **SKIPDATA**. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - -You can enter a keyword on the log topic details page on the LTS console to search for flow log records. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst deleted file mode 100644 index 2c5c8d6..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst +++ /dev/null @@ -1,24 +0,0 @@ -:original_name: vpc_FlowLog02_0001.html - -.. _vpc_FlowLog02_0001: - -VPC Flow Log Overview -===================== - -A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification. - -VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring the VPC flow log function. - -.. _vpc_flowlog02_0001__en-us_topic_0151014680_fig1535115691415: - -.. figure:: /_static/images/en-us_image_0162336264.png - :alt: **Figure 1** Configuring the VPC flow log function - - **Figure 1** Configuring the VPC flow log function - -Notes and Constraints ---------------------- - -- Currently, only C3, M3, and S2 ECSs support VPC flow logs. -- By default, you can create a maximum of 10 VPC flow logs. -- By default, a maximum of 400,000 flow log records are supported. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst deleted file mode 100644 index 22a5bd2..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ /dev/null @@ -1,155 +0,0 @@ -:original_name: vpc_peering02_0004.html - -.. _vpc_peering02_0004: - -Creating a VPC Peering Connection with a VPC in Another Account -=============================================================== - -Scenarios ---------- - -The VPC service also allows you to create a VPC peering connection with a VPC in another account. The two VPCs must be in the same region. If you request a VPC peering connection with a VPC in another account in the same region, the owner of the peer account must accept the request to activate the connection. - -Creating a VPC Peering Connection ---------------------------------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. In the right pane displayed, click **Create VPC Peering Connection**. - -#. Configure parameters as prompted. You must select **Another account** for **Account**. - - - .. figure:: /_static/images/en-us_image_0226829595.png - :alt: **Figure 1** Create VPC Peering Connection - - **Figure 1** Create VPC Peering Connection - - .. table:: **Table 1** Parameter description - - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Parameter | Description | Example Value | - +=======================+============================================================================================================================================+======================================+ - | Name | Specifies the name of the VPC peering connection. | peering-001 | - | | | | - | | The name contains a maximum of 64 characters, which consist of letters, digits, hyphens (-), and underscores (_). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Local VPC | Specifies the local VPC. You can select one from the drop-down list. | vpc_002 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Account | Specifies the account to which the VPC to peer with belongs. | Another account | - | | | | - | | - **My account**: The VPC peering connection will be created between two VPCs, in the same region, in your account. | | - | | - **Another account**: The VPC peering connection will be created between your VPC and a VPC in another account, in the same region. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Peer Project ID | This parameter is available only when **Another account** is selected. | ``-`` | - | | | | - | | For details about how to obtain the peer project ID, see :ref:`Obtaining the Peer Project ID `. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Peer VPC ID | This parameter is available only when **Another account** is selected. | 65d062b3-40fa-4204-8181-3538f527d2ab | - | | | | - | | For details about how to obtain the peer VPC ID, see :ref:`Obtaining the Peer VPC ID `. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ - -#. Click **OK**. - -Accepting a VPC Peering Connection Request ------------------------------------------- - -To request a VPC peering connection with a VPC in another account, the owner of the peer account must accept the request to activate the connection. - -#. The owner of the peer account logs in to the management console. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. - - - .. figure:: /_static/images/en-us_image_0162391155.png - :alt: **Figure 2** VPC peering connection list - - **Figure 2** VPC peering connection list - -#. Click **Yes** in the displayed dialog box. - -Refusing a VPC Peering Connection ---------------------------------- - -The owner of the peer account can reject any VPC peering connection request that they receive. If a VPC peering connection request is rejected, the connection will not be established. You must delete the rejected VPC peering connection request before creating a VPC peering connection between the same VPCs as those in the rejected request. - -#. The owner of the peer account logs in to the management console. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **VPC Peering**. -#. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Reject Request** in the **Operation** column. -#. Click **Yes** in the displayed dialog box. - -Adding Routes for the VPC Peering Connection --------------------------------------------- - -If you request a VPC peering connection with a VPC in another account, the owner of the peer account must accept the request. To enable communication between the two VPCs, you need to add routes for the VPC peering connection. The owner of the local account can add only the local route because the owner does not have the required permission to perform operations on the peer VPC. The owner of the peer account must add the peer route. The procedure for adding a local route and a peer route is the same. - -#. Log in to the management console. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. Locate the target VPC peering connection in the connection list. - -#. Click the name of the VPC peering connection to switch to the page showing details about the connection. - -#. On the displayed page, click the **Local Routes** tab. - -#. In the displayed **Local Routes** area, click **Add Local Route**. In the displayed dialog box, add a local route. :ref:`Table 2 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0226820459.png - :alt: **Figure 3** Add Local Route - - **Figure 3** Add Local Route - - .. _vpc_peering02_0004__en-us_topic_0118498933_en-us_topic_0118498960_table1626072032518: - - .. table:: **Table 2** Route parameter description - - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Parameter | Description | Example Value | - +=============+=============================================================================================================+======================================+ - | Destination | Specifies the destination address. Set it to the peer VPC or subnet CIDR block. | 192.168.2.0/24 | - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Next Hop | Specifies the next hop address. The default value is the VPC peering connection ID. Keep the default value. | d1a7863b-9d5e-4d27-8eaf-ab14d2a9148b | - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - -#. Click **OK**. - -After the VPC peering connection is created, the two VPCs can communicate with each other through private IP addresses. You can run the **ping** command to check whether the two VPCs can communicate with each other. - -If two VPCs cannot communicate with each other, check the configuration by following the instructions provided in :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` - -.. _vpc_peering02_0004__section41291933224121: - -Obtaining the Peer Project ID ------------------------------ - -#. The owner of the peer account logs in to the management console. -#. Select **My Credentials** from the username drop-down list. -#. On the **Projects** tab, obtain the required project ID. - -.. _vpc_peering02_0004__section19734314164713: - -Obtaining the Peer VPC ID -------------------------- - -#. The owner of the peer account logs in to the management console. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Click the target VPC name and view VPC ID on the VPC details page. - -.. |image1| image:: /_static/images/en-us_image_0226829583.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst deleted file mode 100644 index e56336f..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ /dev/null @@ -1,121 +0,0 @@ -:original_name: vpc_peering02_0003.html - -.. _vpc_peering02_0003: - -Creating a VPC Peering Connection with Another VPC in Your Account -================================================================== - -Scenarios ---------- - -To create a VPC peering connection, first create a request to peer with another VPC. You can request a VPC peering connection with another VPC in your account, but the two VPCs must be in the same region. The system automatically accepts the request. - -Prerequisites -------------- - -Two VPCs in the same region have been created. - -Creating a VPC Peering Connection ---------------------------------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the right pane displayed, click **Create VPC Peering Connection**. - -6. Configure parameters as prompted. You must select **My account** for **Account**. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0167839112.png - :alt: **Figure 1** Create VPC Peering Connection - - **Figure 1** Create VPC Peering Connection - - .. _vpc_peering02_0003__en-us_topic_0118498960_table1215761020244: - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+==========================================================================================================================================================+=======================+ - | Name | The name of the VPC peering connection. | peering-001 | - | | | | - | | The name contains a maximum of 64 characters, which consist of letters, digits, hyphens (-), and underscores (_). | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Local VPC | The local VPC. You can select one from the drop-down list. | vpc_002 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Local VPC CIDR Block | The CIDR block for the local VPC. | 192.168.10.0/24 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Account | The account to which the peer VPC belongs. | My account | - | | | | - | | - **My account**: The VPC peering connection will be created between two VPCs, in the same region, in your account. | | - | | - **Another account**: The VPC peering connection will be created between your VPC and a VPC in another account, in the same region. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer Project | The peer project name. The project name of the current project is used by default. | aaa | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer VPC | The peer VPC. You can select one from the drop-down list if the VPC peering connection is created between two VPCs in your own account. | vpc_fab1 | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Peer VPC CIDR Block | The CIDR block for the peer VPC. | 192.168.2.0/24 | - | | | | - | | The local and peer VPCs cannot have matching or overlapping CIDR blocks. Otherwise, the routes added for the VPC peering connection may not take effect. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -Adding Routes for the VPC Peering Connection --------------------------------------------- - -If you request a VPC peering connection with another VPC in your own account, the system automatically accepts the request. To enable communication between the two VPCs, you need to add local and peer routes for the VPC peering connection. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **VPC Peering**. - -#. Locate the target VPC peering connection in the connection list. - - - .. figure:: /_static/images/en-us_image_0226820452.png - :alt: **Figure 2** VPC peering connection list - - **Figure 2** VPC peering connection list - -#. Click the name of the VPC peering connection to switch to the page showing details about the connection. - -#. In the displayed **Local Routes** area, click **Add Local Route**. In the displayed dialog box, add a local route. :ref:`Table 2 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0226820455.png - :alt: **Figure 3** Add Local Route - - **Figure 3** Add Local Route - - .. _vpc_peering02_0003__en-us_topic_0118498960_table1626072032518: - - .. table:: **Table 2** Route parameter description - - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Parameter | Description | Example Value | - +=============+=============================================================================================================+======================================+ - | Destination | Specifies the destination address. Set it to the peer VPC or subnet CIDR block. | 192.168.2.0/24 | - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - | Next Hop | Specifies the next hop address. The default value is the VPC peering connection ID. Keep the default value. | d1a7863b-9d5e-4d27-8eaf-ab14d2a9148b | - +-------------+-------------------------------------------------------------------------------------------------------------+--------------------------------------+ - -#. Click **OK** to switch to the page showing the VPC peering connection details. - -#. On the displayed page, click the **Peer Routes** tab. - -#. In the displayed **Peer Routes** area, click **Add Peer Route** and add a route. - -#. Click **OK**. - -After a VPC peering connection is created, the two VPCs can communicate with each other through private IP addresses. You can run the **ping** command to check whether the two VPCs can communicate with each other. - -If two VPCs cannot communicate with each other, check the configuration by following the instructions provided in :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst deleted file mode 100644 index 6a40b0e..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_peering02_0007.html - -.. _vpc_peering02_0007: - -Deleting a VPC Peering Connection -================================= - -Scenarios ---------- - -The owners of both the local and peer accounts can delete a VPC peering connection in any state. After a VPC peering connection is deleted, routes configured for the connection will be automatically deleted as well. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Locate the target VPC peering connection and click **Delete** in the **Operation** column. - -7. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst deleted file mode 100644 index e285ba4..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst +++ /dev/null @@ -1,29 +0,0 @@ -:original_name: vpc_peering02_0010.html - -.. _vpc_peering02_0010: - -Deleting a VPC Peering Route -============================ - -Scenarios ---------- - -After routes are added for a VPC peering connection, the owners of both the local and peer accounts can delete the routes on the page showing details about the peering connection. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **VPC Peering**. -#. Locate the target VPC peering connection in the connection list. -#. Click the name of the VPC peering connection to switch to the page showing details about the connection. -#. On the displayed page, click the **Local Routes** tab and view information about the local route added for the VPC peering connection. -#. On the **Local Routes** page, locate the target local route, and click **Delete** in the **Operation** column. -#. Click **Yes** in the displayed dialog box. -#. On the page showing details about the VPC peering connection, click the **Peer Routes** tab and view information about the peer route added for the VPC peering connection. -#. On the **Peer Routes** page, locate the target peer route, and click **Delete** in the **Operation** column. -#. Click **Yes** in the displayed dialog box. - -.. |image1| image:: /_static/images/en-us_image_0226820796.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/index.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/index.rst deleted file mode 100644 index 2226b57..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_peering02_0000.html - -.. _vpc_peering02_0000: - -VPC Peering Connection -====================== - -- :ref:`VPC Peering Connection Creation Procedure ` -- :ref:`VPC Peering Connection Configuration Plans ` -- :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` -- :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` -- :ref:`Viewing VPC Peering Connections ` -- :ref:`Modifying a VPC Peering Connection ` -- :ref:`Deleting a VPC Peering Connection ` -- :ref:`Viewing Routes Configured for a VPC Peering Connection ` -- :ref:`Deleting a VPC Peering Route ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - vpc_peering_connection_creation_procedure - vpc_peering_connection_configuration_plans - creating_a_vpc_peering_connection_with_another_vpc_in_your_account - creating_a_vpc_peering_connection_with_a_vpc_in_another_account - viewing_vpc_peering_connections - modifying_a_vpc_peering_connection - deleting_a_vpc_peering_connection - viewing_routes_configured_for_a_vpc_peering_connection - deleting_a_vpc_peering_route diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst deleted file mode 100644 index 3961ad5..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_peering02_0006.html - -.. _vpc_peering02_0006: - -Modifying a VPC Peering Connection -================================== - -Scenarios ---------- - -The owners of both the local and peer accounts can modify a VPC peering connection in any state. The VPC peering connection name can be changed. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Locate the target VPC peering connection and click **Modify** in the **Operation** column. In the displayed dialog box, modify information about the VPC peering connection. - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst deleted file mode 100644 index 1bff595..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ /dev/null @@ -1,26 +0,0 @@ -:original_name: vpc_peering02_0008.html - -.. _vpc_peering02_0008: - -Viewing Routes Configured for a VPC Peering Connection -====================================================== - -Scenarios ---------- - -After routes are added for a VPC peering connection, the owners of both the local and peer accounts can view information about the routes on the page showing details about the VPC peering connection. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **VPC Peering**. -5. Locate the target VPC peering connection in the connection list. -6. Click the name of the VPC peering connection to switch to the page showing details about the connection. -7. On the displayed page, click the **Local Routes** tab and view information about the local route added for the VPC peering connection. -8. On the page showing details about the VPC peering connection, click the **Peer Routes** tab and view information about the peer route added for the VPC peering connection. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst deleted file mode 100644 index e8a9e87..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ /dev/null @@ -1,34 +0,0 @@ -:original_name: vpc_peering02_0005.html - -.. _vpc_peering02_0005: - -Viewing VPC Peering Connections -=============================== - -Scenarios ---------- - -The owners of both the local and peer accounts can view information about the created VPC peering connections and those that are still waiting to be accepted. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -4. In the navigation pane on the left, click **VPC Peering**. - -5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. - - - .. figure:: /_static/images/en-us_image_0162391187.png - :alt: **Figure 1** VPC peering connection list - - **Figure 1** VPC peering connection list - -6. Click the VPC peering connection name. On the displayed page, view detailed information about the VPC peering connection. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst deleted file mode 100644 index 837e058..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_configuration_plans.rst +++ /dev/null @@ -1,75 +0,0 @@ -:original_name: vpc_peering02_0002.html - -.. _vpc_peering02_0002: - -VPC Peering Connection Configuration Plans -========================================== - -To enable two VPCs in the same region to communicate with each other, you can create a VPC peering connection between them. The VPC and subnet CIDR blocks must meet the requirements in :ref:`Table 1 `. - -.. _vpc_peering02_0002__en-us_topic_0118499087_table461583720304: - -.. table:: **Table 1** Requirements for VPC and subnet CIDR blocks - - +-----------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+ - | Requirement | Description | - +=============================================================================+=================================================================================================================================================+ - | - VPC CIDR blocks do not overlap. | A VPC peering connection can enable communications between the entire VPC CIDR blocks. The destination of a route is a VPC CIDR block. | - | - There are no requirements on subnet CIDR blocks. | | - | | For details, see :ref:`Route Configurations for Connecting Entire VPCs `. | - +-----------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+ - | - VPC CIDR blocks overlap. | A VPC peering connection can enable communications between subnets in the VPCs. The destination of a route is a subnet CIDR block. | - | - Subnet CIDR blocks connected by a VPC peering connection cannot overlap. | | - | | For details, see :ref:`Route Configurations for Connecting Specific Subnets `. | - +-----------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _vpc_peering02_0002__en-us_topic_0118499087_section11900751101219: - -Route Configurations for Connecting Entire VPCs ------------------------------------------------ - -- Connections can be: - - - Between two VPCs - - Among multiple VPCs - -- If you need to configure routes that point to entire VPCs, none of the VPCs involved in VPC peering connections can overlap. Otherwise, VPC peering connections will not take effect because the routes will be unreachable. -- The destination of the route that points to an entire VPC is the CIDR block of the peer VPC, and the next hop is the VPC peering connection ID. - -.. _vpc_peering02_0002__en-us_topic_0118499087_section1370341061310: - -Route Configurations for Connecting Specific Subnets ----------------------------------------------------- - -If VPCs connected by a VPC peering connection have overlapping CIDR blocks, the connection can only enable communications between non-overlapping subnets in the VPCs. If subnets in the two VPCs of a VPC peering connection overlap with each other, the connection will not take effect. When you create a VPC peering connection, ensure that the VPCs involved do not contain overlapping subnets. - -For example, VPC 1 and VPC 2 have matching CIDR blocks, but the subnets in the two VPCs do not overlap. A VPC peering connection can be created between pairs of subnets that do not overlap with each other. The route table is used to control the specific subnets that the VPC peering connection is created for. :ref:`Figure 1 ` shows a VPC peering connection created between two subnets. Routes are required to enable communication between Subnet A in VPC 1 and Subnet X in VPC 2. - -.. _vpc_peering02_0002__en-us_topic_0118499087_fig95191521148: - -.. figure:: /_static/images/en-us_image_0194358487.png - :alt: **Figure 1** VPC peering connection between Subnet A and Subnet X - - **Figure 1** VPC peering connection between Subnet A and Subnet X - -:ref:`Figure 2 ` shows the routes configured for the VPC peering connection between Subnet A and Subnet X. After the routes are configured, Subnet A and Subnet X can communicate with each other. - -.. _vpc_peering02_0002__en-us_topic_0118499087_fig13211186151514: - -.. figure:: /_static/images/en-us_image_0194358495.png - :alt: **Figure 2** Route tables for the VPC peering connection between Subnet A and Subnet X - - **Figure 2** Route tables for the VPC peering connection between Subnet A and Subnet X - -If two VPCs have overlapping subnets, a VPC peering connection created between the two subnets will not take effect, and the subnets cannot communicate with each other. - -As shown in :ref:`Figure 3 `, a VPC peering connection is created between subnet A of VPC1 and subnet X of VPC2. Subnet B of VPC1 and subnet X of VPC2 overlap with each other. If the destination of a route in the route table of VPC1 is set to the CIDR block of subnet X in VPC2, this route will conflict with the system route of subnet B in VPC1. Subnet A preferentially accesses subnet B and the VPC peering connection does not take effect. - -.. _vpc_peering02_0002__en-us_topic_0118499087_fig1253173812157: - -.. figure:: /_static/images/en-us_image_0194358504.png - :alt: **Figure 3** Invalid VPC peering connection - - **Figure 3** Invalid VPC peering connection - -If peering connections are used to link VPC 1 to multiple VPCs, for example, VPC 2, VPC 3, and VPC 4, the subnets of VPC 1 cannot overlap with those of VPC 2, VPC 3, and VPC 4. If VPC 2, VPC 3, and VPC 4 have overlapping subnets, a VPC peering connection can be created between only one of these overlapping subnets and a subnet of VPC 1. If a VPC peering connection is created between a subnet and the other *N* subnets, none of the subnets can overlap. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst deleted file mode 100644 index 704ea09..0000000 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_peering02_0001.html - -.. _vpc_peering02_0001: - -VPC Peering Connection Creation Procedure -========================================= - -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. - -- Creating a VPC peering connection between VPCs in your account - - - .. figure:: /_static/images/en-us_image_0162335561.png - :alt: **Figure 1** Creating a VPC peering connection between VPCs in your account - - **Figure 1** Creating a VPC peering connection between VPCs in your account - - If you create a VPC peering connection between two VPCs in your account, the system accepts the connection by default. You need to add routes for the local and peer VPCs to enable communication between the two VPCs. - -- Creating a VPC peering connection with a VPC in another account - - - .. figure:: /_static/images/en-us_image_0162335565.png - :alt: **Figure 2** Creating a VPC peering connection with a VPC in another account - - **Figure 2** Creating a VPC peering connection with a VPC in another account - - If you create a VPC peering connection between your VPC and a VPC that is in another account, the VPC peering connection will be in the **Awaiting acceptance** state. After the owner of the peer account accepts the connection, the connection status changes to **Accepted**. The owners of both the local and peer accounts must configure the routes required by the VPC peering connection to enable communication between the two VPCs. - - If the local and peer VPCs have overlapping CIDR blocks, the routes added for the VPC peering connection may become invalid. Before creating a VPC peering connection between two VPCs that have overlapping CIDR blocks, ensure that none of the subnets in the two VPCs overlap. If none of the subnets in the two VPCs overlap, the VPC peering connection you created enables communication between subnets in the two VPCs. - - After a VPC peering connection is created, you can use the ping command to check whether the local network is connected. The ping command cannot be used to check whether the gateway of the peer subnet is connected. diff --git a/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst new file mode 100644 index 0000000..7b16bb6 --- /dev/null +++ b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst @@ -0,0 +1,50 @@ +:original_name: permission_0003.html + +.. _permission_0003: + +Creating a User and Granting VPC Permissions +============================================ + +This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: + +- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing VPC resources. +- Grant only the permissions required for users to perform a specific task. +- Entrust a cloud account or cloud service to perform efficient O&M on your VPC resources. + +If your cloud account does not require individual IAM users, skip this section. + +This section describes the procedure for granting permissions (see :ref:`Figure 1 `). + +Prerequisites +------------- + +Learn about the permissions (:ref:`Permissions `) supported by VPC and choose policies or roles according to your requirements. + +For permissions of other services, see . + +Process Flow +------------ + +.. _permission_0003__fig1447123814172: + +.. figure:: /_static/images/en-us_image_0171311823.png + :alt: **Figure 1** Process for granting VPC permissions + + **Figure 1** Process for granting VPC permissions + +#. .. _permission_0003__li8447183891715: + + `Create a user group and assign permissions to it `__. + + Create a user group on the IAM console, and assign the **VPC ReadOnlyAccess** policy to the group. + +#. `Create an IAM user and add it to the user group `__. + + Create a user on the IAM console and add the user to the group created in :ref:`1 `. + +#. `Log in `__ and verify permissions. + + Log in to the VPC console by using the user created in 2, and verify that the user only has read permissions for VPC. + + - Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPC ReadOnlyAccess** policy has already taken effect. + - Choose any other service in **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPC ReadOnlyAccess** policy has already taken effect. diff --git a/umn/source/permissions_management/index.rst b/umn/source/permissions_management/index.rst new file mode 100644 index 0000000..52f067a --- /dev/null +++ b/umn/source/permissions_management/index.rst @@ -0,0 +1,16 @@ +:original_name: permission_0001.html + +.. _permission_0001: + +Permissions Management +====================== + +- :ref:`Creating a User and Granting VPC Permissions ` +- :ref:`VPC Custom Policies ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_user_and_granting_vpc_permissions + vpc_custom_policies diff --git a/umn/source/permissions_management/vpc_custom_policies.rst b/umn/source/permissions_management/vpc_custom_policies.rst new file mode 100644 index 0000000..5d0a6a8 --- /dev/null +++ b/umn/source/permissions_management/vpc_custom_policies.rst @@ -0,0 +1,82 @@ +:original_name: permission_0004.html + +.. _permission_0004: + +VPC Custom Policies +=================== + +Custom policies can be created to supplement the system-defined policies of VPC. For the actions supported for custom policies, see `Permissions Policies and Supported Actions `__. + +You can create custom policies in either of the following ways: + +- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax. +- JSON: Edit JSON policies from scratch or based on an existing policy. + +For operation details, see `Creating a Custom Policy `__. The following section contains examples of common VPC custom policies. + +Example Custom Policies +----------------------- + +- Example 1: Allowing users to create and view VPCs + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + " + vpc:vpcs:create + vpc:svpcs:list + " + ] + } + ] + } + +- Example 2: Denying VPC deletion + + A deny policy must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both Allow and Deny actions, the Deny actions take precedence over the Allow actions. + + The following method can be used if you need to assign permissions of the **VPC FullAccess** policy to a user but also forbid the user from deleting VPCs. Create a custom policy for denying VPC deletion, and assign both policies to the group the user belongs to. Then the user can perform all operations on VPC except deleting VPCs. The following is an example deny policy: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Deny", + "Action": [ + "vpc:vpcs:delete" + ] + } + ] + } + +- Example 3: Defining permissions for multiple services in a policy + + A custom policy can contain the actions of multiple services that are of the global or project-level type. The following is an example policy containing actions of multiple services: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Action": [ + "vpc:vpcs:create", + "vpc:vpcs:update" + ], + "Effect": "Allow" + }, + { + "Action": [ + "ecs:servers:delete" + ], + "Effect": "Allow" + } + ] + } diff --git a/umn/source/route_tables/adding_a_custom_route.rst b/umn/source/route_tables/adding_a_custom_route.rst new file mode 100644 index 0000000..291bf51 --- /dev/null +++ b/umn/source/route_tables/adding_a_custom_route.rst @@ -0,0 +1,72 @@ +:original_name: vpc_route01_0006.html + +.. _vpc_route01_0006: + +Adding a Custom Route +===================== + +Scenarios +--------- + +Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can also add custom routes as required to forward the traffic destined for the destination to the specified next hop. + +Notes and Constraints +--------------------- + +A maximum of 200 routes can be added to each route table. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. In the route table list, click the name of the route table to which you want to add a route. + +6. Click **Add Route** and set parameters as prompted. + + You can click **+** to add more routes. + + + .. figure:: /_static/images/en-us_image_0000001540725521.png + :alt: **Figure 1** Add Route + + **Figure 1** Add Route + + .. table:: **Table 1** Parameter descriptions + + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Parameter | Description | Example Value | + +=======================+======================================================================================================================================================================+========================+ + | Destination | Mandatory | IPv4: 192.168.0.0/16 | + | | | | + | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | + | | | | + | | The destination of each route in a route table must be unique. The destination cannot overlap with any subnet in the VPC. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Mandatory | VPC peering connection | + | | | | + | | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | | + | | | | + | | .. note:: | | + | | | | + | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop | Mandatory | peer-AB | + | | | | + | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Description | Optional | ``-`` | + | | | | + | | Enter the description of the route in the text box as required. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst b/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst new file mode 100644 index 0000000..c661936 --- /dev/null +++ b/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst @@ -0,0 +1,42 @@ +:original_name: vpc_route01_0007.html + +.. _vpc_route01_0007: + +Associating a Route Table with a Subnet +======================================= + +Scenarios +--------- + +After a route table is associated with a subnet, its routes control the routing for the subnet and apply to all cloud resources in the subnet. + +Notes and Constraints +--------------------- + +A subnet can only be associated with one route table. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. In the route table list, locate the row that contains the target route table and click **Associate Subnet** in the **Operation** column. + +6. Select the subnet to be associated. + + + .. figure:: /_static/images/en-us_image_0000001540846821.png + :alt: **Figure 1** Associate Subnet + + **Figure 1** Associate Subnet + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst new file mode 100644 index 0000000..f45845b --- /dev/null +++ b/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst @@ -0,0 +1,33 @@ +:original_name: vpc_route01_0008.html + +.. _vpc_route01_0008: + +Changing the Route Table Associated with a Subnet +================================================= + +Scenarios +--------- + +You can change the route table for a subnet. If the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Click the name of the target route table. + +6. On the **Associated Subnets** tab page, click **Change Route Table** in the **Operation** column and select a new route table as prompted. + +7. Click **OK**. + + After the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/configuring_an_snat_server.rst b/umn/source/route_tables/configuring_an_snat_server.rst new file mode 100644 index 0000000..0426160 --- /dev/null +++ b/umn/source/route_tables/configuring_an_snat_server.rst @@ -0,0 +1,137 @@ +:original_name: vpc_route_0004.html + +.. _vpc_route_0004: + +Configuring an SNAT Server +========================== + +Scenarios +--------- + +Together with VPC route tables, you can configure SNAT on an ECS to enable other ECSs that have no EIPs bound in the same VPC to access the Internet through this ECS. + +The configured SNAT takes effect for all subnets in a VPC. + +Prerequisites +------------- + +- You have an ECS where SNAT is to be configured. +- The ECS where SNAT is to be configured runs Linux. +- The ECS where SNAT is to be configured has only one network interface card (NIC). + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. In the upper left corner of the page, click |image2|. In the service list, choose **Computing** > **Elastic Cloud Server**. + +#. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. + +#. On the displayed ECS details page, click the **NICs** tab. + +#. In the displayed area showing the NIC IP address details, disable **Source/Destination Check**. + + This prevents packet spoofing and improves system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. To change this behavior, you can disable the source/destination check for SNAT servers. + +#. Bind an EIP. + + - Bind an EIP to the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. + - Bind an EIP to the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. + +#. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. + +#. Run the following command and enter the password of user **root** to switch to user **root**: + + **su - root** + +#. Run the following command to check whether the ECS can successfully connect to the Internet: + + .. note:: + + Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and configure security group rules. + + **ping www.google.com** + + The ECS can access the Internet if the following information is displayed: + + .. code-block:: console + + [root@localhost ~]# ping www.google.com + PING www.XXX.com (xxx.xxx.xxx.xxx) 56(84) bytes of data. + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms + +#. Run the following command to check whether IP forwarding of the Linux OS is enabled: + + **cat /proc/sys/net/ipv4/ip_forward** + + In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. + + - If IP forwarding in Linux is enabled, go to step :ref:`14 `. + - If IP forwarding in Linux is disabled, go to :ref:`12 ` to enable IP forwarding in Linux. + + Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. + +#. .. _vpc_route_0004__en-us_topic_0212076959_li3948189019612: + + Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. + +#. Run the following command to make the change take effect: + + **sysctl -p /etc/sysctl.conf** + +#. .. _vpc_route_0004__en-us_topic_0212076959_li2168883919851: + + Configure the SNAT function. + + Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: + + **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** + + + .. figure:: /_static/images/en-us_image_0214585308.png + :alt: **Figure 1** Configuring SNAT + + **Figure 1** Configuring SNAT + + .. note:: + + To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. + + a. Switch to the **/etc/sysctl.conf** file: + + **vi /etc/rc.local** + + b. Perform :ref:`14 ` to configure SNAT. + + c. Save the configuration and exit: + + **:wq** + + d. Add the execution permissions for the **rc.local** file: + + **# chmod +x /etc/rc.local** + +#. Check whether the configuration is successful. If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the configuration was successful. + + **iptables -t nat --list** + + .. _vpc_route_0004__en-us_topic_0212076959_fig8358771201535: + + .. figure:: /_static/images/en-us_image_0214585309.png + :alt: **Figure 2** Verifying configuration + + **Figure 2** Verifying configuration + +#. Add a route. For details, see section :ref:`Adding a Custom Route `. + + Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. + +After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001490118666.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst b/umn/source/route_tables/creating_a_custom_route_table.rst similarity index 83% rename from umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst rename to umn/source/route_tables/creating_a_custom_route_table.rst index d00d9ec..2c6970b 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst +++ b/umn/source/route_tables/creating_a_custom_route_table.rst @@ -1,6 +1,6 @@ -:original_name: vpc_route_0005.html +:original_name: vpc_route01_0005.html -.. _vpc_route_0005: +.. _vpc_route01_0005: Creating a Custom Route Table ============================= @@ -8,23 +8,28 @@ Creating a Custom Route Table Scenarios --------- -You can create a custom route table if you do not want to use the default one. +If your default route table cannot meet your service requirements, you can create a custom route table by following the instructions provided in this section. + +Notes and Constraints +--------------------- + +- Each VPC can have a maximum of 10 route tables, including the default route table. Procedure --------- #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. +2. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. +5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0173155804.png + .. figure:: /_static/images/en-us_image_0214585306.png :alt: **Figure 1** Create Route Table **Figure 1** Create Route Table @@ -46,17 +51,18 @@ Procedure +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Route Settings | The route information. This parameter is optional. | ``-`` | | | | | - | | You can add a route when creating the route table or after the route table is created. For details, see :ref:`Adding a Custom Route `. | | + | | You can add a route when creating the route table or after the route table is created. For details, see :ref:`Adding a Custom Route `. | | | | | | | | You can click **+** to add more routes. | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. Click **OK**. +6. Click **OK**. A message is displayed. You can determine whether to associate the route table with subnets immediately as prompted. If you want to associate immediately, perform the following operations: - a. Click **Associate Subnet**. The **Associated Subnets** page is displayed. + a. Click **Associate Subnet**. The route table details page is displayed. b. Click **Associate Subnet** and select the target subnets to be associated. c. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/deleting_a_route.rst b/umn/source/route_tables/deleting_a_route.rst new file mode 100644 index 0000000..8bc625f --- /dev/null +++ b/umn/source/route_tables/deleting_a_route.rst @@ -0,0 +1,47 @@ +:original_name: vpc_route01_0012.html + +.. _vpc_route01_0012: + +Deleting a Route +================ + +Scenarios +--------- + +This section describes how to delete a custom route from a route table. + +Notes and Constraints +--------------------- + +- System routes cannot be deleted. + +- The routes automatically delivered by VPN or Direct Connect to the default route table cannot be deleted. The next hop types of such routes are: + + - VPN connection + - Direct Connect gateway + + The following figure shows a route with **VPN gateway** as **Next Hop Type**. If you want to delete such a route, click the next hop hyperlink to delete the corresponding resource. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Locate the target route table and click its name. + + The route table details page is displayed. + +6. In the route list, locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +7. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/deleting_a_route_table.rst b/umn/source/route_tables/deleting_a_route_table.rst new file mode 100644 index 0000000..54060dc --- /dev/null +++ b/umn/source/route_tables/deleting_a_route_table.rst @@ -0,0 +1,40 @@ +:original_name: vpc_route01_0010.html + +.. _vpc_route01_0010: + +Deleting a Route Table +====================== + +Scenarios +--------- + +This section describes how to delete a custom route table. + +Notes and Constraints +--------------------- + +- The default route table cannot be deleted. + +- A custom route table with a subnet associated cannot be deleted directly. + + If you want to delete such a route table, you can associate the subnet with another route table first by referring to :ref:`Changing the Route Table Associated with a Subnet `. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +#. Locate the row that contains the route table you want to delete and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst b/umn/source/route_tables/exporting_route_table_information.rst similarity index 55% rename from umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst rename to umn/source/route_tables/exporting_route_table_information.rst index 6e7a7c2..e24001f 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst +++ b/umn/source/route_tables/exporting_route_table_information.rst @@ -1,6 +1,6 @@ -:original_name: vpc_route_0014.html +:original_name: vpc_route01_0014.html -.. _vpc_route_0014: +.. _vpc_route01_0014: Exporting Route Table Information ================================= @@ -15,15 +15,16 @@ Procedure #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. +2. Click |image1| in the upper left corner and select the desired region and project. -#. Under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. On the displayed page, click |image2| in the upper right of the route table list. +5. On the displayed page, click |image3| in the upper right of the route table list. The system will automatically export information about all route tables under your account in the current region as an Excel file to a local directory. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0185346582.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0214585307.png diff --git a/umn/source/route_tables/index.rst b/umn/source/route_tables/index.rst new file mode 100644 index 0000000..9fdae4f --- /dev/null +++ b/umn/source/route_tables/index.rst @@ -0,0 +1,38 @@ +:original_name: vpc_route01_0000.html + +.. _vpc_route01_0000: + +Route Tables +============ + +- :ref:`Route Table Overview ` +- :ref:`Creating a Custom Route Table ` +- :ref:`Associating a Route Table with a Subnet ` +- :ref:`Changing the Route Table Associated with a Subnet ` +- :ref:`Viewing the Route Table Associated with a Subnet ` +- :ref:`Viewing Route Table Information ` +- :ref:`Exporting Route Table Information ` +- :ref:`Deleting a Route Table ` +- :ref:`Adding a Custom Route ` +- :ref:`Modifying a Route ` +- :ref:`Replicating a Route ` +- :ref:`Deleting a Route ` +- :ref:`Configuring an SNAT Server ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + route_table_overview + creating_a_custom_route_table + associating_a_route_table_with_a_subnet + changing_the_route_table_associated_with_a_subnet + viewing_the_route_table_associated_with_a_subnet + viewing_route_table_information + exporting_route_table_information + deleting_a_route_table + adding_a_custom_route + modifying_a_route + replicating_a_route + deleting_a_route + configuring_an_snat_server diff --git a/umn/source/route_tables/modifying_a_route.rst b/umn/source/route_tables/modifying_a_route.rst new file mode 100644 index 0000000..2162ac2 --- /dev/null +++ b/umn/source/route_tables/modifying_a_route.rst @@ -0,0 +1,62 @@ +:original_name: vpc_route01_0011.html + +.. _vpc_route01_0011: + +Modifying a Route +================= + +Scenarios +--------- + +This section describes how to modify a custom route in a route table. + +Notes and Constraints +--------------------- + +- System routes cannot be modified. +- When you create a VPC endpoint, VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. +5. In the route table list, click the name of the target route table. +6. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. +7. Modify the route information in the displayed dialog box. + + .. table:: **Table 1** Parameter descriptions + + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Parameter | Description | Example Value | + +=======================+======================================================================================================================================================================+========================+ + | Destination | Mandatory | IPv4: 192.168.0.0/16 | + | | | | + | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | + | | | | + | | The destination of each route in a route table must be unique. The destination cannot overlap with any subnet in the VPC. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Mandatory | VPC peering connection | + | | | | + | | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | | + | | | | + | | .. note:: | | + | | | | + | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop | Mandatory | peer-AB | + | | | | + | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Description | Optional | ``-`` | + | | | | + | | Enter the description of the route in the text box as required. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +8. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/replicating_a_route.rst b/umn/source/route_tables/replicating_a_route.rst new file mode 100644 index 0000000..ac3643c --- /dev/null +++ b/umn/source/route_tables/replicating_a_route.rst @@ -0,0 +1,70 @@ +:original_name: vpc_route01_0013.html + +.. _vpc_route01_0013: + +Replicating a Route +=================== + +Scenarios +--------- + +This section describes how to replicate routes among all route tables of a VPC. VPC route tables include the default and custom route tables. + +Notes and Constraints +--------------------- + +:ref:`Table 1 ` shows whether routes of different types can be replicated to default or custom route tables. + +For example, if the next hop type of a route is a server, this route can be replicated to both default or custom route tables. If the next hop type of a route is a Direct Connect gateway, the route cannot be replicated to the default route table, but can be replicated to a custom route table. + +.. _vpc_route01_0013__route_0001_table1727714140542: + +.. table:: **Table 1** Route replication + + +------------------------+------------------------------------------+-----------------------------------------+ + | Next Hop Type | Can Be Replicated to Default Route Table | Can Be Replicated to Custom Route Table | + +========================+==========================================+=========================================+ + | Local | No | No | + +------------------------+------------------------------------------+-----------------------------------------+ + | Server | Yes | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | Extension NIC | Yes | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | VPN connection | No | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | Direct Connect gateway | No | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | NAT gateway | Yes | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | VPC peering connection | Yes | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + | Virtual IP address | Yes | Yes | + +------------------------+------------------------------------------+-----------------------------------------+ + +.. note:: + + - Black hole routes cannot be replicated. + - If the Direct Connect service is enabled in the self-service mode, the routes delivered to the default route table can be replicated to a custom route table. + - If the Direct Connect service is enabled by call or email, the routes delivered to the default route table cannot be replicated to a custom route table. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +#. In the route table list, locate the row that contains the route table you want to replicate routes from and click **Replicate Route** in the **Operation** column. + +#. Select the target route table that you want to replicate route to and the routes to be replicated as prompted. + + The listed routes are those that do not exist in the target route table. You can select one or more routes to replicate to the target route table. + +#. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/route_table_overview.rst b/umn/source/route_tables/route_table_overview.rst new file mode 100644 index 0000000..6bcad36 --- /dev/null +++ b/umn/source/route_tables/route_table_overview.rst @@ -0,0 +1,99 @@ +:original_name: vpc_route01_0001.html + +.. _vpc_route01_0001: + +Route Table Overview +==================== + +Route Table +----------- + +A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. + +Default Route Table and Custom Route Table +------------------------------------------ + +When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. + +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPC endpoint, VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. + +If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. You can delete the custom route table if it is no longer required. + +.. note:: + + The custom route table associated with a subnet affects only the outbound traffic. The default route table determines the inbound traffic. + +Route +----- + +A route is configured with the destination, next hop type, and next hop to determine where network traffic is directed. Routes are classified into system routes and custom routes. + +- System routes: These routes are automatically added by the system and cannot be modified or deleted. + + After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other. + + - Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20. + - Routes whose destination is a subnet CIDR block. + + .. note:: + + In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address. + +- Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. + + You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + + You cannot add two routes with the same destination to a VPC route table even if their next hop types are different, because the destination determines the route priority. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. + + .. _vpc_route01_0001__table1727714140542: + + .. table:: **Table 1** Next hop type + + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Description | Supported Route Table | + +==========================+==============================================================================================================================================================+========================+ + | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + + .. note:: + + If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered. + + For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN connection or Direct Connect gateway, you need to specify the remote subnet, that is, the destination of a route. In this case, the system delivers this system route. Do not modify the route destination on the **Route Tables** page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly. + +Custom Route Table Configuration Process +---------------------------------------- + +:ref:`Figure 1 ` shows the process of creating and configuring a custom route table. + +.. _vpc_route01_0001__en-us_topic_0212076956_fig16862186152219: + +.. figure:: /_static/images/en-us_image_0214585341.png + :alt: **Figure 1** Route table configuration process + + **Figure 1** Route table configuration process + +#. For details about how to create a custom route table, see :ref:`Creating a Custom Route Table `. +#. For details about how to add a custom route, see :ref:`Adding a Custom Route `. +#. For details about how to associate a subnet with a route table, see :ref:`Associating a Route Table with a Subnet `. After the association, the routes in the route table control the routing for the subnet. diff --git a/umn/source/route_tables/viewing_route_table_information.rst b/umn/source/route_tables/viewing_route_table_information.rst new file mode 100644 index 0000000..a44e820 --- /dev/null +++ b/umn/source/route_tables/viewing_route_table_information.rst @@ -0,0 +1,36 @@ +:original_name: vpc_route01_0009.html + +.. _vpc_route01_0009: + +Viewing Route Table Information +=============================== + +Scenarios +--------- + +This section describes how to view detailed information about a route table, including: + +- Basic information, such as name, type (default or custom), and ID of the route table +- Routes, such as destination, next hop, and route type (system or custom) +- Associated subnets + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Click the name of the target route table. + + The route table details page is displayed. + + a. On the **Summary** tab page, view the basic information and routes of the route table. + b. On the **Associated Subnets** tab page, view the subnets associated with the route table. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst new file mode 100644 index 0000000..b8ceb6a --- /dev/null +++ b/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst @@ -0,0 +1,37 @@ +:original_name: vpc_route01_0015.html + +.. _vpc_route01_0015: + +Viewing the Route Table Associated with a Subnet +================================================ + +Scenarios +--------- + +This section describes how to view the route table associated with a subnet. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +5. Locate the target subnet and click its name. + + The subnet details page is displayed. + +6. In the right of the subnet details page, view the route table associated with the subnet. + +7. Click the name of the route table. + + The route table details page is displayed. You can further view the route information. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst b/umn/source/security/differences_between_security_groups_and_firewalls.rst similarity index 93% rename from umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst rename to umn/source/security/differences_between_security_groups_and_firewalls.rst index 3e5854c..27ea951 100644 --- a/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/security/differences_between_security_groups_and_firewalls.rst @@ -8,20 +8,20 @@ Differences Between Security Groups and Firewalls You can configure security groups and firewall to increase the security of ECSs in your VPC. - Security groups operate at the ECS level. -- Firewalls operate at the subnet level. +- firewalls protect associated subnets and all the resources in the subnets. -For details, see :ref:`Figure 1 `. +For details, see :ref:`Figure 1 `. -.. _en-us_topic_0052003963__en-us_topic_0118534001_fig9582182315479: +.. _en-us_topic_0052003963__fig9582182315479: .. figure:: /_static/images/en-us_image_0148244691.png :alt: **Figure 1** Security groups and firewalls **Figure 1** Security groups and firewalls -:ref:`Table 1 ` describes the differences between security groups and firewalls. +:ref:`Table 1 ` describes the differences between security groups and firewalls. -.. _en-us_topic_0052003963__en-us_topic_0118534001_table53053071174845: +.. _en-us_topic_0052003963__table53053071174845: .. table:: **Table 1** Differences between security groups and firewalls @@ -30,7 +30,7 @@ For details, see :ref:`Figure 1 **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. @@ -29,7 +29,7 @@ Procedure - Locate the row that contains the firewall rule and click **Replicate** in the **Operation** column to replicate an existing rule. - .. figure:: /_static/images/en-us_image_0152238989.png + .. figure:: /_static/images/en-us_image_0274115599.png :alt: **Figure 1** Add Inbound Rule **Figure 1** Add Inbound Rule @@ -39,19 +39,23 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Parameter | Description | Example Value | +========================+================================================================================================================================================================================================================================================================+=======================+ + | Priority | Priority of firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -59,13 +63,13 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -79,3 +83,4 @@ Procedure 7. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/associating_subnets_with_a_firewall.rst b/umn/source/security/firewall/associating_subnets_with_a_firewall.rst similarity index 51% rename from umn/source/operation_guide_new_console_edition/security/firewall/associating_subnets_with_a_firewall.rst rename to umn/source/security/firewall/associating_subnets_with_a_firewall.rst index 38d6f78..eb4a1e2 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/associating_subnets_with_a_firewall.rst +++ b/umn/source/security/firewall/associating_subnets_with_a_firewall.rst @@ -8,7 +8,7 @@ Associating Subnets with a Firewall Scenarios --------- -On the page showing firewall details, associate desired subnets with a firewall. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic. +On the page showing firewall details, you can associate desired subnets with a firewall. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic. Procedure --------- @@ -16,8 +16,8 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Associated Subnets** tab. 7. On the **Associated Subnets** page, click **Associate**. @@ -25,6 +25,7 @@ Procedure .. note:: - Subnets that have already been associated with firewalls will not be displayed on the page for you to select. One-click subnet association and disassociation are not currently supported. Furthermore, a subnet can only be associated with one firewall. If you want to reassociate a subnet that has already been associated with another firewall, you must first disassociate the subnet from the original firewall. + Subnets with firewalls associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst b/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst similarity index 86% rename from umn/source/operation_guide_new_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst rename to umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst index 92047c9..4708ccf 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/changing_the_sequence_of_a_firewall_rule.rst +++ b/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst @@ -19,9 +19,9 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. @@ -32,3 +32,4 @@ Procedure The rule is inserted. The procedure for inserting an outbound rule is the same as that for inserting an inbound rule. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/creating_a_firewall.rst b/umn/source/security/firewall/creating_a_firewall.rst similarity index 81% rename from umn/source/operation_guide_new_console_edition/security/firewall/creating_a_firewall.rst rename to umn/source/security/firewall/creating_a_firewall.rst index 65157f2..e339786 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/creating_a_firewall.rst +++ b/umn/source/security/firewall/creating_a_firewall.rst @@ -8,7 +8,7 @@ Creating a Firewall Scenarios --------- -You can create a custom firewall, but any newly created firewall will be disabled by default. It will not have any inbound or outbound rules, or have any subnets associated. Each user can create up to 200 firewalls by default. +You can create a custom firewall. By default, a newly created firewall is disabled and has no inbound or outbound rules, or any subnets associated. Each user can create up to 200 firewalls by default. Procedure --------- @@ -17,13 +17,13 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. -5. In the right pane displayed, click **Create firewall**. +5. In the right pane displayed, click **Create Firewall**. -6. In the displayed dialog box, enter firewall information as prompted. :ref:`Table 1 ` lists the parameters to be configured. +6. On the **Create Firewall** page, configure parameters as prompted. .. figure:: /_static/images/en-us_image_0129304042.png @@ -31,8 +31,6 @@ Procedure **Figure 1** Create Firewall - .. _en-us_topic_0051746698__en-us_topic_0118499011_table145313414319: - .. table:: **Table 1** Parameter descriptions +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ @@ -50,3 +48,4 @@ Procedure 7. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall.rst b/umn/source/security/firewall/deleting_a_firewall.rst similarity index 54% rename from umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall.rst rename to umn/source/security/firewall/deleting_a_firewall.rst index f118b0b..83438d3 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall.rst +++ b/umn/source/security/firewall/deleting_a_firewall.rst @@ -16,13 +16,14 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the target firewall in the right pane, click **More** in the **Operation** column, and click **Delete**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. +5. Locate the firewall in the right pane, click **More** in the **Operation** column, and click **Delete**. 6. Click **Yes**. .. note:: - After a firewall is deleted, associated subnets are disassociated and added rules are deleted from the firewall. + Deleting a firewall will also disassociate its associated subnets and delete the firewall rules. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall_rule.rst b/umn/source/security/firewall/deleting_a_firewall_rule.rst similarity index 80% rename from umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall_rule.rst rename to umn/source/security/firewall/deleting_a_firewall_rule.rst index 1c0160b..618b29e 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/deleting_a_firewall_rule.rst +++ b/umn/source/security/firewall/deleting_a_firewall_rule.rst @@ -16,14 +16,15 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Delete** in the **Operation** column. 7. Click **Yes** in the displayed dialog box. -**Deleting multiple Firewall rules at a time** +**Deleting Multiple Firewall Rules at a Time** You can also select multiple firewall rules and click **Delete** above the firewall rule list to delete multiple rules at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst b/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst similarity index 79% rename from umn/source/operation_guide_new_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst rename to umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst index b92a28c..848807e 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/disassociating_a_subnet_from_a_firewall.rst +++ b/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst @@ -16,8 +16,8 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Associated Subnets** tab. 7. On the **Associated Subnets** page, locate the row that contains the target subnet and click **Disassociate** in the **Operation** column. @@ -25,6 +25,7 @@ Procedure **Disassociating subnets from a firewall** -Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the current firewall at a time. +Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from a firewall at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst b/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst similarity index 56% rename from umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst rename to umn/source/security/firewall/enabling_or_disabling_a_firewall.rst index 5d475da..e2fa5ca 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall.rst +++ b/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst @@ -10,7 +10,7 @@ Scenarios After a firewall is created, you may need to enable it based on network security requirements. You can also disable an enabled firewall if need. Before enabling a firewall, ensure that subnets have been associated with the firewall and that inbound and outbound rules have been added to the firewall. -When a firewall is disabled, custom rules will become invalid. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules `. +When a firewall is disabled, custom rules will become invalid while default rules still take effect. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules `. Procedure --------- @@ -18,9 +18,10 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. -5. Locate the row that contains the target firewall in the right pane, click **More** in the **Operation** column, and click **Enable** or **Disable**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. +5. Locate the row that contains the firewall in the right pane, click **More** in the **Operation** column, and click **Enable** or **Disable**. 6. Click **Yes** in the displayed dialog box. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst b/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst similarity index 84% rename from umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst rename to umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst index 65cb052..1684a77 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/enabling_or_disabling_a_firewall_rule.rst +++ b/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst @@ -17,9 +17,9 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. @@ -30,3 +30,4 @@ Procedure The rule is enabled or disabled. The procedure for enabling or disabling an outbound rule is the same as that for enabling or disabling an inbound rule. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst b/umn/source/security/firewall/firewall_configuration_examples.rst similarity index 86% rename from umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst rename to umn/source/security/firewall/firewall_configuration_examples.rst index a7c5a84..5a976f7 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst +++ b/umn/source/security/firewall/firewall_configuration_examples.rst @@ -7,10 +7,10 @@ Firewall Configuration Examples This section provides examples for configuring firewalls. -- :ref:`Denying Access from a Specific Port ` -- :ref:`Allowing Access from Specific Ports and Protocols ` +- :ref:`Denying Access from a Specific Port ` +- :ref:`Allowing Access from Specific Ports and Protocols ` -.. _acl_0002__en-us_topic_0144643911_section11312173319432: +.. _acl_0002__section11312173319432: Denying Access from a Specific Port ----------------------------------- @@ -19,9 +19,9 @@ You might want to block TCP 445 to protect against the WannaCry ransomware attac Firewall Configuration -:ref:`Table 1 ` lists the inbound rule required. +:ref:`Table 1 ` lists the inbound rule required. -.. _acl_0002__en-us_topic_0144643911_table553618145582: +.. _acl_0002__table553618145582: .. table:: **Table 1** firewall rules @@ -38,18 +38,18 @@ Firewall Configuration - By default, a firewall denies all inbound traffic. You need to allow all inbound traffic if necessary. - If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see :ref:`Changing the Sequence of a Firewall Rule `. -.. _acl_0002__en-us_topic_0144643911_section61291659102216: +.. _acl_0002__section61291659102216: Allowing Access from Specific Ports and Protocols ------------------------------------------------- -In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic regardless of the port. You need to configure both the firewall rules and security group rules to allow the traffic. +In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic. You need to configure both the firewall rules and security group rules to allow the traffic. Firewall Configuration -:ref:`Table 2 ` lists the inbound rule required. +:ref:`Table 2 ` lists the inbound rule required. -.. _acl_0002__en-us_topic_0144643911_table195634095313: +.. _acl_0002__table195634095313: .. table:: **Table 2** firewall rules @@ -65,9 +65,9 @@ Firewall Configuration **Security group configuration** -:ref:`Table 3 ` lists the inbound and outbound security group rules required. +:ref:`Table 3 ` lists the inbound and outbound security group rules required. -.. _acl_0002__en-us_topic_0144643911_table30323767195135: +.. _acl_0002__table30323767195135: .. table:: **Table 3** Security group rules diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_overview.rst b/umn/source/security/firewall/firewall_overview.rst similarity index 83% rename from umn/source/operation_guide_new_console_edition/security/firewall/firewall_overview.rst rename to umn/source/security/firewall/firewall_overview.rst index 97a1208..de893bb 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_overview.rst +++ b/umn/source/security/firewall/firewall_overview.rst @@ -7,9 +7,9 @@ Firewall Overview A firewall is an optional layer of security for your subnets. After you associate one or more subnets with a firewall, you can control traffic in and out of the subnets. -:ref:`Figure 1 ` shows how a firewall works. +:ref:`Figure 1 ` shows how a firewall works. -.. _acl_0001__en-us_topic_0144643910_fig9582182315479: +.. _acl_0001__fig9582182315479: .. figure:: /_static/images/en-us_image_0148244691.png :alt: **Figure 1** Security groups and firewalls @@ -27,14 +27,14 @@ Firewall Basics - You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. - Each newly created firewall is in the **Inactive** state until you associate subnets with it. -.. _acl_0001__en-us_topic_0144643910_section99541345213: +.. _acl_0001__section99541345213: Default Firewall Rules ---------------------- By default, each firewall has preset rules that allow the following packets: -- Packets whose source and destination are in the same subnet +- Packets whose source and destination are in the same subnet. - Broadcast packets with the destination 255.255.255.255/32, which is used to configure host startup information. @@ -44,9 +44,9 @@ By default, each firewall has preset rules that allow the following packets: - Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16) -- A firewall denies all traffic in and out of a subnet excepting the preceding ones. :ref:`Table 1 ` shows the default firewall rules. You cannot modify or delete the default rules. +- A firewall denies all traffic in and out of a subnet excepting the preceding packets. :ref:`Table 1 ` shows the default rules. You cannot modify or delete the default rules. - .. _acl_0001__en-us_topic_0144643910_table1034601475112: + .. _acl_0001__table1034601475112: .. table:: **Table 1** Default firewall rules @@ -86,9 +86,9 @@ Application Scenarios Configuration Procedure ----------------------- -:ref:`Figure 2 ` shows the procedure for configuring a firewall. +:ref:`Figure 2 ` shows the procedure for configuring a firewall. -.. _acl_0001__en-us_topic_0144643910_fig1643183218163: +.. _acl_0001__fig1643183218163: .. figure:: /_static/images/en-us_image_0162335382.png :alt: **Figure 2** firewall configuration procedure @@ -98,3 +98,11 @@ Configuration Procedure #. Create a firewall by following the steps described in :ref:`Creating a Firewall `. #. Add firewall rules by following the steps described in :ref:`Adding a Firewall Rule `. #. Associate subnets with the firewall by following the steps described in :ref:`Associating Subnets with a Firewall `. After subnets are associated with the firewall, the subnets will be protected by the configured firewall rules. + +Notes and Constraints +--------------------- + +- By default, you can create a maximum of 200 firewalls in your cloud account. +- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. +- For optimal performance, import no more than 40 firewall rules at a time. Existing rules will still be available after new rules are imported. Each rule can be imported only once. diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/index.rst b/umn/source/security/firewall/index.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/security/firewall/index.rst rename to umn/source/security/firewall/index.rst diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall.rst b/umn/source/security/firewall/modifying_a_firewall.rst similarity index 66% rename from umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall.rst rename to umn/source/security/firewall/modifying_a_firewall.rst index 8bc1c7d..8e8dfc7 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall.rst +++ b/umn/source/security/firewall/modifying_a_firewall.rst @@ -16,14 +16,15 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click |image2| on the right of **Name** and edit the firewall name. +6. On the displayed page, click |image3| on the right of **Name** and edit the firewall name. 7. Click Y to save the new firewall name. -8. Click |image3| on the right of Description and edit the firewall description. +8. Click |image4| on the right of Description and edit the firewall description. 9. Click Y to save the new firewall description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0142359884.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png .. |image3| image:: /_static/images/en-us_image_0142359884.png +.. |image4| image:: /_static/images/en-us_image_0142359884.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst b/umn/source/security/firewall/modifying_a_firewall_rule.rst similarity index 81% rename from umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst rename to umn/source/security/firewall/modifying_a_firewall_rule.rst index ca2b752..a4caeba 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/security/firewall/modifying_a_firewall_rule.rst @@ -17,13 +17,13 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Modify** in the **Operation** column. In the displayed dialog box, configure parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Modify** in the **Operation** column. In the displayed dialog box, configure parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0285048674.png @@ -31,26 +31,30 @@ Procedure **Figure 1** Modify Rule - .. _vpc_acl_0005__en-us_topic_0118498887_table59686157164549: + .. _vpc_acl_0005__table59686157164549: .. table:: **Table 1** Parameter descriptions +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Parameter | Description | Example Value | +========================+================================================================================================================================================================================================================================================================+=======================+ + | Priority | Priority of firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -58,13 +62,13 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -78,3 +82,4 @@ Procedure 7. Click **Confirm**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/viewing_a_firewall.rst b/umn/source/security/firewall/viewing_a_firewall.rst similarity index 80% rename from umn/source/operation_guide_new_console_edition/security/firewall/viewing_a_firewall.rst rename to umn/source/security/firewall/viewing_a_firewall.rst index 1fdc2c4..238258b 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/viewing_a_firewall.rst +++ b/umn/source/security/firewall/viewing_a_firewall.rst @@ -16,9 +16,10 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **firewalls**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/index.rst b/umn/source/security/index.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/security/index.rst rename to umn/source/security/index.rst index 3b3fdc2..43617e9 100644 --- a/umn/source/operation_guide_new_console_edition/security/index.rst +++ b/umn/source/security/index.rst @@ -5,14 +5,14 @@ Security ======== +- :ref:`Differences Between Security Groups and Firewalls ` - :ref:`Security Group ` - :ref:`Firewall ` -- :ref:`Differences Between Security Groups and Firewalls ` .. toctree:: :maxdepth: 1 :hidden: + differences_between_security_groups_and_firewalls security_group/index firewall/index - differences_between_security_groups_and_firewalls diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst b/umn/source/security/security_group/adding_a_security_group_rule.rst similarity index 62% rename from umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst rename to umn/source/security/security_group/adding_a_security_group_rule.rst index a745a48..4ab1dd9 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst +++ b/umn/source/security/security_group/adding_a_security_group_rule.rst @@ -24,7 +24,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -42,26 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,25 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst new file mode 100644 index 0000000..5516826 --- /dev/null +++ b/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst @@ -0,0 +1,52 @@ +:original_name: SecurityGroup_0017.html + +.. _SecurityGroup_0017: + +Adding Instances to and Removing Them from a Security Group +=========================================================== + +Scenarios +--------- + +After a security group is created, you can add instances to the security group to protect the instances. You can also remove them from the security group as required. + +You can add multiple instances to or remove them from a security group. + +Adding Instances to a Security Group +------------------------------------ + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, click **Add** and add one or more servers to the current security group. +#. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. +#. Click **OK**. + +Removing Instances from a Security Group +---------------------------------------- + +#. Log in to the management console. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. +#. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. +#. Click **Yes**. + +**Removing multiple instances from a security group** + +- Select multiple servers and click **Remove** above the server list to remove the selected servers from the current security group all at once. +- Select multiple extension NICs and click **Remove** above the extension NIC list to remove the selected extension NICs from the current security group all at once. + +Follow-Up Operations +-------------------- + +You can delete the security groups that you no longer need. Deleting a security group will also delete all security group rules in the security group. For details, see :ref:`Deleting a Security Group `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/changing_the_security_group_of_an_ecs.rst b/umn/source/security/security_group/changing_the_security_group_of_an_ecs.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/security/security_group/changing_the_security_group_of_an_ecs.rst rename to umn/source/security/security_group/changing_the_security_group_of_an_ecs.rst diff --git a/umn/source/security/security_group/cloning_a_security_group.rst b/umn/source/security/security_group/cloning_a_security_group.rst new file mode 100644 index 0000000..66695e7 --- /dev/null +++ b/umn/source/security/security_group/cloning_a_security_group.rst @@ -0,0 +1,51 @@ +:original_name: vpc_SecurityGroup_0009.html + +.. _vpc_SecurityGroup_0009: + +Cloning a Security Group +======================== + +Scenarios +--------- + +You can clone a security group from one region to another to quickly apply the security group rules to ECSs in another region. + +You can clone a security group in the following scenarios: + +- For example, you have security group **sg-A** in region A. If ECSs in region B require the same security group rules as those configured for security group **sg-A**, you can clone security group **sg-A** to region B, freeing you from creating a new security group in region B. +- If you need new security group rules, you can clone the original security group as a backup. + + .. note:: + + Security group cloning is not supported now. + +Notes and Constraints +--------------------- + +If you clone security group across regions, the system will clone only rules whose source and destination are CIDR blocks or are in the current security group. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + +#. On the **Security Groups** page, locate the row that contains the target security group and choose **More** > **Clone** in the **Operation** column. + +#. Set required parameters as prompted. + + + .. figure:: /_static/images/en-us_image_0000001602035305.png + :alt: **Figure 1** Clone Security Group + + **Figure 1** Clone Security Group + +#. Click **OK**. You can then switch to the required region to view the cloned security group in the security group list. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/creating_a_security_group.rst b/umn/source/security/security_group/creating_a_security_group.rst new file mode 100644 index 0000000..b415adf --- /dev/null +++ b/umn/source/security/security_group/creating_a_security_group.rst @@ -0,0 +1,73 @@ +:original_name: en-us_topic_0013748715.html + +.. _en-us_topic_0013748715: + +Creating a Security Group +========================= + +Scenarios +--------- + +You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. + +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. + +You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + +#. On the **Security Groups** page, click **Create Security Group**. + +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. + + + .. figure:: /_static/images/en-us_image_0000001197426329.png + :alt: **Figure 1** Create Security Group + + **Figure 1** Create Security Group + + .. _en-us_topic_0013748715__table65377617111335: + + .. table:: **Table 1** Parameter description + + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================+============================+ + | Name | The security group name. This parameter is mandatory. | sg-318b | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server | + | | | | + | | - **Custom**: This template allows you to create security groups with custom security group rules. | | + | | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | + | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Supplementary information about the security group. This parameter is optional. | N/A | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + +#. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst b/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst similarity index 68% rename from umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst rename to umn/source/security/security_group/default_security_groups_and_security_group_rules.rst index 274b19c..3d7394c 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst +++ b/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst @@ -5,20 +5,25 @@ Default Security Groups and Security Group Rules ================================================ -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. +The system creates a default security group for each account. By default, the default security group rules: -:ref:`Figure 1 ` shows the default security group rules. The following uses access between ECSs as an example. +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. -.. _securitygroup_0003__en-us_topic_0118534003_fig997718156161: .. figure:: /_static/images/en-us_image_0000001230120807.png :alt: **Figure 1** Default security group **Figure 1** Default security group -:ref:`Table 1 ` describes the default rules for the default security group. +.. note:: -.. _securitygroup_0003__en-us_topic_0118534003_table493045171919: + - You cannot delete the default security group, but you can modify the rules for the default security group. + - If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs. + +:ref:`Table 1 ` describes the default rules for the default security group. + +.. _securitygroup_0003__table493045171919: .. table:: **Table 1** Default security group rules diff --git a/umn/source/security/security_group/deleting_a_security_group.rst b/umn/source/security/security_group/deleting_a_security_group.rst new file mode 100644 index 0000000..34f080c --- /dev/null +++ b/umn/source/security/security_group/deleting_a_security_group.rst @@ -0,0 +1,48 @@ +:original_name: vpc_SecurityGroup_0008.html + +.. _vpc_SecurityGroup_0008: + +Deleting a Security Group +========================= + +Scenarios +--------- + +This section describes how to delete security groups. + +Notes and Constraints +--------------------- + +- The default security group is named **default** and cannot be deleted. + +- A security group cannot be deleted if it is being used by instances, such as cloud servers, containers, and databases. + + If you need to delete such a security group, delete the instances or change the security group used by the instance first. + +- A security group cannot be deleted if it is used as the source or destination of a rule in another security group. + + :ref:`Delete ` or :ref:`modify ` the rule and delete the security group again. + + For example, if the source of a rule in security group **sg-B** is set to **sg-A**, you need to delete or modify the rule in **sg-B** before deleting **sg-A**. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + + The security group list is displayed. + +#. Locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group_rule.rst b/umn/source/security/security_group/deleting_a_security_group_rule.rst similarity index 63% rename from umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group_rule.rst rename to umn/source/security/security_group/deleting_a_security_group_rule.rst index a0d75ec..c943cb5 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group_rule.rst +++ b/umn/source/security/security_group/deleting_a_security_group_rule.rst @@ -10,9 +10,13 @@ Scenarios If the source of an inbound security group rule or destination of an outbound security group rule needs to be changed, you need to first delete the security group rule and add a new one. -.. note:: +Notes and Constraints +--------------------- - Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. +Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows: + +- If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. +- If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. Procedure --------- @@ -20,7 +24,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. 5. On the **Security Groups** page, click the security group name. 6. If you do not need a security group rule, locate the row that contains the target rule, and click **Delete**. @@ -31,3 +35,4 @@ Procedure You can also select multiple security group rules and click **Delete** above the security group rule list to delete multiple rules at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst b/umn/source/security/security_group/fast-adding_security_group_rules.rst similarity index 50% rename from umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst rename to umn/source/security/security_group/fast-adding_security_group_rules.rst index 92e0c73..a137e4e 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst +++ b/umn/source/security/security_group/fast-adding_security_group_rules.rst @@ -1,99 +1,93 @@ -:original_name: vpc_SecurityGroup02_0005.html +:original_name: SecurityGroup_0004.html -.. _vpc_SecurityGroup02_0005: +.. _SecurityGroup_0004: -Adding a Security Group Rule -============================ +Fast-Adding Security Group Rules +================================ Scenarios --------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, to control inbound and outbound traffic. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. - -If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specified TCP port, you can add an inbound rule. - -- Inbound rules control incoming traffic to cloud resources in the security group. -- Outbound rules control outgoing traffic from cloud resources in the security group. - -For details about the default security group rules, see :ref:`Default Security Groups and Security Group Rules `. For details about security group rule configuration examples, see :ref:`Security Group Configuration Examples `. +You can add multiple security group rules with different protocols and ports at the same time. Procedure --------- #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. +2. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -#. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules. +5. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules. -#. On the **Inbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an inbound rule. - - You can click **+** to add more inbound rules. +6. On the **Inbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select the protocols and ports you wish to add all at once. - .. figure:: /_static/images/en-us_image_0284920908.png - :alt: **Figure 1** Add Inbound Rule + .. figure:: /_static/images/en-us_image_0211552164.png + :alt: **Figure 1** Fast-Add Inbound Rule - **Figure 1** Add Inbound Rule + **Figure 1** Fast-Add Inbound Rule .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. - - You can click **+** to add more outbound rules. +7. On the **Outbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select required protocols and ports to add multiple rules at a time. - .. figure:: /_static/images/en-us_image_0284993717.png - :alt: **Figure 2** Add Outbound Rule + .. figure:: /_static/images/en-us_image_0211560998.png + :alt: **Figure 2** Fast-Add Outbound Rule - **Figure 2** Add Outbound Rule + **Figure 2** Fast-Add Outbound Rule .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. Click **OK**. +8. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst similarity index 51% rename from umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst rename to umn/source/security/security_group/importing_and_exporting_security_group_rules.rst index 81d9d00..bc8fac3 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst @@ -8,69 +8,66 @@ Importing and Exporting Security Group Rules Scenarios --------- -If you want to quickly apply the rules of one security group to another, or if you want to modify multiple rules of the current security group at once, you can import or export existing rules. - -Security group rules are imported or exported to an Excel file. +- If you want to quickly create or restore security group rules, you can import existing rules to the security group. +- If you want to back up security group rules locally, you can export the rules to an Excel file. +- If you want to quickly apply the rules of one security group to another, or if you want to modify multiple rules of the current security group at once, you can import or export existing rules. Notes and Constraints --------------------- -When modifying exported security group rules, you can only modify existing fields in the exported file based on the template and cannot add new fields or modify the field names. Otherwise, the file will fail to be imported. +- When modifying exported security group rules, you can only modify existing fields in the exported file based on the template and cannot add new fields or modify the field names. Otherwise, the file will fail to be imported. +- Duplicate rules are not allowed. Procedure --------- #. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. Export and import security group rules. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. Export and import security group rules. + - Click |image3| to export all rules of the current security group to an Excel file. - - Click |image2| to export all rules of the current security group to an Excel file. + - Click |image4| to import security group rules from an Excel file into the current security group. - - Click |image3| to import security group rules from an Excel file into the current security group. + :ref:`Table 1 ` describes the parameters in the template for importing rules. - :ref:`Table 1 ` describes the parameters in the template for importing rules. - - .. _vpc_securitygroup_0007__en-us_topic_0123534210_table111445216564: + .. _vpc_securitygroup_0007__table111445216564: .. table:: **Table 1** Template parameters - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - Inbound rules control incoming traffic to cloud resources in the security group. | | - | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Last Modified | The time when the security group was modified. | ``-`` | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - Inbound rules control incoming traffic to cloud resources in the security group. | | + | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0142360062.png -.. |image3| image:: /_static/images/en-us_image_0142360094.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0142360062.png +.. |image4| image:: /_static/images/en-us_image_0142360094.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/index.rst b/umn/source/security/security_group/index.rst similarity index 95% rename from umn/source/operation_guide_new_console_edition/security/security_group/index.rst rename to umn/source/security/security_group/index.rst index 9483c13..5a4b40c 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/index.rst +++ b/umn/source/security/security_group/index.rst @@ -17,6 +17,7 @@ Security Group - :ref:`Importing and Exporting Security Group Rules ` - :ref:`Deleting a Security Group ` - :ref:`Adding Instances to and Removing Them from a Security Group ` +- :ref:`Cloning a Security Group ` - :ref:`Modifying a Security Group ` - :ref:`Viewing the Security Group of an ECS ` - :ref:`Changing the Security Group of an ECS ` @@ -37,6 +38,7 @@ Security Group importing_and_exporting_security_group_rules deleting_a_security_group adding_instances_to_and_removing_them_from_a_security_group + cloning_a_security_group modifying_a_security_group viewing_the_security_group_of_an_ecs changing_the_security_group_of_an_ecs diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group.rst b/umn/source/security/security_group/modifying_a_security_group.rst similarity index 61% rename from umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group.rst rename to umn/source/security/security_group/modifying_a_security_group.rst index db7531a..143b226 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group.rst +++ b/umn/source/security/security_group/modifying_a_security_group.rst @@ -17,7 +17,7 @@ Procedure #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, locate the target security group and choose **More** > **Modify** in the **Operation** column. #. Modify the name and description of the security group as required. @@ -26,16 +26,18 @@ Procedure **Method 2** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, click the security group name. -#. On the displayed page, click |image3| on the right of **Name** and edit the security group name. +#. On the displayed page, click |image5| on the right of **Name** and edit the security group name. #. Click **Y** to save the security group name. -#. Click |image4| on the right of **Description** and edit the security group description. +#. Click |image6| on the right of **Description** and edit the security group description. #. Click **Y** to save the security group description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0239476777.png -.. |image4| image:: /_static/images/en-us_image_0239476777.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png +.. |image5| image:: /_static/images/en-us_image_0239476777.png +.. |image6| image:: /_static/images/en-us_image_0239476777.png diff --git a/umn/source/security/security_group/modifying_a_security_group_rule.rst b/umn/source/security/security_group/modifying_a_security_group_rule.rst new file mode 100644 index 0000000..7ecafef --- /dev/null +++ b/umn/source/security/security_group/modifying_a_security_group_rule.rst @@ -0,0 +1,25 @@ +:original_name: vpc_SecurityGroup_0005.html + +.. _vpc_SecurityGroup_0005: + +Modifying a Security Group Rule +=============================== + +Scenarios +--------- + +You can modify the port, protocol, and IP address of your security group rules as required to ensure the security of your instances. + +Procedure +--------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. +#. Modify the rule and click **Confirm**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst b/umn/source/security/security_group/replicating_a_security_group_rule.rst similarity index 61% rename from umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst rename to umn/source/security/security_group/replicating_a_security_group_rule.rst index ccc7571..7dcc70d 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst +++ b/umn/source/security/security_group/replicating_a_security_group_rule.rst @@ -15,18 +15,19 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. +#. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. +#. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. You can also modify the security group rule as required to quickly generate a new rule. -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst b/umn/source/security/security_group/security_group_configuration_examples.rst similarity index 75% rename from umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst rename to umn/source/security/security_group/security_group_configuration_examples.rst index 006f6e0..628c72b 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst +++ b/umn/source/security/security_group/security_group_configuration_examples.rst @@ -7,25 +7,25 @@ Security Group Configuration Examples Common security group configurations are presented here. The examples in this section allow all outgoing data packets by default. This section will only describe how to configure inbound rules. -- .. _en-us_topic_0081124350__en-us_topic_0118534011_li2921164192410: +- .. _en-us_topic_0081124350__li2921164192410: - :ref:`Allowing External Access to a Specified Port ` + :ref:`Allowing External Access to a Specified Port ` -- :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network ` +- :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network ` -- :ref:`Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group ` +- :ref:`Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group ` -- :ref:`Remotely Connecting to Linux ECSs Using SSH ` +- :ref:`Remotely Connecting to Linux ECSs Using SSH ` -- :ref:`Remotely Connecting to Windows ECSs Using RDP ` +- :ref:`Remotely Connecting to Windows ECSs Using RDP ` -- :ref:`Enabling Communication Between ECSs ` +- :ref:`Enabling Communication Between ECSs ` -- :ref:`Hosting a Website on ECSs ` +- :ref:`Hosting a Website on ECSs ` -- :ref:`Enabling an ECS to Function as a DNS Server ` +- :ref:`Enabling an ECS to Function as a DNS Server ` -- :ref:`Uploading or Downloading Files Using FTP ` +- :ref:`Uploading or Downloading Files Using FTP ` You can use the default security group or create a security group in advance. For details, see sections :ref:`Creating a Security Group ` and :ref:`Adding a Security Group Rule `. @@ -44,7 +44,7 @@ Allowing External Access to a Specified Port Inbound TCP 1100 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section14197522283: +.. _en-us_topic_0081124350__section14197522283: Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network ----------------------------------------------------------------------------------------------------- @@ -59,13 +59,17 @@ Enabling ECSs in Different Security Groups to Communicate with Each Other Throug You can add an inbound rule to the security groups containing the ECSs to allow access from ECSs in the other security group. The required rule is as follows. - +-----------+----------------------------------------------------+--------------------+------------------------------+ - | Direction | Protocol/Application | Port | Source | - +===========+====================================================+====================+==============================+ - | Inbound | Used for communication through an internal network | Port or port range | ID of another security group | - +-----------+----------------------------------------------------+--------------------+------------------------------+ + +-----------------+--------------------------------------------------------------------------+-----------------+------------------------------------+ + | Direction | Protocol | Port | Source | + +=================+==========================================================================+=================+====================================+ + | Inbound | TCP | All | ID of another security group | + | | | | | + | | .. note:: | | Example: 014d7278-XXX-530c95350d43 | + | | | | | + | | Select a protocol used for communication through an internal network. | | | + +-----------------+--------------------------------------------------------------------------+-----------------+------------------------------------+ -.. _en-us_topic_0081124350__en-us_topic_0118534011_section17693183118306: +.. _en-us_topic_0081124350__section17693183118306: Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group --------------------------------------------------------------------------- @@ -86,7 +90,7 @@ Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group | | | | For example, 192.168.20.2/32 | +-----------------+-----------------+-----------------+-------------------------------------------------+ -.. _en-us_topic_0081124350__en-us_topic_0118534011_section115069253338: +.. _en-us_topic_0081124350__section115069253338: Remotely Connecting to Linux ECSs Using SSH ------------------------------------------- @@ -103,7 +107,7 @@ Remotely Connecting to Linux ECSs Using SSH Inbound SSH 22 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section168046312349: +.. _en-us_topic_0081124350__section168046312349: Remotely Connecting to Windows ECSs Using RDP --------------------------------------------- @@ -120,7 +124,7 @@ Remotely Connecting to Windows ECSs Using RDP Inbound RDP 3389 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section34721049193411: +.. _en-us_topic_0081124350__section34721049193411: Enabling Communication Between ECSs ----------------------------------- @@ -137,7 +141,7 @@ Enabling Communication Between ECSs Inbound ICMP All 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section1517991516357: +.. _en-us_topic_0081124350__section1517991516357: Hosting a Website on ECSs ------------------------- @@ -155,7 +159,7 @@ Hosting a Website on ECSs Inbound HTTPS 443 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section2910346123520: +.. _en-us_topic_0081124350__section2910346123520: Enabling an ECS to Function as a DNS Server ------------------------------------------- @@ -173,7 +177,7 @@ Enabling an ECS to Function as a DNS Server Inbound UDP 53 0.0.0.0/0 ========= ======== ==== ========= -.. _en-us_topic_0081124350__en-us_topic_0118534011_section5964121693610: +.. _en-us_topic_0081124350__section5964121693610: Uploading or Downloading Files Using FTP ---------------------------------------- diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst b/umn/source/security/security_group/security_group_overview.rst similarity index 57% rename from umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst rename to umn/source/security/security_group/security_group_overview.rst index 37c2b04..f470b83 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst +++ b/umn/source/security/security_group/security_group_overview.rst @@ -8,11 +8,35 @@ Security Group Overview Security Group -------------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. You can directly use the default security group. For details, see :ref:`Default Security Groups and Security Group Rules `. +Like whitelists, security group rules work as follows: -You can also create custom security groups to meet your specific service requirements. For details, see :ref:`Creating a Security Group `. +- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. + + Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied. + +- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. + + IPv4 default route: 0.0.0.0/0 + + IPv6 default route: ::/0 + +:ref:`Table 1 ` shows the inbound and outbound rules in security group sg-AB. + +.. _en-us_topic_0073379079__table102261597217: + +.. table:: **Table 1** Rules in security group sg-AB + + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Direction | Action | Protocol & Port | Source or Destination | Description | + +===========+========+=================+========================+===========================================================================================================================================+ + | Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + +The system automatically creates a default security group for each account. If the default security group does not meet your requirements, you can :ref:`modify security group rules ` or :ref:`create a custom security group `. Security Group Basics --------------------- @@ -38,14 +62,13 @@ Security Group Rules After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group. -Each security group has its default rules. For details, see :ref:`Table 1 `. You can also customize security group rules. For details, see :ref:`Adding a Security Group Rule `. +Each security group has its default rules. For details, see :ref:`Table 1 `. You can also customize security group rules. For details, see :ref:`Adding a Security Group Rule `. Security Group Constraints -------------------------- - By default, you can create a maximum of 100 security groups in your cloud account. - By default, you can add up to 50 security group rules to a security group. -- By default, you can add an ECS or an extension NIC to a maximum of five security groups. In such a case, the rules of all the selected security groups are aggregated to take effect. - When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. diff --git a/umn/source/security/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/security/security_group/viewing_the_security_group_of_an_ecs.rst new file mode 100644 index 0000000..0cc3518 --- /dev/null +++ b/umn/source/security/security_group/viewing_the_security_group_of_an_ecs.rst @@ -0,0 +1,32 @@ +:original_name: vpc_SecurityGroup_0011.html + +.. _vpc_SecurityGroup_0011: + +Viewing the Security Group of an ECS +==================================== + +Scenarios +--------- + +View inbound and outbound rules of a security group used by an ECS. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Under **Computing**, click **Elastic Cloud Server**. + + The ECS list is displayed. + +#. On the **Elastic Cloud Server** page, click the name of the target ECS. + + The page providing details about the ECS is displayed. + +#. Click the **Security Groups** tab and view information about the security group used by the ECS. + + You can view the security groups associated with the ECS and the inbound and outbound rules. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/service_overview/basic_concepts/region_and_az.rst b/umn/source/service_overview/basic_concepts/region_and_az.rst index a4c61bc..69d4688 100644 --- a/umn/source/service_overview/basic_concepts/region_and_az.rst +++ b/umn/source/service_overview/basic_concepts/region_and_az.rst @@ -13,9 +13,9 @@ A region and availability zone (AZ) identify the location of a data center. You - A region is a physical data center, which is completely isolated to improve fault tolerance and stability. The region that is selected during resource creation cannot be changed after the resource is created. - An AZ is a physical location where resources use independent power supplies and networks. A region contains one or more AZs that are physically isolated but interconnected through internal networks. Because AZs are isolated from each other, any fault that occurs in one AZ will not affect others. -:ref:`Figure 1 ` shows the relationship between regions and AZs. +:ref:`Figure 1 ` shows the relationship between regions and AZs. -.. _overview_region__en-us_topic_0171382832_en-us_topic_0184026189_fig8747114281212: +.. _overview_region__en-us_topic_0184026189_fig8747114281212: .. figure:: /_static/images/en-us_image_0184026531.png :alt: **Figure 1** Regions and AZs @@ -38,4 +38,4 @@ When deploying resources, consider your applications' requirements on disaster r Regions and Endpoints --------------------- -Before you use an API to call resources, specify its region and endpoint. For more details, see `Regions and Endpoints `__. +Before you use an API to call resources, specify its region and endpoint. For more details, see `Regions and Endpoints `__. diff --git a/umn/source/service_overview/basic_concepts/route_table.rst b/umn/source/service_overview/basic_concepts/route_table.rst index 868ee1e..e4d01a3 100644 --- a/umn/source/service_overview/basic_concepts/route_table.rst +++ b/umn/source/service_overview/basic_concepts/route_table.rst @@ -5,52 +5,30 @@ Route Table =========== -Background ----------- - -VPC has old and new console editions. You can click |image1| in the lower right corner of the console to switch between the old and new consoles. - -- On the new console, the route table module is accessible from the navigation pane on the left, as shown in :ref:`Figure 1 `. For details, see :ref:`Route Table (New Console Edition) `, :ref:`Default Route Table and Custom Route Table `, and :ref:`Route `. - - .. _en-us_topic_0038263963__en-us_topic_0118498988_fig166812264154: - - .. figure:: /_static/images/en-us_image_0000001206933138.png - :alt: **Figure 1** New console - - **Figure 1** New console - -- On the old console, the route table module is accessible from the VPC details page, as shown in :ref:`Figure 2 `. For details, see :ref:`Route Table (Old Console Edition) `. - - .. _en-us_topic_0038263963__en-us_topic_0118498988_fig1118575931512: - - .. figure:: /_static/images/en-us_image_0000001251773147.png - :alt: **Figure 2** Old console - - **Figure 2** Old console - -.. _en-us_topic_0038263963__en-us_topic_0118498988_section22531339489: - -Route Table (New Console Edition) ---------------------------------- +Route Tables +------------ A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. You can associate a subnet with only one route table at a time, but you can associate multiple subnets with the same route table. .. figure:: /_static/images/en-us_image_0000001229959315.png - :alt: **Figure 3** Route Table + :alt: **Figure 1** Route Table - **Figure 3** Route Table - -.. _en-us_topic_0038263963__en-us_topic_0118498988_section29931443171216: + **Figure 1** Route Table Default Route Table and Custom Route Table ------------------------------------------ -When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. You can add, delete, and modify routes in the default route table, but you cannot delete the route table. When you create a VPN, Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you want to modify or delete the route, you can associate your subnet with a custom route table and replicate the route to the custom route table to modify or delete it. +When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. -If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required. +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPC endpoint, VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. -.. _en-us_topic_0038263963__en-us_topic_0118498988_section16240184933120: +If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. You can delete the custom route table if it is no longer required. + +.. note:: + + The custom route table associated with a subnet affects only the outbound traffic. The default route table determines the inbound traffic. Route ----- @@ -62,7 +40,7 @@ A route is configured with the destination, next hop type, and next hop to deter After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other. - Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20. - - Routes whose destination are the IPv4 and IPv6 CIDR blocks of subnets in the VPC. + - Routes whose destination is a subnet CIDR block. .. note:: @@ -70,82 +48,42 @@ A route is configured with the destination, next hop type, and next hop to deter - Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. - You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. - .. _en-us_topic_0038263963__en-us_topic_0118498988_en-us_topic_0121831807_table1727714140542: + You cannot add two routes with the same destination to a VPC route table even if their next hop types are different. The route priority depends on the destination. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. + + .. _en-us_topic_0038263963__route_0001_table1727714140542: .. table:: **Table 1** Next hop type - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | Description | Supported Route Table | - +========================+==============================================================================================================================================================+========================+ - | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Description | Supported Route Table | + +==========================+==============================================================================================================================================================+========================+ + | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ .. note:: If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered. For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN connection or Direct Connect gateway, you need to specify the remote subnet, that is, the destination of a route. In this case, the system delivers this system route. Do not modify the route destination on the **Route Tables** page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly. - -.. _en-us_topic_0038263963__en-us_topic_0118498988_section1155203705018: - -Route Table (Old Console Edition) ---------------------------------- - -A route table contains a set of rules that determine where network traffic is directed. You can add routes to a route table to enable other ECSs in a VPC to access the Internet through the ECS that has a bound EIP. - -You can use a route table configured in standalone mode or active/standby mode. - -- :ref:`Figure 4 ` shows the route table configured in standalone mode. - - .. _en-us_topic_0038263963__en-us_topic_0118498988_fig15091812119: - - .. figure:: /_static/images/en-us_image_0209273220.png - :alt: **Figure 4** Route table configured in standalone mode - - **Figure 4** Route table configured in standalone mode - - In standalone mode, ECSs in a VPC that do not have EIPs bound access the Internet through an ECS that has an EIP bound and has the SNAT function configured. - - You can create a route table for the VPC used by ECSs that do not have EIPs bound to enable these ECSs to access the Internet. The next hop in the route table is the private IP address of the ECS that has an EIP bound (that is the private IP address of the SNAT server). - -- :ref:`Figure 5 ` shows the route table configured in active/standby mode. - - .. _en-us_topic_0038263963__en-us_topic_0118498988_fig1588016299143: - - .. figure:: /_static/images/en-us_image_0118498947.png - :alt: **Figure 5** Route table configured in active/standby mode - - **Figure 5** Route table configured in active/standby mode - - In active/standby mode, ECSs in a VPC that do not have EIPs bound access the Internet through two ECSs that have EIPs bound and have the SNAT function configured. - - In active/standby mode, you can add a route table for the VPC used by ECSs that do not have EIPs bound, to enable these ECSs to access the Internet. The next hop in the route table is the virtual IP address of the two ECSs that have EIPs bound. - -In both the standalone and active/standby modes, the ECSs that have EIPs bound must have the SNAT function. For details about the SNAT function, see :ref:`SNAT `. For details about how to configure an ECS as the SNAT server, see :ref:`Configuring an SNAT Server `. - -.. important:: - - - Before using the route table function, you need to deploy the SNAT server. For details, see section :ref:`Configuring an SNAT Server `. - - The ECS providing SNAT function can have only one NIC. - - The ECS providing SNAT function must have the source/destination check function disabled. - -.. |image1| image:: /_static/images/en-us_image_0000001207093220.png diff --git a/umn/source/service_overview/basic_concepts/security_group.rst b/umn/source/service_overview/basic_concepts/security_group.rst index cb40f2c..657250c 100644 --- a/umn/source/service_overview/basic_concepts/security_group.rst +++ b/umn/source/service_overview/basic_concepts/security_group.rst @@ -5,6 +5,30 @@ Security Group ============== -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. +Like whitelists, security group rules work as follows: + +- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. + + Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied. + +- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. + + IPv4 default route: 0.0.0.0/0 + + IPv6 default route: ::/0 + +:ref:`Table 1 ` shows the inbound and outbound rules in security group sg-AB. + +.. _vpc_concepts_0005__en-us_topic_0073379079_table102261597217: + +.. table:: **Table 1** Rules in security group sg-AB + + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Direction | Action | Protocol & Port | Source or Destination | Description | + +===========+========+=================+========================+===========================================================================================================================================+ + | Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/basic_concepts/shared_snat.rst b/umn/source/service_overview/basic_concepts/shared_snat.rst index 386076c..3821599 100644 --- a/umn/source/service_overview/basic_concepts/shared_snat.rst +++ b/umn/source/service_overview/basic_concepts/shared_snat.rst @@ -7,9 +7,9 @@ Shared SNAT The VPC service provides free SNAT function, which allows ECSs to use a limited number of public IP addresses to gain one-way access to the Internet for operations, such as updating software. However, Internet users cannot directly access the ECSs. -:ref:`Figure 1 ` shows how shared SNAT works. The SNAT device forwards traffic from ECSs to the Internet and the response traffic from the Internet to the ECSs. When forwarding ECS traffic to the Internet, the SNAT device converts the source IP addresses (ECS private IP addresses) in the data packets into the public IP addresses set on the SNAT device. When processing the response packets from the Internet to the ECSs, the SNAT device changes the public IP addresses in the response data packets to the private IP addresses of the ECSs. +:ref:`Figure 1 ` shows how shared SNAT works. The SNAT device forwards traffic from ECSs to the Internet and the response traffic from the Internet to the ECSs. When forwarding ECS traffic to the Internet, the SNAT device converts the source IP addresses (ECS private IP addresses) in the data packets into the public IP addresses set on the SNAT device. When processing the response packets from the Internet to the ECSs, the SNAT device changes the public IP addresses in the response data packets to the private IP addresses of the ECSs. -.. _vpc_concepts_0010__en-us_topic_0118499016_f04fc5d5739d142e5b38d73f3746f6cad: +.. _vpc_concepts_0010__f04fc5d5739d142e5b38d73f3746f6cad: .. figure:: /_static/images/en-us_image_0118499140.png :alt: **Figure 1** SNAT function diff --git a/umn/source/service_overview/basic_concepts/snat.rst b/umn/source/service_overview/basic_concepts/snat.rst index 7c5a8a2..1581b54 100644 --- a/umn/source/service_overview/basic_concepts/snat.rst +++ b/umn/source/service_overview/basic_concepts/snat.rst @@ -5,7 +5,7 @@ SNAT ==== -In addition to services provided by the system, some ECSs need to access the Internet to obtain information or download software. You can bind EIPs to virtual NICs (ports) of ECSs to enable the ECSs to access the Internet. However, assigning an EIP to each ECS consumes already-limited IPv4 addresses, incurs additional costs, and may increase the attack surface for a virtual environment. Therefore, SNAT is introduced to enable multiple ECSs to share one EIP. +In addition to services provided by the system, some ECSs need to access the Internet to obtain information or download software. You can bind EIPs to virtual NICs (ports) of ECSs to enable the ECSs to access the Internet. However, assigning an EIP to each ECS consumes IPv4 addresses, incurs additional costs, and may increase the attack surface for a virtual environment. Therefore, SNAT is introduced to enable multiple ECSs to share one EIP. On a public cloud, an EIP can be assigned to an ECS that serves as the SNAT router or gateway for other ECSs from the same subnet or VPC. diff --git a/umn/source/service_overview/basic_concepts/subnet.rst b/umn/source/service_overview/basic_concepts/subnet.rst index 3209ca7..60cb03f 100644 --- a/umn/source/service_overview/basic_concepts/subnet.rst +++ b/umn/source/service_overview/basic_concepts/subnet.rst @@ -9,7 +9,7 @@ A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resou - By default, ECSs in all subnets of the same VPC can communicate with one another, but ECSs in different VPCs cannot. - You can create VPC peering connections to enable ECSs in different VPCs but in the same region to communicate with one another. For details, see :ref:`VPC Peering Connection Creation Procedure `. + You can create VPC peering connections to enable ECSs in different VPCs but in the same region to communicate with one another. For details, see :ref:`VPC Peering Connection Overview `. - After a subnet is created, its CIDR block cannot be modified. diff --git a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst index 68837df..af08b72 100644 --- a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst +++ b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst @@ -5,14 +5,22 @@ VPC Peering Connection ====================== -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. +A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. -Each account can have a maximum of 50 VPC peering connections in each region by default. +- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples `. -- VPC peering connections between VPCs in one account: Each account can create a maximum of 50 VPC peering connections in one region. +:ref:`Figure 1 ` shows an application scenario of VPC peering connections. -- VPC peering connections between VPCs of different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. +- There are two VPCs (VPC-A and VPC-B) in region A that are not connected. +- Service servers (ECS-A01 and ECS-A02) are in VPC-A, and database servers (RDS-B01 and RDS-B02) are in VPC-B. The service servers and database servers cannot communicate with each other. - An account can create VPC peering connections with different accounts if the account has enough quota. +- You need to create a VPC peering connection (peering-AB) between VPC-A and VPC-B so the service servers and database servers can communicate with each other. + +.. _vpc_concepts_0011__en-us_topic_0046655036_fig4721642193711: + +.. figure:: /_static/images/en-us_image_0000001512591549.png + :alt: **Figure 1** VPC peering connection network diagram + + **Figure 1** VPC peering connection network diagram For details about VPC peering connections, see :ref:`VPC Peering Connection `. diff --git a/umn/source/service_overview/document_usage_instructions.rst b/umn/source/service_overview/document_usage_instructions.rst index c50beed..dbf573e 100644 --- a/umn/source/service_overview/document_usage_instructions.rst +++ b/umn/source/service_overview/document_usage_instructions.rst @@ -8,15 +8,6 @@ Document Usage Instructions Instructions for using this document are as follows: - To facilitate your operations, the management console may provide more than one way for you to perform a task or an operation. This document describes only the main way. - - You can click |image1| next to some parameter values to quickly edit the values. This document does not describe this function. -- Click |image2| in the lower right corner of the console to switch between the new and the old consoles. The old edition does not have the function of associating a subnet with a route table. - - This document provides two sets of operation guides. (The "Getting Started" chapter uses the new console edition as an example.) - - - If you use the new console edition, see :ref:`Operation Guide (New Console Edition) `. - - If you use the old console edition, see :ref:`Operation Guide (Old Console Edition) `. - -.. |image1| image:: /_static/images/en-us_image_0239476777.png -.. |image2| image:: /_static/images/en-us_image_0226788663.png +.. |image1| image:: /_static/images/en-us_image_0157880395.png diff --git a/umn/source/service_overview/index.rst b/umn/source/service_overview/index.rst index bbc3f01..a09d654 100644 --- a/umn/source/service_overview/index.rst +++ b/umn/source/service_overview/index.rst @@ -6,10 +6,12 @@ Service Overview ================ - :ref:`What Is Virtual Private Cloud? ` +- :ref:`Product Advantages ` - :ref:`Application Scenarios ` - :ref:`VPC Connectivity ` +- :ref:`Notes and Constraints ` - :ref:`VPC and Other Services ` -- :ref:`User Permissions ` +- :ref:`Permissions ` - :ref:`Basic Concepts ` - :ref:`Document Usage Instructions ` @@ -18,9 +20,11 @@ Service Overview :hidden: what_is_virtual_private_cloud + product_advantages application_scenarios vpc_connectivity + notes_and_constraints vpc_and_other_services - user_permissions + permissions basic_concepts/index document_usage_instructions diff --git a/umn/source/service_overview/notes_and_constraints.rst b/umn/source/service_overview/notes_and_constraints.rst new file mode 100644 index 0000000..2209681 --- /dev/null +++ b/umn/source/service_overview/notes_and_constraints.rst @@ -0,0 +1,69 @@ +:original_name: overview_0003.html + +.. _overview_0003: + +Notes and Constraints +===================== + +Security Group +-------------- + +- By default, you can create a maximum of 100 security groups in your cloud account. +- By default, you can add up to 50 security group rules to a security group. +- When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: + + - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. + - Inbound rules: only allow data packets from the selected security group or only data packets from the peer load balancer. + +Firewall +-------- + +- By default, you can create a maximum of 200 firewalls in your cloud account. +- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. +- For optimal performance, import no more than 40 firewall rules at a time. Existing rules will still be available after new rules are imported. Each rule can be imported only once. + +Route Table +----------- + +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPC endpoint, VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. + +VPC Peering Connection +---------------------- + +- A VPC peering connection can only connect VPCs in the same region. +- If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. +- A VPC cannot use EIPs of its peered VPC for Internet access. For example, if VPC A is peered with VPC B that has EIPs, VPC A cannot use EIPs in VPC B to access the Internet. + +VPC Flow Log +------------ + +- Currently, only C3, M3, and S2 ECSs support VPC flow logs. +- By default, you can create a maximum of 10 VPC flow logs. +- By default, a maximum of 400,000 flow log records are supported. + +Virtual IP Address +------------------ + +- Virtual IP addresses are not recommended when multiple NICs in the same subnet are configured on an ECS. It is too easy for there to be route conflicts on the ECS, which would cause communication failure using the virtual IP address. + +EIP +--- + +- Each EIP can only be bound to one cloud resource. +- An EIP that has already been bound to a cloud resource cannot be bound to another resource without first being unbound from the current resource. +- You can only release EIPs that are not bound to any resources. +- The system preferentially assigns EIPs to you from the ones you released, if any. However, if any of these EIPs is already assigned to another user, it cannot be re-assigned to you. +- EIPs cannot be transferred across accounts. + +Bandwidth +--------- + +- A dedicated bandwidth can control how much data can be transferred using a single EIP. +- A shared bandwidth cannot control how much data can be transferred using a single EIP. Data transfer rate on EIPs cannot be customized. +- A shared bandwidth or dedicated bandwidth can only be used by resources owned by the same account. + +.. note:: + + - Inbound bandwidth is the bandwidth consumed when data is transferred from the Internet to the cloud. Outbound bandwidth is the bandwidth consumed when data is transferred from the cloud to the Internet. diff --git a/umn/source/service_overview/permissions.rst b/umn/source/service_overview/permissions.rst new file mode 100644 index 0000000..0a478cf --- /dev/null +++ b/umn/source/service_overview/permissions.rst @@ -0,0 +1,131 @@ +:original_name: overview_permission.html + +.. _overview_permission: + +Permissions +=========== + +If you need to assign different permissions to personnel in your enterprise to access your VPCs, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you to securely access your cloud resources. + +With IAM, you can create IAM users, and assign permissions to control their access to specific resources. For example, if you want some software developers in your enterprise to use VPCs but do not want them to delete VPCs or perform any other high-risk operations, you can grant permissions to use VPCs but not permissions to delete them. + +If your cloud account does not require IAM for permissions management, you can skip this section. + +IAM is a free service. You only pay for the resources in your account. For more information, see `IAM Service Overview `__. + +VPC Permissions +--------------- + +New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned. + +VPC is a project-level service deployed for specific regions. When you set **Scope** to **Region-specific projects** and select the specified projects in the specified regions , the users only have permissions for VPCs in the selected projects. If you set **Scope** to **All resources**, users have permissions for VPCs in all region-specific projects. When accessing VPCs, the users need to switch to the authorized region. + +You can grant permissions by using roles and policies. + +- Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based on users' job responsibilities. Only a limited number of service-level roles are available for authorization. When you grant permissions using roles, you also need to attach dependent roles. Roles are not ideal for fine-grained authorization and least privilege access. +- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can grant users only permission to manage VPCs of a certain type. A majority of fine-grained policies contain permissions for specific APIs, and permissions are defined using API actions. For the API actions supported by VPC, see `Permissions Policies and Supported Actions `__. + +:ref:`Table 1 ` lists all the system-defined permissions for VPC. + +.. _overview_permission__table43611845113413: + +.. table:: **Table 1** System-defined permissions for VPC + + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Policy Name | Description | Policy Type | Dependencies | + +====================+=========================================================================================================================+=======================+==============================================================================================================================+ + | VPC FullAccess | Full permissions for VPC | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | VPC ReadOnlyAccess | Read-only permissions on VPC. | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | VPC Administrator | Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules. | System-defined role | **Tenant Guest** and **Server Administrator** policies, which must be attached in the same project as **VPC Administrator**. | + | | | | | + | | To be granted this permission, users must also have the **Tenant Guest** and **Server Administrator** permission. | | | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + +:ref:`Table 2 ` lists the common operations supported by system-defined permissions for VPC. + +.. _overview_permission__table73311721105916: + +.. table:: **Table 2** Common operations supported by system-defined permissions + + +--------------------------------------+--------------------+-------------------+----------------+ + | Operation | VPC ReadOnlyAccess | VPC Administrator | VPC FullAccess | + +======================================+====================+===================+================+ + | Creating a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing VPC information | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing subnet information | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing security group information | Y | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a security group rule | Y | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a firewall | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a route table | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route table | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a VPC flow log | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Enabling or disabling a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + +Helpful Links +------------- + +- `What Is IAM? `__ +- :ref:`Creating a User and Granting VPC Permissions ` +- `Permissions Policies and Supported Actions `__ diff --git a/umn/source/service_overview/product_advantages.rst b/umn/source/service_overview/product_advantages.rst new file mode 100644 index 0000000..9cd020d --- /dev/null +++ b/umn/source/service_overview/product_advantages.rst @@ -0,0 +1,58 @@ +:original_name: overview_0004.html + +.. _overview_0004: + +Product Advantages +================== + +Flexible Configuration +---------------------- + +You can create VPCs, add subnets, specify IP address ranges, and configure DHCP and route tables. You can configure the same VPC for ECSs that are in different availability zones (AZs). + +Secure and Reliable +------------------- + +VPCs are logically isolated through tunneling technologies. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect ECSs. They add additional layers of security to your VPCs, so your network is secure. + + +.. figure:: /_static/images/en-us_image_0209577986.png + :alt: **Figure 1** Secure and Reliable + + **Figure 1** Secure and Reliable + +Seamless Interconnectivity +-------------------------- + +By default, instances in a VPC cannot access the Internet. You can use EIPs, load balancers, NAT gateways, VPN connections, and Direct Connect connections to enable access to or from the Internet. + +By default, instances in different VPCs cannot communicate with each other. You can create a VPC peering connection to enable the instances in the two VPCs in the same region to communicate with each other using private IP addresses. + +Multiple connectivity options are available to meet diverse service requirements for the cloud, enabling you to deploy enterprise applications with ease and lower enterprise IT operation and maintenance (O&M) costs. + +High-Speed Access +----------------- + +Dynamic BGP is used to provide access to various carrier networks. You can establish over 20 dynamic BGP connections to different carriers. Dynamic BGP connections enable real-time failovers based on preset routing protocols, ensuring high network stability, low network latency, and smooth access to services on the cloud. + +Advantage Comparison +-------------------- + +:ref:`Table 1 ` lists the advantages of a VPC over a traditional IDC. + +.. _overview_0004__table1617718259238: + +.. table:: **Table 1** Comparison between a VPC and a traditional IDC + + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Item | VPC | Traditional IDC | + +=======================+=================================================================================================================================================================================================================+===============================================================================================================================================================================================================================================+ + | Deployment cycle | - You do not need to perform complex engineering deployment, including engineering planning and cabling. | You need to set up networks and perform tests. The entire process takes a long time and requires professional technical support. | + | | - You can determine your networks, subnets, and routes on based on service requirements. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Total cost | provides flexible billing modes for network services. You can select whichever one best fits your business needs. There are no upfront costs and network O&M costs, reducing the total cost of ownership (TCO). | You need to invest heavily in equipment rooms, power supply, construction, and hardware materials. You also need professional O&M teams to ensure network security. Asset management costs increase with any change in business requirements. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Flexibility | provides a variety of network services for you to choose from. If you need more network resources (for instance, if you need more bandwidth), you can expand resources on the fly. | You have to strictly comply with the network plan to complete the service deployment. If there are changes in your service requirements, it is difficult to dynamically adjust the network. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Security | VPCs are logically isolated from each other. You can use security features such as network ACLs and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/user_permissions.rst b/umn/source/service_overview/user_permissions.rst deleted file mode 100644 index 6cb8791..0000000 --- a/umn/source/service_overview/user_permissions.rst +++ /dev/null @@ -1,10 +0,0 @@ -:original_name: vpc_permissions_0001.html - -.. _vpc_permissions_0001: - -User Permissions -================ - -The cloud system provides two types of user permissions by default: user management and resource management. User management refers to the management of users, user groups, and user group rights. Resource management refers to the control operations that can be performed by users on cloud service resources. - -For further details, see `Permissions `__. diff --git a/umn/source/service_overview/what_is_virtual_private_cloud.rst b/umn/source/service_overview/what_is_virtual_private_cloud.rst index 804a734..b8a313c 100644 --- a/umn/source/service_overview/what_is_virtual_private_cloud.rst +++ b/umn/source/service_overview/what_is_virtual_private_cloud.rst @@ -8,9 +8,9 @@ What Is Virtual Private Cloud? Overview -------- -The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. +The Virtual Private Cloud (VPC) service enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. -Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules for communication between ECSs in the same security group or in different security groups. +Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. .. figure:: /_static/images/en-us_image_0209606948.png @@ -18,29 +18,6 @@ Within your own VPC, you can create security groups and VPNs, configure IP addre **Figure 1** VPC components -Advantages ----------- - -- Flexible configuration - - You can create VPCs, add subnets, specify IP address ranges, and configure route tables. You can configure the same VPC for ECSs that are in different availability zones (AZs). - -- Secure and reliable - - Each VPC is completely logically isolated from other VPCs using the tunneling technology. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect instances, such as cloud servers, containers, and databases. The firewalls and security groups add additional layers of security to your VPCs, making your network secure. - -- Interconnectivity - - By default, instances in a VPC cannot access the Internet. You can leverage Elastic IP (EIP), Elastic Load Balancing (ELB), NAT Gateways, Virtual Private Network (VPN), and Direct Connect to enable access to or from the Internet. - - By default, instances in two VPCs cannot communicate with each other. You can create a VPC peering connection to enable the instances in the two VPCs in the same region to communicate with each other using private IP addresses. - - Multiple connectivity options are provided to meet diverse service requirements for the cloud, enabling you to deploy enterprise applications with ease and lower enterprise IT operation and maintenance (O&M) costs. - -- High-speed access - - Dynamic Border Gateway Protocol (BGP) is used to provide access to various carrier networks. For example, up to 21 dynamic BGP connections are established to multiple carriers. The dynamic BGP connections enable real-time failover based on preset routing protocols, ensuring high network stability, low network latency, and smooth access to services on the cloud. - Accessing the VPC Service ------------------------- @@ -52,4 +29,4 @@ You can access the VPC service through the management console or using HTTPS-bas - API - If you need to integrate the VPC service provided by the cloud system into a third-party system for secondary development, you can use APIs to access the VPC service. For details, see the *Virtual Private Cloud API Reference*. + If you need to integrate a VPC into a third-party system for secondary development, you can use APIs to access the VPC service. For details, see the `Virtual Private Cloud API Reference `__. diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst similarity index 69% rename from umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst rename to umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst index d80170b..ab03f9d 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst @@ -15,7 +15,7 @@ Notes and Constraints - After an EIP is added to a shared bandwidth, the original bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth. - The EIP's original dedicated bandwidth will be deleted. -- Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. +- Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Procedure --------- @@ -24,11 +24,11 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. +3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. -5. In the shared bandwidth list, locate the row that contains the shared bandwidth to which you want to add EIPs. In the **Operation** column, choose **More** > **Add EIP**, and select the EIPs to be added. +5. In the shared bandwidth list, locate the row that contains the shared bandwidth that you want to add EIPs to. In the **Operation** column, choose **Add EIP**, and select the EIPs to be added. .. figure:: /_static/images/en-us_image_0000001211006359.png @@ -39,3 +39,4 @@ Procedure 6. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst similarity index 52% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst rename to umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst index 85c682e..1faaa88 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst +++ b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst @@ -1,48 +1,53 @@ -:original_name: vpc_vpc_0001.html +:original_name: vpc010005.html -.. _vpc_vpc_0001: +.. _vpc010005: -Modifying a Subnet -================== +Assigning a Shared Bandwidth +============================ Scenarios --------- -Modify the subnet name, NTP server address, and DNS server address. +Assign a shared bandwidth for use with EIPs. Procedure --------- #. Log in to the management console. + #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Subnets**. -#. In the subnet list, locate the target subnet and click its name. -#. On the subnet details page, modify required parameters. + +#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. + +#. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. + +#. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted. + + + .. figure:: /_static/images/en-us_image_0000001163949251.png + :alt: **Figure 1** Assigning Shared Bandwidth + + **Figure 1** Assigning Shared Bandwidth .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================================================================================================+=======================+ - | Name | The subnet name. | Subnet | - | | | | - | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | - | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | - | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - | | | | - | | .. note:: | | - | | | | - | | - If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately. | | - | | - If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=========================================================================================================================================================================================================================================================================================================+=======================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth | The bandwidth size in Mbit/s. The minimum value is 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Name | The name of the shared bandwidth. | Bandwidth-001 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Enterprise Project | The enterprise project that the EIP belongs to. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. Click **OK**. +#. Click **Create Now**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst similarity index 85% rename from umn/source/operation_guide_new_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst rename to umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst index 4b053a5..d2eae01 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/deleting_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst @@ -21,9 +21,11 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. + +3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. 5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to delete, click **More** in the **Operation** column, and then click **Delete**. 6. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/index.rst b/umn/source/shared_bandwidth/index.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/shared_bandwidth/index.rst rename to umn/source/shared_bandwidth/index.rst diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst similarity index 85% rename from umn/source/operation_guide_new_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst rename to umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst index c59fc64..4f9d738 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/modifying_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. +3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. @@ -34,3 +34,4 @@ Procedure 7. Click **Submit**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst similarity index 85% rename from umn/source/operation_guide_new_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst rename to umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst index d8a4ce0..3f473b1 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. +3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. @@ -32,3 +32,4 @@ Procedure 6. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/shared_bandwidth/shared_bandwidth_overview.rst b/umn/source/shared_bandwidth/shared_bandwidth_overview.rst new file mode 100644 index 0000000..8be79a2 --- /dev/null +++ b/umn/source/shared_bandwidth/shared_bandwidth_overview.rst @@ -0,0 +1,22 @@ +:original_name: vpc010004.html + +.. _vpc010004: + +Shared Bandwidth Overview +========================= + +A shared bandwidth can be shared by multiple EIPs and controls the data transfer rate on these EIPs in a centralized manner. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. + +When you host a large number of applications on the cloud, if each EIP uses a bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. + +- Easy to Manage + + Region-level bandwidth sharing and multiplexing simplify O&M statistics, management, and operations cost settlement. + +- Flexible Operations + + You can add EIPs (except for **5_gray** EIPs of dedicated load balancers) to or remove them from a shared bandwidth regardless of the type of instances that they are bound to. + + .. note:: + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. diff --git a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst new file mode 100644 index 0000000..b2dde32 --- /dev/null +++ b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -0,0 +1,33 @@ +:original_name: vpc_vip_0002.html + +.. _vpc_vip_0002: + +Assigning a Virtual IP Address +============================== + +Scenarios +--------- + +If an ECS requires a virtual IP address or if a virtual IP address needs to be reserved, you can assign a virtual IP address from the subnet. + +Procedure +--------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. +#. In the subnet list, click the name of the subnet where a virtual IP address is to be assigned. +#. Click the **IP Addresses** tab and click **Assign Virtual IP Address**. +#. Select a virtual IP address assignment mode. + + - **Automatic**: The system assigns an IP address automatically. + - **Manual**: You can specify an IP address. + +#. Select **Manual** and enter a virtual IP address. +#. Click **OK**. + +You can then query the assigned virtual IP address in the IP address list. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001554010645.