From 0b15f652d11faa5c591eb83016a432148b409baf Mon Sep 17 00:00:00 2001 From: OpenTelekomCloud Proposal Bot Date: Thu, 22 Feb 2024 02:34:41 +0000 Subject: [PATCH] Update content --- .../images/en-us_image_0000001429281925.png | Bin 0 -> 1004 bytes .../images/en-us_image_0000001429973081.png | Bin 0 -> 1004 bytes .../images/en-us_image_0000001626574374.png | Bin 0 -> 128 bytes .../images/en-us_image_0000001627054074.png | Bin 0 -> 128 bytes ..._between_security_groups_and_firewalls.rst | 6 +- .../firewall/firewall_overview.rst | 2 +- umn/source/change_history.rst | 12 ++-- umn/source/faq/bandwidth/index.rst | 4 +- ...ated_bandwidth_and_a_shared_bandwidth.rst} | 4 +- umn/source/faq/eips/index.rst | 2 + ...etween_5_bgp_5_mailbgp_and_5_gray_eips.rst | 26 +++++++ ...t_immediately_for_existing_connections.rst | 2 +- ..._connected_by_a_vpc_peering_connection.rst | 6 +- .../step_2_create_a_subnet_for_the_vpc.rst | 2 + .../step_2_create_a_subnet_for_the_vpc.rst | 2 + .../service_overview/product_advantages.rst | 2 +- .../ipv4_and_ipv6_dual-stack_network.rst | 6 +- .../subnet/creating_a_subnet_for_the_vpc.rst | 2 + ...g_a_secondary_ipv4_cidr_block_to_a_vpc.rst | 64 ++++++++++++++++++ ...a_secondary_ipv4_cidr_block_from_a_vpc.rst | 36 ++++++++++ umn/source/vpc_and_subnet/vpc/index.rst | 4 ++ 21 files changed, 162 insertions(+), 20 deletions(-) create mode 100644 umn/source/_static/images/en-us_image_0000001429281925.png create mode 100644 umn/source/_static/images/en-us_image_0000001429973081.png create mode 100644 umn/source/_static/images/en-us_image_0000001626574374.png create mode 100644 umn/source/_static/images/en-us_image_0000001627054074.png rename umn/source/faq/bandwidth/{what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst => what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst} (80%) create mode 100644 umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst create mode 100644 umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst create mode 100644 umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst diff --git a/umn/source/_static/images/en-us_image_0000001429281925.png b/umn/source/_static/images/en-us_image_0000001429281925.png new file mode 100644 index 0000000000000000000000000000000000000000..1909444d23d92a3a6566bca91ce065d14dbda919 GIT binary patch literal 1004 zcmeAS@N?(olHy`uVBq!ia0vp^Vj#@H3?x5i&EaHVU}gyL32_B-i2;l_022maMg=TL zfE5PVkN`UjaKHd37;wP=HyH51052HufdM}l2!Meg7zlxZFc^q{fvBjc7#N6yfrNyF zBp676fwZ)=3>e7D%F2O(yu7@Ef`TF#C@Co^gMo^QimIxrnwpwA7-(o{XliO|X=!PL zfsT%juCA`0o}RwGz5y5*8X6iI85tWJo0yoGnwpxKnVFlLTUc0FT3T9JSy@|K+kkCcvmzTGP*6~CaBxUSNN8wiSXfv@L_}m{WK>jCbaZq~OiWx{Tzq_dLPA1fVq$V~a!N`{ zYHDg)T3SX%MrLMaR#sMac6M%VZeCtqetv#oVPR2GQAtTjX=!O$Sy@FzMP+4WRaI3@ zO-*fWZGC-xLqkJTQ&V$ub4yE0TU%RudwXYRXIEEOPft&8Z*PBp|AYw>CQX_&dGh3` zQ>RX!K7GcF8M9{1nmv2=+_`h-&!4|w!GcAL7A;=9cQ>uk5sDH4e!pN zM?2c%!f)$Moqn;JbAR{#-LH2<-aWd<6M=_Uy)Vz z>Gb1s+(~DB#NsS6_)g4`cRj>@b~4MGr%TsH2#HlrdJFVdQ&MBb@08(^UA^-pY literal 0 HcmV?d00001 diff --git a/umn/source/_static/images/en-us_image_0000001429973081.png b/umn/source/_static/images/en-us_image_0000001429973081.png new file mode 100644 index 0000000000000000000000000000000000000000..1909444d23d92a3a6566bca91ce065d14dbda919 GIT binary patch literal 1004 zcmeAS@N?(olHy`uVBq!ia0vp^Vj#@H3?x5i&EaHVU}gyL32_B-i2;l_022maMg=TL zfE5PVkN`UjaKHd37;wP=HyH51052HufdM}l2!Meg7zlxZFc^q{fvBjc7#N6yfrNyF zBp676fwZ)=3>e7D%F2O(yu7@Ef`TF#C@Co^gMo^QimIxrnwpwA7-(o{XliO|X=!PL zfsT%juCA`0o}RwGz5y5*8X6iI85tWJo0yoGnwpxKnVFlLTUc0FT3T9JSy@|K+kkCcvmzTGP*6~CaBxUSNN8wiSXfv@L_}m{WK>jCbaZq~OiWx{Tzq_dLPA1fVq$V~a!N`{ zYHDg)T3SX%MrLMaR#sMac6M%VZeCtqetv#oVPR2GQAtTjX=!O$Sy@FzMP+4WRaI3@ zO-*fWZGC-xLqkJTQ&V$ub4yE0TU%RudwXYRXIEEOPft&8Z*PBp|AYw>CQX_&dGh3` zQ>RX!K7GcF8M9{1nmv2=+_`h-&!4|w!GcAL7A;=9cQ>uk5sDH4e!pN zM?2c%!f)$Moqn;JbAR{#-LH2<-aWd<6M=_Uy)Vz z>Gb1s+(~DB#NsS6_)g4`cRj>@b~4MGr%TsH2#HlrdJFVdQ&MBb@08(^UA^-pY literal 0 HcmV?d00001 diff --git a/umn/source/_static/images/en-us_image_0000001626574374.png b/umn/source/_static/images/en-us_image_0000001626574374.png new file mode 100644 index 0000000000000000000000000000000000000000..d8f9804a86ba17c29671c2e708ea7d8a55e9e102 GIT binary patch literal 128 zcmeAS@N?(olHy`uVBq!ia0vp^l0YoR!3HEv_nU76QtqBEjv*eM$$$R;|6k80#jF+; z?O^U55wJ5{BC7O~q*zc+j>O?r+CO>N0_0+A4p~TjRK7gvqKc1@gq@&$jgF-6A(h65 b!XFtDtmNgH8Ra{GMlyK1`njxgN@xNAeY7O< literal 0 HcmV?d00001 diff --git a/umn/source/_static/images/en-us_image_0000001627054074.png b/umn/source/_static/images/en-us_image_0000001627054074.png new file mode 100644 index 0000000000000000000000000000000000000000..d8f9804a86ba17c29671c2e708ea7d8a55e9e102 GIT binary patch literal 128 zcmeAS@N?(olHy`uVBq!ia0vp^l0YoR!3HEv_nU76QtqBEjv*eM$$$R;|6k80#jF+; z?O^U55wJ5{BC7O~q*zc+j>O?r+CO>N0_0+A4p~TjRK7gvqKc1@gq@&$jgF-6A(h65 b!XFtDtmNgH8Ra{GMlyK1`njxgN@xNAeY7O< literal 0 HcmV?d00001 diff --git a/umn/source/access_control/differences_between_security_groups_and_firewalls.rst b/umn/source/access_control/differences_between_security_groups_and_firewalls.rst index 0c81d64..f68e72b 100644 --- a/umn/source/access_control/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/access_control/differences_between_security_groups_and_firewalls.rst @@ -5,10 +5,10 @@ Differences Between Security Groups and Firewalls ================================================= -You can configure firewall and security group rules to protect the instances in your VPC, such as ECSs, databases, and CCI pods. +You can configure firewall and security group rules to protect the instances in your VPC, such as ECSs, databases, and CCI instances. - A security group protects the instances in it. -- A Firewall protects associated subnets and all the resources in the subnets. +- A firewall protects associated subnets and all the resources in the subnets. For details, see :ref:`Figure 1 `. @@ -28,7 +28,7 @@ For details, see :ref:`Figure 1 `. +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Category | Security Group | Firewall | +=======================+========================================================================================================================================================================+===========================================================================================================================================================================================================================================================+ - | Protection Scope | Protects instances in a security group, such as ECSs, databases, and CCI. | Protects subnets and all the instances in the subnets. | + | Protection Scope | Protects instances in a security group, such as ECSs, databases, and CCI instances. | Protects subnets and all the instances in the subnets. | +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Rules | Does not support **Allow** or **Deny** rules. | Supports both **Allow** and **Deny** rules. | +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/access_control/firewall/firewall_overview.rst b/umn/source/access_control/firewall/firewall_overview.rst index 53fb1b1..369179a 100644 --- a/umn/source/access_control/firewall/firewall_overview.rst +++ b/umn/source/access_control/firewall/firewall_overview.rst @@ -31,7 +31,7 @@ Firewall Basics - Firewalls use connection tracking to track traffic to and from instances. Changes to inbound and outbound rules do not take effect immediately for the existing traffic. - If you add, modify, or delete a firewall rule, or associate or diassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected New rules will only be applied for the new connections. + If you add, modify, or delete a firewall rule, or associate or disassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected. New rules will only be applied for the new connections. .. important:: diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 4358322..1132467 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -8,6 +8,10 @@ Change History +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Released On | Description | +===================================+====================================================================================================================================================================================================================================================================================================================================+ +| 2024-02-18 | This release incorporates the following changes: | +| | | +| | Added :ref:`Adding a Secondary IPv4 CIDR Block to a VPC `, :ref:`Deleting a Secondary IPv4 CIDR Block from a VPC `, and :ref:`What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? ` | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2024-02-02 | This release incorporates the following changes: | | | | | | Modified figures in :ref:`Creating a Custom Route Table ` and :ref:`Adding a Custom Route `. | @@ -22,8 +26,8 @@ Change History +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2023-12-19 | This release incorporates the following changes: | | | | -| | - Added screenshots in :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? `. | -| | - Modified the table in :ref:`Why Can't I Delete My VPCs and Subnets? `. | +| | - Added screenshots in :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? ` | +| | - Modified the table in :ref:`Why Can't I Delete My VPCs and Subnets? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2023-12-18 | This release incorporates the following changes: | | | | @@ -138,7 +142,7 @@ Change History | | | | | Updated the following content: | | | | -| | Modified links in :ref:`What Is Virtual Private Cloud? ` and :ref:`Can I Bind an EIP to Multiple ECSs? `. | +| | Modified links in :ref:`What Is Virtual Private Cloud? ` and :ref:`Can I Bind an EIP to Multiple ECSs? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2023-01-10 | This release incorporates the following changes: | | | | @@ -196,7 +200,7 @@ Change History | 2021-03-16 | Added the following FAQ: | | | | | | - :ref:`What Bandwidth Types Are Available? ` | -| | - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` | +| | - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2020-12-16 | This release incorporates the following changes: | | | | diff --git a/umn/source/faq/bandwidth/index.rst b/umn/source/faq/bandwidth/index.rst index b35debe..beaf7b9 100644 --- a/umn/source/faq/bandwidth/index.rst +++ b/umn/source/faq/bandwidth/index.rst @@ -7,7 +7,7 @@ Bandwidth - :ref:`What Is the Bandwidth Size Range? ` - :ref:`What Bandwidth Types Are Available? ` -- :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` +- :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? ` .. toctree:: :maxdepth: 1 @@ -15,4 +15,4 @@ Bandwidth what_is_the_bandwidth_size_range what_bandwidth_types_are_available - what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around + what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth diff --git a/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst similarity index 80% rename from umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst rename to umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst index 0808781..869082d 100644 --- a/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst +++ b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst @@ -2,8 +2,8 @@ .. _faq_bandwidth_0003: -What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? -================================================================================================================================================================== +What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? +============================================================================== A dedicated bandwidth can only be used by one EIP. An EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. diff --git a/umn/source/faq/eips/index.rst b/umn/source/faq/eips/index.rst index 939ebfa..ac920b3 100644 --- a/umn/source/faq/eips/index.rst +++ b/umn/source/faq/eips/index.rst @@ -10,6 +10,7 @@ EIPs - :ref:`How Do I Access an ECS with an EIP Bound from the Internet? ` - :ref:`Can I Bind an EIP to a Cloud Resource in Another Region? ` - :ref:`Can I Change the Region of My EIP? ` +- :ref:`What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? ` .. toctree:: :maxdepth: 1 @@ -20,3 +21,4 @@ EIPs how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet can_i_bind_an_eip_to_a_cloud_resource_in_another_region can_i_change_the_region_of_my_eip + what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips diff --git a/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst b/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst new file mode 100644 index 0000000..3b32c94 --- /dev/null +++ b/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst @@ -0,0 +1,26 @@ +:original_name: en-us_topic_0000001799161498.html + +.. _en-us_topic_0000001799161498: + +What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? +=================================================================== + +:ref:`Table 1 ` lists the differences between **5_bgp**, **5_mailbgp**, and **5_gray** EIPs. + +.. _en-us_topic_0000001799161498__en-us_topic_0000001797977244_faq_bandwidth_0008_table1031220574471: + +.. table:: **Table 1** Differences between **5_bgp**, **5_mailbgp**, and **5_gray** EIPs + + +----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Dimension | 5_bgp EIP | 5_gray EIP | 5_mailbgp EIP | + +======================+=======================================================================================================+===============================================================================================================================================================================+=======================================================================================================+ + | Application scenario | Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | **5_gray** EIPs can be bound to dedicated or shared load balancers for Internet access. | **5_mailbgp** EIPs are used together with port 25, 465, or 587 for email services. | + | | | | | + | | **5_bgp** EIPs can be bound to cloud resources except dedicated load balancers. | | | + +----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Differences | - Cannot be bound to dedicated load balancers. | - Can only be bound to dedicated or shared load balancers. | - Cannot be bound to dedicated load balancers. | + | | - Cannot be used for email services. | - Cannot be used for email services. | - Can be used for email services. | + +----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Constraints | The selected EIP type cannot be changed after the EIP is assigned. | - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. | If you need an EIP of this type, contact the account administrator to grant the required