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst similarity index 62% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst rename to umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst index 8208cce..2cf1b8c 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst @@ -19,11 +19,10 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. -5. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. -6. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Elastic IP**. +#. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. +#. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. +#. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst new file mode 100644 index 0000000..2edbaf5 --- /dev/null +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -0,0 +1,135 @@ +:original_name: en-us_topic_0067802474.html + +.. _en-us_topic_0067802474: + +Binding a Virtual IP Address to an EIP or ECS +============================================= + +Scenarios +--------- + +You can bind a virtual IP address to an EIP so that you can access the ECSs bound with the same virtual IP address from the Internet. These ECSs can work in the active/standby mode to improve fault tolerance. + +Procedure +--------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. +#. In the subnet list, click the name of the subnet that the virtual IP address belongs to. +#. Click the **IP Addresses** tab. + + - To bind a virtual IP address to an EIP, locate the row that contains the virtual IP address and click **Bind to EIP** in the **Operation** column. + - To bind a virtual IP address to an ECS, locate the row that contains the virtual IP address and click **Bind to Server** in the **Operation** column. + +#. Select the desired EIP, or ECS and its NIC. + + .. note:: + + - If the ECS has multiple NICs, bind the virtual IP address to the primary NIC. + - Multiple virtual IP addresses can be bound to an ECS NIC. + +#. Click **OK**. + +9. Manually configure the virtual IP address bound to an ECS. + + After a virtual IP address is bound to an ECS NIC, you need to manually configure the virtual IP address on the ECS. + + **Linux OS** (CentOS 7.2 64bit is used as an example.) + + a. .. _en-us_topic_0067802474__li528316578916: + + Run the following command to obtain the NIC to which the virtual IP address is to be bound and the connection of the NIC: + + **nmcli connection** + + Information similar to the following is displayed: + + |image3| + + The command output in this example is described as follows: + + - **eth0** in the **DEVICE** column indicates the NIC to which the virtual IP address is to be bound. + - **Wired connection 1** in the **NAME** column indicates the connection of the NIC. + + b. Run the following command to add the virtual IP address for the target connection: + + **nmcli connection modify "**\ *CONNECTION*\ **" ipv4.addresses** *VIP* + + Configure the parameters as follows: + + - CONNECTION: connection of the NIC obtained in :ref:`9.a `. + - VIP: virtual IP address to be added. + + - If you add multiple virtual IP addresses at a time, separate them with commas (,). + - If a virtual IP address already exists and you need to add a new one, the command must contain both the new and original virtual IP addresses. + + Example commands: + + - Adding a single virtual IP address: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125** + - Adding multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125,172.16.0.126** + + c. Run the following command to make the configuration take effect: + + **nmcli connection up "**\ *CONNECTION*\ **"** + + In this example, run the following command: + + **nmcli connection up "Wired connection 1"** + + Information similar to the following is displayed: + + |image4| + + d. Run the following command to check whether the virtual IP address has been bound: + + **ip a** + + Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. + + |image5| + + **Windows OS** (Windows Server is used as an example here.) + + a. In **Control Panel**, click **Network and Sharing Center**, and click the corresponding local connection. + + b. On the displayed page, click **Properties**. + + c. On the **Network** tab page, select **Internet Protocol Version 4 (TCP/IPv4)**. + + d. Click **Properties**. + + e. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. + + + .. figure:: /_static/images/en-us_image_0000001179761510.png + :alt: **Figure 1** Configuring private IP address + + **Figure 1** Configuring private IP address + + f. Click **Advanced**. + + g. On the **IP Settings** tab, click **Add** in the **IP addresses** area. + + Add the virtual IP address. For example, 10.0.0.154. + + + .. figure:: /_static/images/en-us_image_0000001225081545.png + :alt: **Figure 2** Configuring virtual IP address + + **Figure 2** Configuring virtual IP address + + h. Click **OK**. + + i. In the **Start** menu, open the Windows command line window and run the following command to check whether the virtual IP address has been configured: + + **ipconfig /all** + + In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001553930581.png +.. |image3| image:: /_static/images/en-us_image_0000001281210233.png +.. |image4| image:: /_static/images/en-us_image_0000001237328110.png +.. |image5| image:: /_static/images/en-us_image_0000001237013856.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst b/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst similarity index 50% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst rename to umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst index 08a5406..d8c4e5a 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst +++ b/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst @@ -6,11 +6,11 @@ Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) =========================================================================== #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. In the ECS list, click the ECS name. -5. On the displayed ECS details page, click the **NICs** tab. -6. Check that **Source/Destination Check** is disabled. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Under **Computing**, click **Elastic Cloud Server**. +#. In the ECS list, click the ECS name. +#. On the displayed ECS details page, click the **NICs** tab. +#. Click the IP address to view the NIC details. +#. Check that **Source/Destination Check** is disabled. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/index.rst b/umn/source/virtual_ip_address/index.rst similarity index 83% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/index.rst rename to umn/source/virtual_ip_address/index.rst index f075cf5..fb460b4 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/index.rst +++ b/umn/source/virtual_ip_address/index.rst @@ -13,6 +13,8 @@ Virtual IP Address - :ref:`Using a Direct Connect Connection to Access the Virtual IP Address ` - :ref:`Using a VPC Peering Connection to Access the Virtual IP Address ` - :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) ` +- :ref:`Unbinding a Virtual IP Address from an Instance ` +- :ref:`Unbinding a Virtual IP Address from an EIP ` - :ref:`Releasing a Virtual IP Address ` .. toctree:: @@ -27,4 +29,6 @@ Virtual IP Address using_a_direct_connect_connection_to_access_the_virtual_ip_address using_a_vpc_peering_connection_to_access_the_virtual_ip_address disabling_source_and_destination_check_ha_load_balancing_cluster_scenario + unbinding_a_virtual_ip_address_from_an_instance + unbinding_a_virtual_ip_address_from_an_eip releasing_a_virtual_ip_address diff --git a/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst new file mode 100644 index 0000000..3a6b52b --- /dev/null +++ b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst @@ -0,0 +1,55 @@ +:original_name: vpc_vip_0009.html + +.. _vpc_vip_0009: + +Releasing a Virtual IP Address +============================== + +Scenarios +--------- + +If you no longer need a virtual IP address or a reserved virtual IP address, you can release it to avoid wasting resources. + +Notes and Constraints +--------------------- + +If you want to release a virtual IP address that is being used by a resource, refer to :ref:`Table 1 `. + +.. _vpc_vip_0009__table85161971410: + +.. table:: **Table 1** Releasing a virtual IP address that is being used by a resource + + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause Analysis and Solution | + +===================================================================================================================================+=====================================================================================================================================+ + | This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being by an EIP or an ECS. Unbind the virtual IP address first. | + | | | + | | - EIP: :ref:`Unbinding a Virtual IP Address from an EIP ` | + | | - ECS: :ref:`Unbinding a Virtual IP Address from an Instance ` | + | | | + | | Release the virtual IP address. | + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | This operation cannot be performed because the IP address is being used by a system component. | The virtual IP address is being used by an RDS DB instance. Delete the DB instance, which will also release its virtual IP address. | + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + +#. Click the name of the subnet that the virtual IP address belongs to. + +#. Click the **IP Addresses** tab, locate the row that contains the virtual IP address to be released, click **More** in the **Operation** column, and select **Release**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001553650753.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst new file mode 100644 index 0000000..5478db5 --- /dev/null +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst @@ -0,0 +1,41 @@ +:original_name: vpc_vip_0011.html + +.. _vpc_vip_0011: + +Unbinding a Virtual IP Address from an EIP +========================================== + +Scenarios +--------- + +This section describes how to unbind a virtual IP address from an EIP. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Click the name of the subnet that the virtual IP address belongs to. + + The **Summary** page is displayed. + +#. Click the **IP Addresses** tab. + + The virtual IP address list is displayed. + +#. Locate the row that contains the virtual IP address, click **More** in the **Operation** column, and select **Unbind from EIP**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503170970.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst new file mode 100644 index 0000000..dd550d6 --- /dev/null +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst @@ -0,0 +1,55 @@ +:original_name: vpc_vip_0010.html + +.. _vpc_vip_0010: + +Unbinding a Virtual IP Address from an Instance +=============================================== + +Scenarios +--------- + +This section describes how to unbind a virtual IP address from an ECS. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Click the name of the subnet that the virtual IP address belongs to. + + The **Summary** page is displayed. + +#. Click the **IP Addresses** tab. + + The virtual IP address list is displayed. + + + .. figure:: /_static/images/en-us_image_0000001570070841.png + :alt: **Figure 1** Virtual IP addresses + + **Figure 1** Virtual IP addresses + +#. Locate the row that contains the virtual IP address, click **More** in the **Operation** column, and select **Unbind from Server**. + + The **Bound Server** dialog box is displayed. + +#. Unbind the virtual IP address from the instance. + + a. Select the type of the instance bound to the virtual IP address. + + b. Locate the row that contains the instance and click **Unbind** in the **Operation** column. + + A confirmation dialog box is displayed. + + c. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503170974.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst b/umn/source/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst similarity index 88% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst rename to umn/source/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst index 8fba76c..4eed5ea 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/using_a_direct_connect_connection_to_access_the_virtual_ip_address.rst @@ -8,7 +8,7 @@ Using a Direct Connect Connection to Access the Virtual IP Address Procedure --------- -#. Configure the ECS networking based on :ref:`Networking `. +#. Configure the ECS networking based on :ref:`Networking `. #. Create a Direct Connect connection. The created Direct Connect connection can be used to access the virtual IP address of the ECS. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst b/umn/source/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst similarity index 75% rename from umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst rename to umn/source/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst index 402026e..24a1af1 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/using_a_vpc_peering_connection_to_access_the_virtual_ip_address.rst @@ -1,6 +1,6 @@ -:original_name: vpc_vip02_0007.html +:original_name: vpc_vip_0006.html -.. _vpc_vip02_0007: +.. _vpc_vip_0006: Using a VPC Peering Connection to Access the Virtual IP Address =============================================================== @@ -8,7 +8,7 @@ Using a VPC Peering Connection to Access the Virtual IP Address Procedure --------- -#. Configure the ECS networking based on :ref:`Networking `. +#. Configure the ECS networking based on :ref:`Networking `. #. Create a VPC peering connection. You can access the virtual IP address of the ECS through the VPC peering connection. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst similarity index 84% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst rename to umn/source/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst index 9054e22..38eef66 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/using_a_vpn_to_access_a_virtual_ip_address.rst @@ -8,7 +8,7 @@ Using a VPN to Access a Virtual IP Address Procedure --------- -#. Configure the ECS networking based on :ref:`Networking `. +#. Configure the ECS networking based on :ref:`Networking `. #. Create a VPN. The VPN can be used to access the virtual IP address of the ECS. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst b/umn/source/virtual_ip_address/virtual_ip_address_overview.rst similarity index 87% rename from umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst rename to umn/source/virtual_ip_address/virtual_ip_address_overview.rst index 4705506..79fff81 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst +++ b/umn/source/virtual_ip_address/virtual_ip_address_overview.rst @@ -12,7 +12,7 @@ A virtual IP address can be shared among multiple ECSs. An ECS can have both pri You can bind ECSs deployed in active/standby mode with the same virtual IP address, and then bind an EIP to the virtual IP address. Virtual IP addresses can work together with Keepalived to ensure high availability and disaster recovery. If the active ECS is faulty, the standby ECS automatically takes over services from the active one. -.. _vpc_vip_0001__en-us_topic_0118498951_section766193134213: +.. _vpc_vip_0001__section766193134213: Networking ---------- @@ -72,21 +72,19 @@ Notes and Constraints In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - - If the command output is **1**, perform :ref:`2 ` and :ref:`3 ` to disable the IP forwarding. + - If the command output is **1**, perform :ref:`2 ` and :ref:`3 ` to disable the IP forwarding. - If the command output is **0**, no further action is required. - #. .. _vpc_vip_0001__en-us_topic_0118498951_en-us_topic_0206027322_en-us_topic_0095139658_li1473585332417: + #. .. _vpc_vip_0001__en-us_topic_0206027322_en-us_topic_0095139658_li1473585332417: Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **0**, and enter **:wq** to save the change and exit. You can also use the **sed** command to modify the configuration. A command example is as follows: sed -i '/net.ipv4.ip_forward/s/1/0/g' /etc/sysctl.conf - #. .. _vpc_vip_0001__en-us_topic_0118498951_en-us_topic_0206027322_en-us_topic_0095139658_li88984711254: + #. .. _vpc_vip_0001__en-us_topic_0206027322_en-us_topic_0095139658_li88984711254: Run the following command to make the change take effect: sysctl -p /etc/sysctl.conf - Each virtual IP address can be bound to only one EIP. -- It is recommended that no more than eight virtual IP addresses be bound to an ECS. -- It is recommended that no more than 10 ECSs be bound to a virtual IP address. diff --git a/umn/source/vpc_and_subnet/index.rst b/umn/source/vpc_and_subnet/index.rst new file mode 100644 index 0000000..ca02e96 --- /dev/null +++ b/umn/source/vpc_and_subnet/index.rst @@ -0,0 +1,16 @@ +:original_name: en-us_topic_0030969460.html + +.. _en-us_topic_0030969460: + +VPC and Subnet +============== + +- :ref:`VPC ` +- :ref:`Subnet ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + vpc/index + subnet/index diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst similarity index 92% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst rename to umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst index 2ca3d31..bef9943 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -19,9 +19,9 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Subnets**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. 5. Click **Create Subnet**. @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -64,10 +62,10 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _en-us_topic_0013748726__en-us_topic_0118498823_table42131827173915: + .. _en-us_topic_0013748726__table42131827173915: .. table:: **Table 2** Subnet tag key and value requirements @@ -109,3 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst new file mode 100644 index 0000000..4e7e0c7 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst @@ -0,0 +1,44 @@ +:original_name: vpc_vpc_0002.html + +.. _vpc_vpc_0002: + +Deleting a Subnet +================= + +Scenarios +--------- + +This section describes how to delete a subnet. + +Notes and Constraints +--------------------- + +If you want to delete a subnet that has custom routes, virtual IP addresses, or other resources, you need to delete these resources as prompted on the console first and then delete the subnet. + +You can refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. In the subnet list, locate the row that contains the subnet you want to delete and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Click **Yes**. + + .. important:: + + If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst new file mode 100644 index 0000000..4b99717 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst @@ -0,0 +1,32 @@ +:original_name: vpc_vpc_0010.html + +.. _vpc_vpc_0010: + +Exporting Subnet List +===================== + +Scenarios +--------- + +Information about all subnets under your account can be exported as an Excel file to a local directory. This file records the name, ID, VPC, CIDR block, and associated route table of each subnet. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. In the upper right corner of the subnet list, click |image3|. + + The system will automatically export information about all subnets under your account in the current region as an Excel file to a local directory. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001221842468.png diff --git a/umn/source/vpc_and_subnet/subnet/index.rst b/umn/source/vpc_and_subnet/subnet/index.rst new file mode 100644 index 0000000..19d0de8 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/index.rst @@ -0,0 +1,26 @@ +:original_name: vpc_0004.html + +.. _vpc_0004: + +Subnet +====== + +- :ref:`Creating a Subnet for the VPC ` +- :ref:`Modifying a Subnet ` +- :ref:`Managing Subnet Tags ` +- :ref:`Exporting Subnet List ` +- :ref:`Viewing and Deleting Resources in a Subnet ` +- :ref:`Viewing IP Addresses in a Subnet ` +- :ref:`Deleting a Subnet ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_subnet_for_the_vpc + modifying_a_subnet + managing_subnet_tags + exporting_subnet_list + viewing_and_deleting_resources_in_a_subnet + viewing_ip_addresses_in_a_subnet + deleting_a_subnet diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst similarity index 85% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst rename to umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst index 5c67bdc..519f58f 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst +++ b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst @@ -10,9 +10,9 @@ Scenarios A subnet tag identifies a subnet. Tags can be added to subnets to facilitate subnet identification and administration. You can add a tag to a subnet when creating the subnet, or you can add a tag to a created subnet on the subnet details page. A maximum of 20 tags can be added to each subnet. -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. +A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. -.. _vpc_vpc_0005__en-us_topic_0118498932_ted9687ca14074ef785241145365a6175: +.. _vpc_vpc_0005__ted9687ca14074ef785241145365a6175: .. table:: **Table 1** Subnet tag key and value requirements @@ -47,9 +47,11 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. Under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Subnets**. +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. #. In the upper right corner of the subnet list, click **Search by Tag**. @@ -68,10 +70,17 @@ Procedure **Add, delete, edit, and view tags on the Tags tab of a subnet.** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. Under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Subnets**. + +#. Click |image3| in the upper left corner and select the desired region and project. + +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + #. In the subnet list, locate the target subnet and click its name. + #. On the subnet details page, click the **Tags** tab and perform desired operations on tags. - View tags. @@ -91,4 +100,6 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst new file mode 100644 index 0000000..5b64a38 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst @@ -0,0 +1,60 @@ +:original_name: vpc_vpc_0001.html + +.. _vpc_vpc_0001: + +Modifying a Subnet +================== + +Scenarios +--------- + +Modify the subnet name, NTP server address, and DNS server address. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. Locate the row that contains the target VPC and click the number in the **Subnets** column. + + The **Subnets** page is displayed. + +5. In the subnet list, locate the target subnet and click its name. + + The subnet details page is displayed. + +6. On the **Summary** tab, click |image3| on the right of the parameter to be modified and modify the parameter as prompted. + + .. table:: **Table 1** Parameter descriptions + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Name | The subnet name. | Subnet | + | | | | + | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of two DNS server addresses are supported. Use commas (,) to separate every two addresses. | 100.125.x.x | + | | | | + | | A maximum of five DNS server addresses are supported. Use commas (,) to separate every two addresses. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | + | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, you do not add an NTP server IP address. | | + | | | | + | | A maximum of four unique NTP server IP addresses can be configured. Multiple IP addresses must be separated by a comma (,). If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately. If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001337710801.png diff --git a/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst new file mode 100644 index 0000000..6aa0cce --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst @@ -0,0 +1,85 @@ +:original_name: vpc_vpc_0011.html + +.. _vpc_vpc_0011: + +Viewing and Deleting Resources in a Subnet +========================================== + +Scenarios +--------- + +VPC subnets have private IP addresses used by cloud resources. This section describes how to view resources that are using private IP addresses of subnets. If these resources are no longer required, you can delete them. + +You can view resources, including ECSs, BMSs, load balancers, and NAT gateways. + +.. important:: + + After you delete all resources in a subnet by referring to this section, the message "Delete the resource that is using the subnet and then delete the subnet." is displayed when you delete the subnet, you can refer to :ref:`Viewing IP Addresses in a Subnet `. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Locate the target subnet and click its name. + + The subnet details page is displayed. + +#. On the **Summary** page, view the resources in the subnet. + + a. In the **Resources** area, view the ECSs, BMSs, network interfaces, and load balancers in the subnet. + b. In the **Networking Components** area, view the NAT gateways in the subnet. + +#. Delete resources from the subnet. + + .. table:: **Table 1** Viewing and deleting resources in a subnet + + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Resource | Reference | + +===================================+==================================================================================================================================================+ + | ECS | Currently, you cannot directly switch to ECSs from the subnet details page. You need to search for the target ECS in the ECS list and delete it. | + | | | + | | a. In the ECS list, click the ECS name. | + | | | + | | The ECS details page is displayed. | + | | | + | | b. In the **NICs** area, view the name of the subnet associated with the ECS. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | BMS | Currently, you cannot directly switch to BMSs from the subnet details page. You need to search for the target BMS in the BMS list and delete it. | + | | | + | | a. In the BMS list, click the BMS name. | + | | | + | | The BMS details page is displayed. | + | | | + | | b. In the **NICs** tab, view the subnet associated with the BMS. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Load balancer | You can directly switch to load balancers from the subnet details page. | + | | | + | | a. Click the load balancer quantity in the **Resources** area. | + | | | + | | The load balancer list is displayed. | + | | | + | | b. Locate the row that contains the load balancer and click **Delete** in the **Operation** column. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | NAT gateway | You can directly switch to NAT gateways from the subnet details page. | + | | | + | | a. Click the NAT gateway name in the **Networking Components** area. | + | | | + | | The NAT gateway details page is displayed. | + | | | + | | b. Click |image3| to return to the NAT gateway list. | + | | | + | | c. Locate the row that contains the NAT gateway and click **Delete** in the **Operation** column. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001461263993.png diff --git a/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst new file mode 100644 index 0000000..562b384 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst @@ -0,0 +1,53 @@ +:original_name: vpc_vpc_0012.html + +.. _vpc_vpc_0012: + +Viewing IP Addresses in a Subnet +================================ + +Scenarios +--------- + +A subnet is an IP address range in a VPC. This section describes how to view the used IP addresses in a subnet. + +- Virtual IP addresses +- Private IP addresses + + - Used by the subnet itself, such as the gateway, system interface, and DHCP. + - Used by cloud resources, such as ECSs, load balancers, and RDS instances. + +Notes and Constraints +--------------------- + +- A subnet cannot be deleted if its IP addresses are used by cloud resources. +- A subnet can be deleted if its IP addresses are used by itself. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Locate the target subnet and click its name. + + The subnet details page is displayed. + +#. Click the **IP Addresses** tab to view the IP addresses in the subnet. + + a. In the virtual IP address list, you can view the virtual IP addresses assigned from the subnet. + b. In the private IP address list in the lower part of the page, you can view the private IP addresses used by the subnet (gateway, system interface, and DHCP). + +Follow-up Operations +-------------------- + +If you want to view and delete the resources in a subnet, refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst new file mode 100644 index 0000000..e013768 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst @@ -0,0 +1,147 @@ +:original_name: en-us_topic_0013935842.html + +.. _en-us_topic_0013935842: + +Creating a VPC +============== + +Scenarios +--------- + +A VPC provides an isolated virtual network for ECSs. You can configure and manage the network as required. + +You can create a VPC by following the procedure provided in this section. Then, create subnets, security groups, and assign EIPs by following the procedure provided in subsequent sections based on your actual network requirements. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. Click **Create VPC**. + +#. On the **Create VPC** page, set parameters as prompted. + + A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. table:: **Table 1** VPC parameter descriptions + + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + + .. _en-us_topic_0013935842__table248245914136: + + .. table:: **Table 2** VPC tag key and value requirements + + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+============================================================================+=======================+ + | Key | - Cannot be left blank. | vpc_key1 | + | | - Must be unique for the same VPC and can be the same for different VPCs. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | vpc-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + + .. _en-us_topic_0013935842__table6536185812515: + + .. table:: **Table 3** Subnet tag key and value requirements + + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+=====================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + +#. Click **Create Now**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png diff --git a/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst new file mode 100644 index 0000000..bdc315a --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst @@ -0,0 +1,40 @@ +:original_name: vpc_vpc_0003.html + +.. _vpc_vpc_0003: + +Deleting a VPC +============== + +Scenarios +--------- + +This section describes how to delete a VPC. + +Notes and Constraints +--------------------- + +If you want to delete a VPC that has subnets, custom routes, or other resources, you need to delete these resources as prompted on the console first and then delete the VPC. + +You can refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. + + .. important:: + + If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst similarity index 63% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst rename to umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst index 802da92..350fa18 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst +++ b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst @@ -15,15 +15,14 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. - -5. In the upper right corner of the VPC list, click |image2|. +#. In the upper right corner of the VPC list, click |image3|. The system will automatically export information about all VPCs under your account in the current region. They will be exported in Excel format. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0233469654.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0233469654.png diff --git a/umn/source/vpc_and_subnet/vpc/index.rst b/umn/source/vpc_and_subnet/vpc/index.rst new file mode 100644 index 0000000..d5491ac --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/index.rst @@ -0,0 +1,26 @@ +:original_name: vpc_0003.html + +.. _vpc_0003: + +VPC +=== + +- :ref:`Creating a VPC ` +- :ref:`Modifying a VPC ` +- :ref:`Deleting a VPC ` +- :ref:`Managing VPC Tags ` +- :ref:`Exporting VPC List ` +- :ref:`Obtaining a VPC ID ` +- :ref:`Viewing a VPC Topology ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_vpc + modifying_a_vpc + deleting_a_vpc + managing_vpc_tags + exporting_vpc_list + obtaining_a_vpc_id + viewing_a_vpc_topology diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst similarity index 89% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst rename to umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst index dcb52db..26ca67e 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst +++ b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst @@ -10,9 +10,9 @@ Scenarios A VPC tag identifies a VPC. Tags can be added to VPCs to facilitate VPC identification and management. You can add a tag to a VPC when creating the VPC, or you can add a tag to a created VPC on the VPC details page. A maximum of 20 tags can be added to each VPC. -A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. +A tag consists of a key and value pair. :ref:`Table 1 ` lists the tag key and value requirements. -.. _vpc_vpc_0004__en-us_topic_0118498924_ted9687ca14074ef785241145365a6175: +.. _vpc_vpc_0004__ted9687ca14074ef785241145365a6175: .. table:: **Table 1** VPC tag key and value requirements @@ -47,9 +47,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the upper right corner of the VPC list, click **Search by Tag**. @@ -69,11 +67,9 @@ Procedure #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. +#. Click |image3| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the VPC whose tags are to be managed and click the VPC name. @@ -98,4 +94,6 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst similarity index 71% rename from umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst rename to umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst index 751fa8b..ac5b612 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst @@ -34,9 +34,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be modified and click **Edit CIDR Block** in the **Operation** column. @@ -53,18 +51,19 @@ Procedure **Modifying a VPC** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Modify the basic information about a VPC using either of the following methods : +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +#. Modify the basic information about a VPC using either of the following methods: - - In the VPC list, click |image3| on the right of the VPC name to change the VPC name. + - In the VPC list, click |image5| on the right of the VPC name to change the VPC name. - In the VPC list, click the VPC name. - On the VPC details page, click |image4| next to the VPC name or description to change the VPC name or description. + On the VPC details page, click |image6| next to the VPC name or description to change the VPC name or description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0000001267230305.png -.. |image4| image:: /_static/images/en-us_image_0000001267350317.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001520717193.png +.. |image5| image:: /_static/images/en-us_image_0000001267230305.png +.. |image6| image:: /_static/images/en-us_image_0000001267350317.png diff --git a/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst new file mode 100644 index 0000000..c2f22e1 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst @@ -0,0 +1,34 @@ +:original_name: vpc_vpc_0013.html + +.. _vpc_vpc_0013: + +Obtaining a VPC ID +================== + +Scenarios +--------- + +This section describes how to view and obtain a VPC ID. + +If you want to obtain the ID of the peer VPC when you create a VPC peering connection between two VPCs from different accounts, you can share this section with the owner of the peer account to obtain the VPC ID. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. On the **Virtual Private Cloud** page, locate the VPC and click its name. + + The VPC details page is displayed. + +5. In the **VPC Information area**, view the VPC ID. + + Click |image3| next to ID to copy the VPC ID. + +.. |image1| image:: /_static/images/en-us_image_0000001515644737.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001465124712.png diff --git a/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst new file mode 100644 index 0000000..5ab4043 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst @@ -0,0 +1,36 @@ +:original_name: vpc_vpc_0009.html + +.. _vpc_vpc_0009: + +Viewing a VPC Topology +====================== + +Scenarios +--------- + +This section describes how to view the topology of a VPC. The topology displays the subnets in a VPC and the ECSs in the subnets. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the VPC list, click the name of the VPC for which the topology is to be viewed. + + The VPC details page is displayed. + +5. Click the **Topology** tab to view the VPC topology. + + The topology displays the subnets in the VPC and the ECSs in the subnets. + + You can also perform the following operations on subnets and ECSs in the topology: + + - Modify or delete a subnet. + - Add an ECS to a subnet, bind an EIP to the ECS, and change the security group of the ECS. + +.. |image1| image:: /_static/images/en-us_image_0000001221790501.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst similarity index 98% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst rename to umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst index 017c474..710dcbf 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/creating_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst @@ -27,7 +27,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -76,3 +76,4 @@ Procedure 6. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001553770733.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst similarity index 85% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst rename to umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst index 73da599..9742c64 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/deleting_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst @@ -21,7 +21,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -36,3 +36,4 @@ Procedure 6. Click **Yes** in the displayed dialog box. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503330854.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst similarity index 68% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst rename to umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst index 9b76cf9..112d518 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst @@ -17,9 +17,11 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + 4. In the navigation pane on the left, choose **VPC Flow Logs**. -5. Locate the VPC flow log to be enabled or disabled, and click **Enable** or **Disable** in the **Operation** column. +5. Locate the VPC flow log to be enabled or disabled, and choose **More** > **Enable** or **More** > **Disable** in the **Operation** column. 6. Click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503011070.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/index.rst b/umn/source/vpc_flow_log/index.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/index.rst rename to umn/source/vpc_flow_log/index.rst diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst similarity index 98% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst rename to umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst index a4d7f2f..e677c2d 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/viewing_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst @@ -23,7 +23,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -67,9 +67,9 @@ Procedure 1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd - - - - - - - 1431280876 1431280934 - SKIPDATA - :ref:`Table 1 ` describes the fields of a flow log record. + :ref:`Table 1 ` describes the fields of a flow log record. - .. _flowlog_0004__en-us_topic_0151016582_table1313851722313: + .. _flowlog_0004__table1313851722313: .. table:: **Table 1** Log field description @@ -103,7 +103,7 @@ Procedure | action | The action associated with the traffic: | ACCEPT | | | | | | | - **ACCEPT**: The recorded traffic was allowed by the security groups or firewalls. | | - | | - **REJECT**: The recorded traffic was denied by the firewalls. | | + | | - **REJECT**: The recorded traffic was denied by the security groups or firewalls. | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ | log-status | The logging status of the VPC flow log: | OK | | | | | @@ -119,3 +119,4 @@ Procedure You can enter a keyword on the log topic details page on the LTS console to search for flow log records. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503490746.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst b/umn/source/vpc_flow_log/vpc_flow_log_overview.rst similarity index 69% rename from umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst rename to umn/source/vpc_flow_log/vpc_flow_log_overview.rst index 79c20ba..98dd76b 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst +++ b/umn/source/vpc_flow_log/vpc_flow_log_overview.rst @@ -7,14 +7,14 @@ VPC Flow Log Overview A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification. -VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring the VPC flow log function. +VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring VPC flow logs. -.. _flowlog_0002__en-us_topic_0151014680_fig1535115691415: +.. _flowlog_0002__fig1535115691415: .. figure:: /_static/images/en-us_image_0162336264.png - :alt: **Figure 1** Configuring the VPC flow log function + :alt: **Figure 1** Configuring VPC flow logs - **Figure 1** Configuring the VPC flow log function + **Figure 1** Configuring VPC flow logs Notes and Constraints --------------------- diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst new file mode 100644 index 0000000..f01e01d --- /dev/null +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -0,0 +1,266 @@ +:original_name: en-us_topic_0046655038.html + +.. _en-us_topic_0046655038: + +Creating a VPC Peering Connection with a VPC in Another Account +=============================================================== + +Scenarios +--------- + +If two VPCs from the same region cannot communicate with each other, you can use a VPC peering connection. This section describes how to create a VPC peering connection between two VPCs in different accounts. + +This following describes how to create a VPC peering connection between VPC-A in account A and VPC-B in account B to enable communications between ECS-A01 and RDS-B01. + +Procedure: + +#. :ref:`Step 1: Create a VPC Peering Connection ` +#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request ` +#. :ref:`Step 3: Add Routes for the VPC Peering Connection ` +#. :ref:`Step 4: Verify Network Connectivity ` + + +.. figure:: /_static/images/en-us_image_0000001464757610.png + :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in different accounts + + **Figure 1** Networking diagram of a VPC peering connection between VPCs in different accounts + +Notes and Constraints +--------------------- + +- Only one VPC peering connection can be created between two VPCs at the same time. +- A VPC peering connection can only connect VPCs in the same region. + +- If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. + +- For a VPC peering connection between VPCs in different accounts: + + - If account A initiates a request to create a VPC peering connection with a VPC in another B, the VPC peering connection takes effect only after account B accepts the request. + - To ensure network security, do not accept VPC peering connections from unknown accounts. + +Prerequisites +------------- + +You have two VPCs in the same region. If you want to create one, see :ref:`Creating a VPC `. + +.. _en-us_topic_0046655038__section14616192294815: + +Step 1: Create a VPC Peering Connection +--------------------------------------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the upper right corner of the page, click **Create VPC Peering Connection**. + + The **Create VPC Peering Connection** dialog box is displayed. + +6. Configure the parameters as prompted. + + For details, see :ref:`Table 1 `. + + + .. figure:: /_static/images/en-us_image_0167840073.png + :alt: **Figure 2** Create VPC Peering Connection + + **Figure 2** Create VPC Peering Connection + + .. _en-us_topic_0046655038__table13425162318260: + + .. table:: **Table 1** Parameters for creating a VPC peering connection + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Parameter | Description | Example Value | + +=======================+==================================================================================================================================================================================================+==================================+ + | Name | Mandatory | peering-AB | + | | | | + | | Enter a name for the VPC peering connection. | | + | | | | + | | The name can contain a maximum of 64 characters, including letters, digits, hyphens (-), and underscores (_). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Local VPC | Mandatory | VPC-A | + | | | | + | | VPC at one end of the VPC peering connection. You can select one from the drop-down list. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Local VPC CIDR Block | CIDR block of the selected local VPC | 172.16.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Account | Mandatory | Another account | + | | | | + | | - Options: **My account** and **Another account** | | + | | - Select **Another account**. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Peer Project ID | This parameter is mandatory because **Account** is set to **Another account**. | Project ID of VPC-B in region A: | + | | | | + | | The project ID of the region that the peer VPC resides. For details about how to obtain the project ID, see :ref:`Obtaining the Peer Project ID of a VPC Peering Connection `. | 067cf8aecf3XXX08322f13b | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + | Peer VPC ID | This parameter is mandatory because **Account** is set to **Another account**. | VPC-B ID: | + | | | | + | | ID of the VPC at the other end of the VPC peering connection. For details about how to obtain the ID, see :ref:`Obtaining a VPC ID `. | 17cd7278-XXX-530c952dcf35 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+ + +7. Click **OK**. + + - If the message "Invalid VPC ID and project ID." is displayed, check whether the project ID and VPC ID are correct. + + - Peer Project ID: The value must be the project ID of the region where the peer VPC resides. + - The local and peer VPCs must be in the same region. + + - If the status of the created VPC peering connection is **Awaiting acceptance**, go to :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request `. + +.. _en-us_topic_0046655038__section497322311429: + +Step 2: Peer Account Accepts the VPC Peering Connection Request +--------------------------------------------------------------- + +After you create a VPC peering connection with a VPC in another account, you need to contact the peer account to accept the VPC peering connection request. In this example, account A notifies account B to accept the request. Account B needs to: + +#. Log in to the management console. + +#. Click |image3| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +#. In the VPC peering connection list, locate the VPC peering connection request to be accepted. + + + .. figure:: /_static/images/en-us_image_0162391155.png + :alt: **Figure 3** VPC peering connection list + + **Figure 3** VPC peering connection list + +#. Locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. + + After the status of the VPC peering connection changes to **Accepted**, the VPC peering connection is created. + +#. Go to :ref:`Step 3: Add Routes for the VPC Peering Connection `. + + .. important:: + + After a VPC peering connection is created, you must add routes to the route tables of the local and peer VPCs. Otherwise, the VPC peering connection does not take effect. + +.. _en-us_topic_0046655038__section519111175712: + +Step 3: Add Routes for the VPC Peering Connection +------------------------------------------------- + +Both accounts need to add a route to the route table of their VPC. In this example, account A adds a route to the route table of VPC-A, and account B adds a route to the route table of VPC-B. + +#. Add routes to the route table of the local VPC: + + a. In the VPC peering connection list of the local account, click the name of the target VPC peering connection. + + The **Basic Information** tab of the VPC peering connection is displayed. + + b. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + c. Click **Add Route**. + + :ref:`Table 2 ` describes the route parameters. + + .. _en-us_topic_0046655038__en-us_topic_0046655037_table97163496270: + + .. table:: **Table 2** Parameter description + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+========================================================================================================================================================+=================================+ + | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + + d. Click **OK**. + + You can view the route in the route list. + +#. Add routes to the route table of the peer VPC: + + a. In the VPC peering connection list of the peer account, click the name of the target VPC peering connection. + + The **Basic Information** tab of the VPC peering connection is displayed. + + b. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the peer VPC is displayed. + + c. Click **Add Route**. + + :ref:`Table 3 ` describes the route parameters. + + .. _en-us_topic_0046655038__en-us_topic_0046655037_table13697163914393: + + .. table:: **Table 3** Parameter description + + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+=========================================================================================================================================================+=================================+ + | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + + d. Click **OK**. + + You can view the route in the route list. + +.. _en-us_topic_0046655038__section920942154519: + +Step 4: Verify Network Connectivity +----------------------------------- + +After you add routes for the VPC peering connection, verify the communication between the local and peer VPCs. + +#. Log in to ECS-A01 in the local VPC. + +#. Check whether ECS-A01 can communicate with RDS-B01. + + **ping** *IP address of RDS-B01* + + Example command: + + **ping 172.17.0.21** + + If information similar to the following is displayed, ECS-A01 and RDS-B01 can communicate with each other, and the VPC peering connection between VPC-A and VPC-B is successfully created. + + .. code-block:: console + + [root@ecs-A02 ~]# ping 172.17.0.21 + PING 172.17.0.21 (172.17.0.21) 56(84) bytes of data. + 64 bytes from 172.17.0.21: icmp_seq=1 ttl=64 time=0.849 ms + 64 bytes from 172.17.0.21: icmp_seq=2 ttl=64 time=0.455 ms + 64 bytes from 172.17.0.21: icmp_seq=3 ttl=64 time=0.385 ms + 64 bytes from 172.17.0.21: icmp_seq=4 ttl=64 time=0.372 ms + ... + --- 172.17.0.21 ping statistics --- + + .. important:: + + - In this example, ECS-A01 and RDS-B01 are in the same security group. If the instances in different security groups, you need to add inbound rules to allow access from the peer security group. For details, see :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network `. + - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503159042.png +.. |image3| image:: /_static/images/en-us_image_0000001503478818.png diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst new file mode 100644 index 0000000..c484625 --- /dev/null +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -0,0 +1,223 @@ +:original_name: en-us_topic_0046655037.html + +.. _en-us_topic_0046655037: + +Creating a VPC Peering Connection with Another VPC in Your Account +================================================================== + +Scenarios +--------- + +If two VPCs from the same region cannot communicate with each other, you can use a VPC peering connection. This section describes how to create a VPC peering connection between two VPCs in the same account. + +This following describes how to create a VPC peering connection between VPC-A and VPC-B in account A to enable communications between ECS-A01 and RDS-B01. + +Procedure: + +#. :ref:`Step 1: Create a VPC Peering Connection ` +#. :ref:`Step 2: Add Routes for the VPC Peering Connection ` +#. :ref:`Step 3: Verify Network Connectivity ` + + +.. figure:: /_static/images/en-us_image_0000001512876289.png + :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in the same account + + **Figure 1** Networking diagram of a VPC peering connection between VPCs in the same account + +Notes and Constraints +--------------------- + +- Only one VPC peering connection can be created between two VPCs at the same time. +- A VPC peering connection can only connect VPCs in the same region. +- If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. + +Prerequisites +------------- + +You have two VPCs in the same region. If you want to create one, see :ref:`Creating a VPC `. + +.. _en-us_topic_0046655037__section143383585438: + +Step 1: Create a VPC Peering Connection +--------------------------------------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the upper right corner of the page, click **Create VPC Peering Connection**. + + The **Create VPC Peering Connection** dialog box is displayed. + +6. Configure the parameters as prompted. + + For details, see :ref:`Table 1 `. + + + .. figure:: /_static/images/en-us_image_0167839112.png + :alt: **Figure 2** Create VPC Peering Connection + + **Figure 2** Create VPC Peering Connection + + .. _en-us_topic_0046655037__table348414246354: + + .. table:: **Table 1** Parameters for creating a VPC peering connection + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==================================================================================================================================================================================================+=======================+ + | Name | Mandatory | peering-AB | + | | | | + | | Enter a name for the VPC peering connection. | | + | | | | + | | The name can contain a maximum of 64 characters, including letters, digits, hyphens (-), and underscores (_). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Local VPC | Mandatory | VPC-A | + | | | | + | | VPC at one end of the VPC peering connection. You can select one from the drop-down list. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Local VPC CIDR Block | CIDR block of the selected local VPC | 172.16.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Account | Mandatory | My account | + | | | | + | | - Options: **My account** and **Another account** | | + | | - Select **My account**. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Peer Project | The system fills in the corresponding project by default because **My account** is set to **Account**. | ab-cdef-1 | + | | | | + | | For example, if VPC-A and VPC-B are in account A and region A, the system fills in the correspond project of account A in region A by default. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Peer VPC | This parameter is mandatory if **Account** is set to **My account**. | VPC-B | + | | | | + | | VPC at the other end of the VPC peering connection. You can select one from the drop-down list. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Peer VPC CIDR Block | CIDR block of the selected peer VPC | 172.17.0.0/16 | + | | | | + | | If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. For details, see :ref:`VPC Peering Connection Usage Examples `. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +7. Click **OK**. + + A dialog box for adding routes is displayed. + +8. Click **Add Route** or **Add Later**. + + a. If you click **Add Route**, the **Local Routes** page is displayed. Then, go to :ref:`Step 2: Add Routes for the VPC Peering Connection `. + b. If you click **Add Later**, the VPC peering connection list is displayed. + + .. important:: + + After a VPC peering connection is created, you must add routes to the route tables of the local and peer VPCs. Otherwise, the VPC peering connection does not take effect. + +.. _en-us_topic_0046655037__section19655123018712: + +Step 2: Add Routes for the VPC Peering Connection +------------------------------------------------- + +#. Add routes to the route table of the local VPC: + + a. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + b. Click **Add Route**. + + :ref:`Table 2 ` describes the route parameters. + + .. _en-us_topic_0046655037__table97163496270: + + .. table:: **Table 2** Parameter description + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+========================================================================================================================================================+=================================+ + | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + + c. Click **OK**. + + You can view the route in the route list. + +2. Add routes to the route table of the peer VPC: + + a. On the **Peer Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the peer VPC is displayed. + + b. Click **Add Route**. + + :ref:`Table 3 ` describes the route parameters. + + .. _en-us_topic_0046655037__table13697163914393: + + .. table:: **Table 3** Parameter description + + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+=========================================================================================================================================================+=================================+ + | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + + c. Click **OK**. + + You can view the route in the route list. + +.. _en-us_topic_0046655037__section026312306414: + +Step 3: Verify Network Connectivity +----------------------------------- + +After you add routes for the VPC peering connection, verify the communication between the local and peer VPCs. + +#. Log in to ECS-A01 in the local VPC. + +#. Check whether ECS-A01 can communicate with RDS-B01. + + **ping** *IP address of RDS-B01* + + Example command: + + **ping 172.17.0.21** + + If information similar to the following is displayed, ECS-A01 and RDS-B01 can communicate with each other, and the VPC peering connection between VPC-A and VPC-B is successfully created. + + .. code-block:: console + + [root@ecs-A02 ~]# ping 172.17.0.21 + PING 172.17.0.21 (172.17.0.21) 56(84) bytes of data. + 64 bytes from 172.17.0.21: icmp_seq=1 ttl=64 time=0.849 ms + 64 bytes from 172.17.0.21: icmp_seq=2 ttl=64 time=0.455 ms + 64 bytes from 172.17.0.21: icmp_seq=3 ttl=64 time=0.385 ms + 64 bytes from 172.17.0.21: icmp_seq=4 ttl=64 time=0.372 ms + ... + --- 172.17.0.21 ping statistics --- + + .. important:: + + - In this example, ECS-A01 and RDS-B01 are in the same security group. If the instances in different security groups, you need to add inbound rules to allow access from the peer security group. For details, see :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network `. + - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503318922.png diff --git a/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst new file mode 100644 index 0000000..c56f0d9 --- /dev/null +++ b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst @@ -0,0 +1,41 @@ +:original_name: vpc_peering_0003.html + +.. _vpc_peering_0003: + +Deleting a VPC Peering Connection +================================= + +Scenarios +--------- + +This section describes how to delete a VPC peering connection. + +Either owner of a VPC in a peering connection can delete the VPC peering connection in any state. + +Notes and Constraints +--------------------- + +The owner of either VPC in a peering connection can delete the VPC peering connection at any time. Deleting a VPC peering connection will also delete all information about this connection, including the routes in the local and peer VPC route tables added for the connection. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +6. Click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst new file mode 100644 index 0000000..4ad2cf0 --- /dev/null +++ b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst @@ -0,0 +1,99 @@ +:original_name: vpc_peering_0006.html + +.. _vpc_peering_0006: + +Deleting Routes Configured for a VPC Peering Connection +======================================================= + +Scenarios +--------- + +This section describes how to delete routes from the route tables of the local and peer VPCs connected by a VPC peering connection. + +- :ref:`Deleting Routes of a VPC Peering Connection Between VPCs in the Same Account ` +- :ref:`Deleting Routes of a VPC Peering Connection Between VPCs in Different Accounts ` + +.. _vpc_peering_0006__section26541722111813: + +Deleting Routes of a VPC Peering Connection Between VPCs in the Same Account +---------------------------------------------------------------------------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +#. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + +#. Delete the route added to the route table of the local VPC: + + a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + + c. Click **Yes**. + +#. Delete the route added to the route table of the peer VPC: + + a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the peer VPC is displayed. + + b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + + c. Click **Yes**. + +.. _vpc_peering_0006__section47866392497: + +Deleting Routes of a VPC Peering Connection Between VPCs in Different Accounts +------------------------------------------------------------------------------ + +Only the account owner of a VPC in a VPC peering connection can delete the routes added for the connection. + +#. .. _vpc_peering_0006__li4105938135810: + + Log in to the management console using the account of the local VPC and delete the route of the local VPC: + + a. Click |image3| in the upper left corner and select the desired region and project. + + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + + d. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + + e. Delete the route added to the route table of the local VPC: + + #. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + #. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + + #. Click **Yes**. + +#. Log in to the management console using the account of the peer VPC and delete the route of the peer VPC by referring to :ref:`1 `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503330858.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001553770737.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/index.rst b/umn/source/vpc_peering_connection/index.rst similarity index 58% rename from umn/source/operation_guide_new_console_edition/vpc_peering_connection/index.rst rename to umn/source/vpc_peering_connection/index.rst index 1708859..784dd8b 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/index.rst +++ b/umn/source/vpc_peering_connection/index.rst @@ -5,26 +5,30 @@ VPC Peering Connection ====================== -- :ref:`VPC Peering Connection Creation Procedure ` -- :ref:`VPC Peering Connection Configuration Plans ` +- :ref:`VPC Peering Connection Overview ` +- :ref:`VPC Peering Connection Usage Examples ` - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` - :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` -- :ref:`Viewing VPC Peering Connections ` +- :ref:`Obtaining the Peer Project ID of a VPC Peering Connection ` - :ref:`Modifying a VPC Peering Connection ` +- :ref:`Viewing VPC Peering Connections ` - :ref:`Deleting a VPC Peering Connection ` +- :ref:`Modifying Routes Configured for a VPC Peering Connection ` - :ref:`Viewing Routes Configured for a VPC Peering Connection ` -- :ref:`Deleting a VPC Peering Route ` +- :ref:`Deleting Routes Configured for a VPC Peering Connection ` .. toctree:: :maxdepth: 1 :hidden: - vpc_peering_connection_creation_procedure - vpc_peering_connection_configuration_plans + vpc_peering_connection_overview + vpc_peering_connection_usage_examples creating_a_vpc_peering_connection_with_another_vpc_in_your_account creating_a_vpc_peering_connection_with_a_vpc_in_another_account - viewing_vpc_peering_connections + obtaining_the_peer_project_id_of_a_vpc_peering_connection modifying_a_vpc_peering_connection + viewing_vpc_peering_connections deleting_a_vpc_peering_connection + modifying_routes_configured_for_a_vpc_peering_connection viewing_routes_configured_for_a_vpc_peering_connection - deleting_a_vpc_peering_route + deleting_routes_configured_for_a_vpc_peering_connection diff --git a/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst new file mode 100644 index 0000000..e6f3d76 --- /dev/null +++ b/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst @@ -0,0 +1,36 @@ +:original_name: vpc_peering_0002.html + +.. _vpc_peering_0002: + +Modifying a VPC Peering Connection +================================== + +Scenarios +--------- + +This section describes how to modify the name of a VPC peering connection. + +Either owner of a VPC in a peering connection can modify the VPC peering connection in any state. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Modify** in the **Operation** column. + + The **Modify VPC Peering Connection** dialog box is displayed. + +6. Modify the VPC peering connection information and click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst new file mode 100644 index 0000000..5004df6 --- /dev/null +++ b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst @@ -0,0 +1,101 @@ +:original_name: vpc_peering_0007.html + +.. _vpc_peering_0007: + +Modifying Routes Configured for a VPC Peering Connection +======================================================== + +Scenarios +--------- + +This section describes how to modify the routes added for a VPC peering connection in the route tables of the local and peer VPCs. + +- :ref:`Modifying Routes of a VPC Peering Connection Between VPCs in the Same Account ` +- :ref:`Modifying Routes of a VPC Peering Connection Between VPCs in Different Accounts ` + +You can follow the instructions provided in this section to modify routes based on your requirements. + +.. _vpc_peering_0007__section26541722111813: + +Modifying Routes of a VPC Peering Connection Between VPCs in the Same Account +----------------------------------------------------------------------------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +#. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + +#. Modify the route added to the route table of the local VPC: + + a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + b. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. + + The **Modify Route** dialog box is displayed. + + c. Modify the route and click **OK**. + +#. Modify the route added to the route table of the peer VPC: + + a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the peer VPC is displayed. + + b. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. + + The **Modify Route** dialog box is displayed. + + c. Modify the route and click **OK**. + +.. _vpc_peering_0007__section47866392497: + +Modifying Routes of a VPC Peering Connection Between VPCs in Different Accounts +------------------------------------------------------------------------------- + +Only the account owner of a VPC can modify the routes added for the connection. + +#. .. _vpc_peering_0007__li4105938135810: + + Log in to the management console using the account of the local VPC and modify the route of the local VPC: + + a. Click |image3| in the upper left corner and select the desired region and project. + + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + + d. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + + e. Modify the route added to the route table of the local VPC: + + #. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + + The **Summary** tab of the default route table for the local VPC is displayed. + + #. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. + + The **Modify Route** dialog box is displayed. + + #. Modify the route and click **OK**. + +#. Log in to the management console using the account of the peer VPC and modify the route of the peer VPC by referring to :ref:`1 `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001554010649.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001553650757.png diff --git a/umn/source/vpc_peering_connection/obtaining_the_peer_project_id_of_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/obtaining_the_peer_project_id_of_a_vpc_peering_connection.rst new file mode 100644 index 0000000..dbcdf54 --- /dev/null +++ b/umn/source/vpc_peering_connection/obtaining_the_peer_project_id_of_a_vpc_peering_connection.rst @@ -0,0 +1,21 @@ +:original_name: vpc_peering_0005.html + +.. _vpc_peering_0005: + +Obtaining the Peer Project ID of a VPC Peering Connection +========================================================= + +Scenarios +--------- + +If you create a VPC peering connection between two VPCs in different accounts, you can refer to this section to obtain the project ID of the region that the peer VPC resides. + +Procedure +--------- + +#. Log in to the management console. + + The owner of the peer account logs in to the management console. + +2. Select **My Credentials** from the username drop-down list. +3. In the project list, obtain the project ID. diff --git a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst new file mode 100644 index 0000000..b8fb49f --- /dev/null +++ b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -0,0 +1,72 @@ +:original_name: vpc_peering_0004.html + +.. _vpc_peering_0004: + +Viewing Routes Configured for a VPC Peering Connection +====================================================== + +Scenarios +--------- + +This section describes how to view the routes added to the route tables of local and peer VPCs of a VPC peering connection. + +- :ref:`Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account ` +- :ref:`Viewing Routes of a VPC Peering Connection Between VPCs in Different Accounts ` + +If two VPCs cannot communicate through a VPC peering connection, you can check the routes added for the local and peer VPCs by following the instructions provided in this section. + +.. _vpc_peering_0004__section1865779319727: + +Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account +--------------------------------------------------------------------------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + +6. View the routes added for the VPC peering connection: + + a. Click the **Local Routes** tab to view the local route added for the VPC peering connection. + b. Click the **Peer Routes** tab to view the peer route added for the VPC peering connection. + +.. _vpc_peering_0004__section92403501475: + +Viewing Routes of a VPC Peering Connection Between VPCs in Different Accounts +----------------------------------------------------------------------------- + +Only the account owner of a VPC in a VPC peering connection can view the routes added for the connection. + +#. .. _vpc_peering_0004__li4105938135810: + + Log in to the management console using the account of the local VPC and view the route of the local VPC: + + a. Click |image3| in the upper left corner and select the desired region and project. + + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + + d. In the VPC peering connection list, click the name of the target VPC peering connection. + + The page showing the VPC peering connection details is displayed. + + e. Click the **Local Routes** tab to view the local route added for the VPC peering connection. + +#. Log in to the management console using the account of the peer VPC and view the route of the peer VPC by referring to :ref:`1 `. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503011074.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001503490750.png diff --git a/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst new file mode 100644 index 0000000..5f7f8cc --- /dev/null +++ b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst @@ -0,0 +1,34 @@ +:original_name: vpc_peering_0001.html + +.. _vpc_peering_0001: + +Viewing VPC Peering Connections +=============================== + +Scenarios +--------- + +This section describes how to view basic information about a VPC peering connection, including the connection name, status, and information about the local and peer VPCs. + +If a VPC peering connection is created between two VPCs in different accounts, both the local and peer accounts can view information about the VPC peering connection. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. + + The VPC peering connection list is displayed. + +5. In the VPC peering connection list, click the name of the target VPC peering connection. + + On the displayed page, view details about the VPC peering connection. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst new file mode 100644 index 0000000..41b0c55 --- /dev/null +++ b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst @@ -0,0 +1,63 @@ +:original_name: en-us_topic_0046655036.html + +.. _en-us_topic_0046655036: + +VPC Peering Connection Overview +=============================== + +What Is a VPC Peering Connection? +--------------------------------- + +A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. + +- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples `. + +:ref:`Figure 1 ` shows an application scenario of VPC peering connections. + +- There are two VPCs (VPC-A and VPC-B) in region A that are not connected. +- Service servers (ECS-A01 and ECS-A02) are in VPC-A, and database servers (RDS-B01 and RDS-B02) are in VPC-B. The service servers and database servers cannot communicate with each other. + +- You need to create a VPC peering connection (peering-AB) between VPC-A and VPC-B so the service servers and database servers can communicate with each other. + +.. _en-us_topic_0046655036__fig4721642193711: + +.. figure:: /_static/images/en-us_image_0000001512591549.png + :alt: **Figure 1** VPC peering connection network diagram + + **Figure 1** VPC peering connection network diagram + +VPC Peering Connection Creation Process +--------------------------------------- + +A VPC peering connection can only connect VPCs in the same region. + +- If two VPCs are in the same account, the process of creating a VPC peering connection is shown in :ref:`Figure 2 `. + + For details about how to create a VPC peering connection, see :ref:`Creating a VPC Peering Connection with Another VPC in Your Account `. + + .. _en-us_topic_0046655036__en-us_topic_0000001154868962_fig10285152624918: + + .. figure:: /_static/images/en-us_image_0000001512701025.png + :alt: **Figure 2** Process of creating a VPC peering connection between VPCs in the same account + + **Figure 2** Process of creating a VPC peering connection between VPCs in the same account + +- If two VPCs are in different accounts, the process of creating a VPC peering connection is shown in :ref:`Figure 3 `. + + For details about how to create a VPC peering connection, see :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. + + If account A initiates a request to create a VPC peering connection with a VPC in account B, the VPC peering connection takes effect only after account B accepts the request. + + .. _en-us_topic_0046655036__fig16137161191713: + + .. figure:: /_static/images/en-us_image_0000001462622484.png + :alt: **Figure 3** Process of creating a VPC peering connection between VPCs in different accounts + + **Figure 3** Process of creating a VPC peering connection between VPCs in different accounts + +Notes and Constraints +--------------------- + +- A VPC peering connection can only connect VPCs in the same region. +- If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. +- A VPC cannot use EIPs of its peered VPC for Internet access. For example, if VPC A is peered with VPC B that has EIPs, VPC A cannot use EIPs in VPC B to access the Internet. diff --git a/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst b/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst new file mode 100644 index 0000000..7ea19dd --- /dev/null +++ b/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst @@ -0,0 +1,258 @@ +:original_name: en-us_topic_0046809840.html + +.. _en-us_topic_0046809840: + +VPC Peering Connection Usage Examples +===================================== + +A VPC peering connection is a networking connection between two VPCs and enables them to communicate. :ref:`Table 1 ` lists different scenarios of using VPC peering connections. + +.. _en-us_topic_0046809840__table18339193642913: + +.. table:: **Table 1** VPC peering connection usage examples + + +-------------------------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+ + | Location | CIDR Block | Description | Usage Example | + +=========================+===============================================+================================================================================================================================================+===================================================================================================================+ + | VPCs in the same region | - VPC CIDR blocks do not overlap. | You can create VPC peering connections to connect entire CIDR blocks of VPCs. Then, all resources in the VPCs can communicate with each other. | - :ref:`Peering Two or More VPCs ` | + | | - Subnet CIDR blocks of VPCs do not overlap. | | - :ref:`Peering One Central VPC with Multiple VPCs ` | + +-------------------------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+ + | VPCs in the same region | - VPC CIDR blocks overlap. | You can create VPC peering connections to connect specific subnets or ECSs from different VPCs. | - :ref:`Peering Two VPCs with Overlapping CIDR Blocks ` | + | | - Some subnet CIDR blocks overlap. | | | + | | | - To connect specific subnets from two VPCs, the subnet CIDR blocks cannot overlap. | | + | | | - To connect specific ECSs from two VPCs, each ECS must have a unique private IP address. | | + +-------------------------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+ + | | | | - :ref:`Peering ECSs in a Central VPC with ECSs in Two Other VPCs ` | + +-------------------------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+ + | VPCs in the same region | - VPC CIDR blocks overlap. | VPC peering connections are not usable. | - :ref:`Invalid VPC Peering Connections ` | + | | - All subnet CIDR blocks overlap. | | | + +-------------------------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+ + +.. _en-us_topic_0046809840__section1450741418179: + +Peering Two or More VPCs +------------------------ + +- Two VPCs peered together: :ref:`Figure 1 ` shows the networking diagram of a VPC peering connection that connects VPC-A and VPC-B. + + .. _en-us_topic_0046809840__fig465519155457: + + .. figure:: /_static/images/en-us_image_0000001207827554.png + :alt: **Figure 1** Networking diagram (IPv4) + + **Figure 1** Networking diagram (IPv4) + + .. table:: **Table 2** Peering relationships (IPv4) + + =========================== ======================= ========= ======== + Peering Relationship Peering Connection Name Local VPC Peer VPC + =========================== ======================= ========= ======== + VPC-A is peered with VPC-B. Peering-AB VPC-A VPC-B + =========================== ======================= ========= ======== + + .. table:: **Table 3** VPC route tables (IPv4) + + +-------------+---------------+------------+------------+---------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+===============+============+============+=============================================================================================+ + | rtb-VPC-A | 10.0.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-B as the destination and Peering-AB as the next hop. | + +-------------+---------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 172.16.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AB as the next hop. | + +-------------+---------------+------------+------------+---------------------------------------------------------------------------------------------+ + +- Multiple VPCs peered together: :ref:`Figure 2 ` shows the networking diagram of VPC peering connections that connect VPC-A, VPC-B, and VPC-C. + + .. _en-us_topic_0046809840__fig2032313286441: + + .. figure:: /_static/images/en-us_image_0000001207699446.png + :alt: **Figure 2** Networking diagram (IPv4) + + **Figure 2** Networking diagram (IPv4) + + .. table:: **Table 4** Peering relationships (IPv4) + + =========================== ======================= ========= ======== + Peering Relationship Peering Connection Name Local VPC Peer VPC + =========================== ======================= ========= ======== + VPC-A is peered with VPC-B. Peering-AB VPC-A VPC-B + VPC-A is peered with VPC-C. Peering-AC VPC-A VPC-C + VPC-B is peered with VPC-C. Peering-BC VPC-B VPC-C + =========================== ======================= ========= ======== + + .. table:: **Table 5** VPC route tables (IPv4) + + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+================+============+============+=============================================================================================+ + | rtb-VPC-A | 10.0.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-B as the destination and Peering-AB as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 192.168.0.0/16 | Peering-AC | Custom | Add a route with the CIDR block of VPC-C as the destination and Peering-AC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 172.16.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AB as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 192.168.0.0/16 | Peering-BC | Custom | Add a route with the CIDR block of VPC-C as the destination and Peering-BC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-C | 172.16.0.0/16 | Peering-AC | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.0.0.0/16 | Peering-BC | Custom | Add a route with the CIDR block of VPC-B as the destination and Peering-BC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + +.. _en-us_topic_0046809840__section51284316142: + +Peering One Central VPC with Multiple VPCs +------------------------------------------ + +:ref:`Figure 3 ` shows the networking diagram of VPC peering connections that connect VPC-B, VPC-C, VPC-D, VPC-E, VPC-F, VPC-G, and central VPC-A. + +.. _en-us_topic_0046809840__fig724664185: + +.. figure:: /_static/images/en-us_image_0000001208260576.png + :alt: **Figure 3** Networking diagram (IPv4) + + **Figure 3** Networking diagram (IPv4) + +.. table:: **Table 6** Peering relationships (IPv4) + + =========================== ======================= ========= ======== + Peering Relationship Peering Connection Name Local VPC Peer VPC + =========================== ======================= ========= ======== + VPC-A is peered with VPC-B. Peering-AB VPC-A VPC-B + VPC-A is peered with VPC-C. Peering-AC VPC-A VPC-C + VPC-A is peered with VPC-D. Peering-AD VPC-A VPC-D + VPC-A is peered with VPC-E. Peering-AE VPC-A VPC-E + VPC-A is peered with VPC-F. Peering-AF VPC-A VPC-F + VPC-A is peered with VPC-G. Peering-AG VPC-A VPC-G + =========================== ======================= ========= ======== + +.. table:: **Table 7** VPC route table details (IPv4) + + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+================+============+============+=============================================================================================+ + | rtb-VPC-A | 10.0.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-B as the destination and Peering-AB as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 192.168.0.0/16 | Peering-AC | Custom | Add a route with the CIDR block of VPC-C as the destination and Peering-AC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.2.0.0/16 | Peering-AD | Custom | Add a route with the CIDR block of VPC-D as the destination and Peering-AD as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.3.0.0/16 | Peering-AE | Custom | Add a route with the CIDR block of VPC-E as the destination and Peering-AE as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 172.17.0.0/16 | Peering-AF | Custom | Add a route with the CIDR block of VPC-F as the destination and Peering-AF as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.4.0.0/16 | Peering-AG | Custom | Add a route with the CIDR block of VPC-G as the destination and Peering-AG as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 172.16.0.0/16 | Peering-AB | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AB as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-C | 172.16.0.0/16 | Peering-AC | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AC as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-D | 172.16.0.0/16 | Peering-AD | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AD as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-E | 172.16.0.0/16 | Peering-AE | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AE as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-F | 172.16.0.0/16 | Peering-AF | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AF as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-G | 172.16.0.0/16 | Peering-AG | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AG as the next hop. | + +-------------+----------------+------------+------------+---------------------------------------------------------------------------------------------+ + +.. _en-us_topic_0046809840__section6703221192012: + +Peering Two VPCs with Overlapping CIDR Blocks +--------------------------------------------- + +As shown in :ref:`Figure 4 `, VPC-A and VPC-B have overlapping CIDR blocks, and their Subnet-A01 and Subnet-B01 also have overlapping CIDR blocks. In this case, a VPC peering connection can connect their Subnet-A02 and Subnet-B02 that do not overlap with each other. + +.. _en-us_topic_0046809840__fig06955277200: + +.. figure:: /_static/images/en-us_image_0000001521533677.png + :alt: **Figure 4** Networking diagram (IPv4) + + **Figure 4** Networking diagram (IPv4) + +.. table:: **Table 8** Peering relationships (IPv4) + + =========================== ======================= ========= ======== + Peering Relationship Peering Connection Name Local VPC Peer VPC + =========================== ======================= ========= ======== + VPC-A is peered with VPC-B. Peering-AB VPC-A VPC-B + =========================== ======================= ========= ======== + +.. table:: **Table 9** VPC route table details (IPv4) + + +-------------+-------------+------------+------------+--------------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+=============+============+============+==================================================================================================+ + | rtb-VPC-A | 10.0.2.0/24 | Peering-AB | Custom | Add a route with the CIDR block of Subnet-B02 as the destination and Peering-AB as the next hop. | + +-------------+-------------+------------+------------+--------------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 10.0.1.0/24 | Peering-AB | Custom | Add a route with the CIDR block of Subnet-A02 as the destination and Peering-AB as the next hop. | + +-------------+-------------+------------+------------+--------------------------------------------------------------------------------------------------+ + +.. _en-us_topic_0046809840__section654114220445: + +Peering ECSs in a Central VPC with ECSs in Two Other VPCs +--------------------------------------------------------- + +As shown in :ref:`Figure 5 `, VPC-B and VPC-C have overlapping CIDR blocks, and their Subnet-B01 and Subnet-BC01 have overlapping CIDR blocks. In this case, the VPC peering connection can connect ECSs in Subnet-B01 and Subnet-A01, and ECSs in Subnet-C01 and Subnet-A01. + +.. _en-us_topic_0046809840__fig568511518481: + +.. figure:: /_static/images/en-us_image_0000001209442636.png + :alt: **Figure 5** Networking diagram (IPv4) + + **Figure 5** Networking diagram (IPv4) + +.. table:: **Table 10** Peering relationships (IPv4) + + +-----------------------------------------------------+-------------------------+-----------+----------+ + | Peering Relationship | Peering Connection Name | Local VPC | Peer VPC | + +=====================================================+=========================+===========+==========+ + | ECS-A01-1 in VPC-A is peered with ECS-B01 in VPC-B. | Peering-AB | VPC-A | VPC-B | + +-----------------------------------------------------+-------------------------+-----------+----------+ + | ECS-A01-2 in VPC-A is peered with ECS-C01 in VPC-C. | Peering-AC | VPC-A | VPC-C | + +-----------------------------------------------------+-------------------------+-----------+----------+ + +.. table:: **Table 11** VPC route table details (IPv4) + + +-------------+-----------------+------------+------------+---------------------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+=================+============+============+=========================================================================================================+ + | rtb-VPC-A | 10.0.0.139/32 | Peering-AB | Custom | Add a route with the private IP address of ECS-B01 as the destination and Peering-AB as the next hop. | + +-------------+-----------------+------------+------------+---------------------------------------------------------------------------------------------------------+ + | | 10.0.0.71/32 | Peering-AC | Custom | Add a route with the private IP address of ECS-C01 as the destination and Peering-AC as the next hop. | + +-------------+-----------------+------------+------------+---------------------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 172.16.0.111/32 | Peering-AB | Custom | Add a route with the private IP address of ECS-A01-1 as the destination and Peering-AB as the next hop. | + +-------------+-----------------+------------+------------+---------------------------------------------------------------------------------------------------------+ + | rtb-VPC-C | 172.16.0.218/32 | Peering-AC | Custom | Add a route with the private IP address of ECS-A01-2 as the destination and Peering-AC as the next hop. | + +-------------+-----------------+------------+------------+---------------------------------------------------------------------------------------------------------+ + +.. _en-us_topic_0046809840__section0306616175518: + +Invalid VPC Peering Connections +------------------------------- + +If VPCs with the same CIDR block also include subnets that overlap, VPC peering connections are not usable. VPC-A and VPC-B have the same CIDR block and their subnets have the same CIDR block. If a VPC peering connection is created between VPC-A and VPC-B, traffic cannot be routed between them because there are routes with the same destination. + +In the rtb-VPC-A route table, the custom route for routing traffic from VPC-A to VPC-B and the local route have overlapping destinations. The local route has a higher priority and traffic will be forwarded within VPC-A and cannot reach VPC-B. + + +.. figure:: /_static/images/en-us_image_0000001254335981.png + :alt: **Figure 6** Networking diagram (IPv4) + + **Figure 6** Networking diagram (IPv4) + +.. table:: **Table 12** VPC route table details + + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Route Type | Description | + +=============+=====================+============+============+=============================================================================================+ + | rtb-VPC-A | 10.0.0.0/24 | Local | System | Local routes are automatically added for communications within a VPC. | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.0.1.0/24 | Local | System | | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.0.0.0/16 (VPC-B) | Peering-AB | Custom | Add a route with the CIDR block of VPC-B as the destination and Peering-AB as the next hop. | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | rtb-VPC-B | 10.0.0.0/24 | Local | System | Local routes are automatically added for communications within a VPC. | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.0.1.0/24 | Local | System | | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+ + | | 10.0.0.0/16 (VPC-A) | Peering-AB | Custom | Add a route with the CIDR block of VPC-A as the destination and Peering-AB as the next hop. | + +-------------+---------------------+------------+------------+---------------------------------------------------------------------------------------------+