permissions. | + | | | - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. | | + +----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst b/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst index bbc1a33..2ebe9bc 100644 --- a/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst +++ b/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst @@ -14,7 +14,7 @@ Does a Modified Security Group Rule or a Firewall Rule Take Effect Immediately f - Firewalls use connection tracking to track traffic to and from instances. Changes to inbound and outbound rules do not take effect immediately for the existing traffic. - If you add, modify, or delete a firewall rule, or associate or diassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected New rules will only be applied for the new connections. + If you add, modify, or delete a firewall rule, or associate or disassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected. New rules will only be applied for the new connections. .. important:: diff --git a/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst index 3f105ce..fe39666 100644 --- a/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst +++ b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst @@ -35,7 +35,7 @@ The issues here are described in order of how likely they are to occur. | | | | | | - The security group rules of the ECSs that need to communicate deny inbound traffic from each other. | | | | - The firewall of the ECS NIC blocks traffic. | | - | | - The network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. | | + | | - The firewall rules of the subnets connected by the VPC peering connection deny inbound traffic. | | | | - Check the policy-based routing configuration of an ECS with multiple NICs. | | +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ | 4 | ECS network failure | Refer to :ref:`ECS Network Failure `. | @@ -143,9 +143,9 @@ Incorrect Network Configuration If the firewall blocks traffic, configure the firewall to allow inbound traffic. -#. Check whether network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. +#. Check whether firewall rules of the subnets connected by the VPC peering connection deny inbound traffic. - If the network ACL rules deny inbound traffic, configure the rules to allow the traffic. + If the firewall rules deny inbound traffic, configure the rules to allow the traffic. #. If an ECS has more than one NIC, check whether correct policy-based routing has been configured for the ECS and packets with different source IP addresses match their own routes from each NIC. diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst index 96ec641..8fa113d 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst index 7435a6c..565979a 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | diff --git a/umn/source/service_overview/product_advantages.rst b/umn/source/service_overview/product_advantages.rst index 9cd020d..81e58c8 100644 --- a/umn/source/service_overview/product_advantages.rst +++ b/umn/source/service_overview/product_advantages.rst @@ -54,5 +54,5 @@ Advantage Comparison +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Flexibility | provides a variety of network services for you to choose from. If you need more network resources (for instance, if you need more bandwidth), you can expand resources on the fly. | You have to strictly comply with the network plan to complete the service deployment. If there are changes in your service requirements, it is difficult to dynamically adjust the network. | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Security | VPCs are logically isolated from each other. You can use security features such as network ACLs and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | + | Security | VPCs are logically isolated from each other. You can use security features such as firewalls and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst b/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst index b0db93e..4b688eb 100644 --- a/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst +++ b/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst @@ -28,7 +28,7 @@ Notes and Constraints To check which ECSs support IPv6: - - On the ECS console, click **Buy ECS**. On the displayed page, view the ECS specifications. + - On the ECS console: Click **Create ECS**. On the displayed page, view the ECS specifications. If there is the **IPv6** parameter with the value of **Yes**, the ECS specifications support IPv6. @@ -70,9 +70,9 @@ In the subnet list, click the subnet name. On the displayed page, view in-use IP Add a security group rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. -**Adding a Network ACL Rule (IPv6)** +Adding an IPv6 Firewall Rule -Add a network ACL rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. +Add a firewall rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. **Adding a Route (IPv6)** diff --git a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst index cb17574..f987ce2 100644 --- a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | diff --git a/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst new file mode 100644 index 0000000..19abf2a --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst @@ -0,0 +1,64 @@ +:original_name: vpc_vpc_0007.html + +.. _vpc_vpc_0007: + +Adding a Secondary IPv4 CIDR Block to a VPC +=========================================== + +Scenarios +--------- + +When you create a VPC, you specify a primary IPv4 CIDR block for the VPC, which cannot be changed. To extend the IP address range of your VPC, you can add a secondary CIDR block to the VPC. + +Notes and Constraints +--------------------- + +- You can allocate a subnet from either a primary or a secondary CIDR block of a VPC. A subnet cannot use both the primary and the secondary CIDR blocks. + + Subnets in the same VPC can communicate with each other by default, even if some subnets are allocated from the primary CIDR block and some are from the secondary CIDR block of a VPC. + +- If a subnet in a secondary CIDR block of your VPC is the same as or overlaps with the destination of an existing route in the VPC route table, the existing route does not take effect. + + If you create a subnet in a secondary CIDR block of your VPC, a route (the destination is the subnet CIDR block and the next hop is **Local**) is automatically added to your VPC route table. This route allows communications within the VPC and has a higher priority than any other routes in the VPC route table. For example, if a VPC route table has a route with the VPC peering connection as the next hop and 100.20.0.0/24 as the destination, and a route for the subnet in the secondary CIDR block has a destination of 100.20.0.0/16, 100.20.0.0/16 and 100.20.0.0/24 overlaps and traffic will be forwarded through the route of the subnet. + +- :ref:`Table 1 ` lists the secondary CIDR blocks that are not supported. + + .. _vpc_vpc_0007__table1060431941314: + + .. table:: **Table 1** Restricted secondary CIDR blocks + + +-----------------------------------+-----------------------------------+ + | Type | CIDR Block (Not Supported) | + +===================================+===================================+ + | Reserved system CIDR blocks | - 100.64.0.0/10 | + | | - 214.0.0.0/7 | + | | - 198.18.0.0/15 | + | | - 169.254.0.0/16 | + +-----------------------------------+-----------------------------------+ + | Reserved public CIDR blocks | - 0.0.0.0/8 | + | | - 127.0.0.0/8 | + | | - 240.0.0.0/4 | + | | - 255.255.255.255/32 | + +-----------------------------------+-----------------------------------+ + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the VPC list, locate the row that contains the VPC and click **Edit CIDR Block** in the **Operation** column. + + The **Edit CIDR Block** dialog box is displayed. + +#. Click **Add Secondary IPv4 CIDR Block**. + +#. Enter the secondary CIDR block and click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001429281925.png +.. |image2| image:: /_static/images/en-us_image_0000001626574374.png diff --git a/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst new file mode 100644 index 0000000..b57fb24 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst @@ -0,0 +1,36 @@ +:original_name: vpc_vpc_0008.html + +.. _vpc_vpc_0008: + +Deleting a Secondary IPv4 CIDR Block from a VPC +=============================================== + +Scenarios +--------- + +If a secondary CIDR block of a VPC is no longer required, you can delete it. + +- A secondary IPv4 CIDR block of a VPC can be deleted, but the primary CIDR block cannot be deleted. +- If you want to delete a secondary CIDR block that contains subnets, you need to delete the subnets first. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the VPC list, locate the row that contains the VPC and click **Edit CIDR Block** in the **Operation** column. + + The **Edit CIDR Block** dialog box is displayed. + +#. Locate the row that contains the secondary CIDR block to be deleted and click **Delete** in the **Operation** column. + +#. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001429973081.png +.. |image2| image:: /_static/images/en-us_image_0000001627054074.png diff --git a/umn/source/vpc_and_subnet/vpc/index.rst b/umn/source/vpc_and_subnet/vpc/index.rst index d5491ac..b6595f8 100644 --- a/umn/source/vpc_and_subnet/vpc/index.rst +++ b/umn/source/vpc_and_subnet/vpc/index.rst @@ -7,6 +7,8 @@ VPC - :ref:`Creating a VPC ` - :ref:`Modifying a VPC ` +- :ref:`Adding a Secondary IPv4 CIDR Block to a VPC ` +- :ref:`Deleting a Secondary IPv4 CIDR Block from a VPC ` - :ref:`Deleting a VPC ` - :ref:`Managing VPC Tags ` - :ref:`Exporting VPC List ` @@ -19,6 +21,8 @@ VPC creating_a_vpc modifying_a_vpc + adding_a_secondary_ipv4_cidr_block_to_a_vpc + deleting_a_secondary_ipv4_cidr_block_from_a_vpc deleting_a_vpc managing_vpc_tags exporting_vpc_list