diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 2777dde..f3fd0a3 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -5,293 +5,313 @@ Change History ============== -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Release Date | What's New | -+===================================+==================================================================================================================================================================================================================================================================================================================================================+ -| 2022-06-25 | Added the following content: | -| | | -| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` (:ref:`Unbinding an EIP from an ECS and Releasing the EIP `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-02-15 | Added the following content: | -| | | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `) and :ref:`Adding EIPs to a Shared Bandwidth ` (:ref:`Adding EIPs to a Shared Bandwidth `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-12-15 | Modified the following content: | -| | | -| | - Added description about how to switch between the old and new console editions in :ref:`Document Usage Instructions `. | -| | - Added :ref:`Operation Guide (New Console Edition) ` and :ref:`Operation Guide (Old Console Edition) `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-08-25 | Modified the following content: | -| | | -| | Deleted the content related to the IP address group. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-06-18 | Modified the following content: | -| | | -| | - Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | -| | - Updated screenshots in :ref:`Assigning a Shared Bandwidth ` (:ref:`Assigning a Shared Bandwidth `) and :ref:`Modifying a Shared Bandwidth ` (:ref:`Modifying a Shared Bandwidth `). | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-25 | Added the following content: | -| | | -| | - Added section :ref:`Shared Bandwidth `. | -| | | -| | Modified the following content: | -| | | -| | - Modified the steps in section :ref:`EIP `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-12 | Added the following content: | -| | | -| | Added description that VPC flow logs support S2 ECSs in section :ref:`VPC Flow Log `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-01-08 | Added the following content: | -| | | -| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | -| | - Added section :ref:`Region and AZ `. | -| | - Added the example of allowing external access to a specified port in the section :ref:`Security Group Configuration Examples `. | -| | | -| | Modified the following content: | -| | | -| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | -| | | -| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | -| | - Optimized figure examples in this document. | -| | - Optimized descriptions in section :ref:`Firewall Configuration Examples `. | -| | - Optimized descriptions in section :ref:`Default Firewall Rules `. | -| | - Changed the position of section :ref:`Security `. | -| | - Optimized :ref:`What Is a Quota? `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted section "Deleting a VPN". | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-09-10 | Added the following content: | -| | | -| | - Added section :ref:`VPC Flow Log `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in section :ref:`Basic Concepts `. | -| | - Deleted the FAQs related to VPN in section :ref:`FAQs `. | -| | | -| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in section :ref:`Getting Started `. | -| | | -| | Modified the following content: | -| | | -| | - Optimized section :ref:`Service Overview ` and added the product advantage description to section :ref:`What Is Virtual Private Cloud? `. | -| | - Added section :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | -| | - Modified the description about how to switch to the **EIPs** page in section :ref:`EIP `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-23 | Added the following content: | -| | | -| | - Added the description about batch subnet creation in section :ref:`VPC and Subnet `. | -| | - Added precautions about disabling a firewall in section :ref:`Enabling or Disabling a Firewall `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-22 | Added the following content: | -| | | -| | - Added the **Assign EIP** screenshot in section :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-15 | Added the following content: | -| | | -| | - Added the Anti-DDoS service restriction in section :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? `. | -| | - Added section :ref:`Modifying a Security Group `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-11 | Deleted the following content: | -| | | -| | - Deleted the console screenshot from section :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-31 | Accepted in OTC-4.0. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-30 | Modified the following content: | -| | | -| | - Modified the table listing the parameters for creating a VPC in section :ref:`VPC and Subnet `. | -| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | -| | - Added the link to the default security group rule introduction in section :ref:`Adding a Security Group Rule `. | -| | - Modified the format of the exported file to Excel in sections :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | -| | - Changed the number of characters allowed for the **Description** field to **255** in section :ref:`Creating a Firewall `. | -| | - Modified the steps in section :ref:`Managing EIP Tags `. | -| | - Added the **Monitoring Period** column to the table listing metrics in section :ref:`Supported Metrics `. | -| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in section :ref:`What Is the Bandwidth Size Range? `. | -| | - Modified the table listing subnet parameters in section :ref:`Modifying a Subnet `. | -| | - Updated the security group description in section :ref:`Security Group `. | -| | - Updated the VPC peering connection description in section :ref:`VPC Peering Connection `. | -| | - Updated the firewall description in section :ref:`Firewall `. | -| | - Updated the console screenshots in section :ref:`Adding a Firewall Rule `. | -| | - Updated the console screenshots in section :ref:`Modifying a Firewall Rule `. | -| | | -| | Added the following content: | -| | | -| | - Added section :ref:`Security Group Configuration Examples `. | -| | - Added section :ref:`Route Table Overview `. | -| | - Added section :ref:`Modifying an EIP Bandwidth `. | -| | - Added description about disassociating and releasing multiple EIPs at a time in section :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted description about the transitive peering relationships from section :ref:`Are There Any Constraints on Using VPC Peering Connections? `. | -| | - Deleted section **Viewing Routes Configured for a VPC Peering Connection in the VPC Peering Route Table**. | -| | - Deleted section **Deleting a Route from the VPC Peering Route Table**. | -| | - Deleted description about the **Reject** action from section :ref:`Adding a Firewall Rule `. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-12-30 | Modified the following content: | -| | | -| | - Modified the description about how to switch to the security group and firewall pages based on the changes made on the management console. | -| | | -| | Added the following content: | -| | | -| | - Added section **Firewall** **Overview**. | -| | - Added section **Firewall** **Configuration Examples**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-11-30 | Added the following content: | -| | | -| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | -| | | -| | Modified the following content: | -| | | -| | - Updated the document based on changes made to the firewall console pages. | -| | | -| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | -| | - Changed parameter **Any** to **All**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-06 | Modified the following content: | -| | | -| | - Modified the content and changed some screenshots in the document based on the latest management console. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-08-30 | This release incorporates the following change: | -| | | -| | - Added section **Adding Instances to and Removing Them from a Security Group**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-07-30 | This release incorporates the following changes: | -| | | -| | - Optimized the sections related to security groups: | -| | | -| | - Added section **Replicating a Security Group Rule**. | -| | - Added section **Modifying a Security Group Rule**. | -| | - Modified section **Deleting a Security Group Rule** and added description about how to delete multiple security group rules at a time. | -| | - Added section **Importing and Exporting Security Group Rules**. | -| | | -| | - Modified the VPN sections. The details are as follows: | -| | | -| | - Modified the step for switching to the VPN console. | -| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | -| | - Deleted section **VPN Best Practice**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-30 | This release incorporates the following changes: | -| | | -| | - Optimized sections under **Product Introduction**. | -| | - Optimized sections under **Security Group**. | -| | | -| | - Optimized section **Security Group Overview**. | -| | | -| | - Optimized section **Default Security Groups and Security Group Rules**. | -| | - Optimized section **Creating a Security Group**. | -| | - Optimized section **Adding a Security Group Rule**. | -| | - Optimized section **Fast-Adding Security Group Rules**. | -| | - Added security group configuration examples. | -| | - Added section **Viewing the Security Group of an ECS**. | -| | - Added section **Changing the Security Group of an ECS**. | -| | | -| | - Categorized FAQs. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-11 | This release incorporates the following changes: | -| | | -| | - Added section **Monitoring**. | -| | - Modified tag description. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-05-23 | Accepted in OTC 3.1. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-04-28 | This release incorporates the following changes: | -| | | -| | - Added description about VPN tagging. | -| | - Added the IPv6 address description. | -| | - Added section **Exporting VPC Information**. | -| | - Modified the bandwidth range. | -| | - Modified the VPN modification snapshot. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-03-30 | This release incorporates the following change: | -| | | -| | Deleted the IPv6 address description. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-02-28 | This release incorporates the following change: | -| | | -| | Added the description that the security group description can contain a maximum of 128 characters. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-01-30 | This release incorporates the following changes: | -| | | -| | - Added description about the function of unbinding and releasing EIPs in batches. | -| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | -| | - Added the description that the security group description can contain a maximum of 64 characters. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-11-30 | This release incorporates the following changes: | -| | | -| | - Updated screenshots and steps based on the latest management console pages. | -| | - Added description to indicate that subnets can be created without specifying the AZ. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-10-30 | This release incorporates the following changes: | -| | | -| | - Added description about the fast security group rule adding function. | -| | - Added ECS security group configuration examples. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-09-30 | This release incorporates the following changes: | -| | | -| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | -| | - Modified description in sections **Adding a Security Group Rule** and **Deleting a Security Group Rule** based on changes made to the network console. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-08-30 | This release incorporates the following changes: | -| | | -| | - Added section **Managing Subnet Tags**. | -| | - Added description about the VPC, subnet, and EIP tags. | -| | - Added section **Security Group Overview**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-07-30 | This release incorporates the following changes: | -| | | -| | - Added description about how to enable shared SNAT on the management console. | -| | - Added section **Managing VPC Tags**. | -| | - Added section **Managing EIP Tags**. | -| | - Changed the number of routes allowed in a route table by default to **100**. | -| | - Updated procedures in sections **VPC and Subnet** and **Custom Route** based on changes made to the network console. | -| | - Added description about the multi-project feature. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-06-30 | This release incorporates the following change: | -| | | -| | - Added description about the virtual IP address feature. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-05-30 | This release incorporates the following change: | -| | | -| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC**. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-04-28 | This release incorporates the following change: | -| | | -| | - Added description about how to add DNS server addresses during subnet information modification. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-03-30 | This release incorporates the following changes: | -| | | -| | - Added description about the firewall function. | -| | - Added description about the shared SNAT function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-28 | This release incorporates the following change: | -| | | -| | - Deleted description about the button for disabling the DHCP function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-24 | This release incorporates the following change: | -| | | -| | - Added description about the VPC peering function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-01-12 | This release incorporates the following change: | -| | | -| | - Added description about the custom route table function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-10-19 | This release incorporates the following change: | -| | | -| | - Updated the Help Center URL of the VPN service. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-07-15 | This release incorporates the following changes: | -| | | -| | - Modified the VPN authentication algorithm. | -| | - Optimized the traffic metering function. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-03-14 | This issue is the first official release. | -+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Release Date | What's New | ++===================================+===================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ +| 2022-12-12 | This release incorporates the following changes: | +| | | +| | Modified the following content: | +| | | +| | Added description that EIPs of the Dedicated Load Balancer (5_gray) type cannot be created in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Unbinding an EIP from an ECS and Releasing the EIP `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-11-15 | This release incorporates the following changes: | +| | | +| | Added support for binding and unbinding EIPs of the Dedicated Load Balancer (5_gray) type using APIs in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Unbinding an EIP from an ECS and Releasing the EIP `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-10-20 | Modified the following content: | +| | | +| | - Added user-defined networks in :ref:`Route Table Overview `. | +| | - Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-09-07 | Added the following content: | +| | | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` (:ref:`Unbinding an EIP from an ECS and Releasing the EIP `). | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-06-25 | Added the following content: | +| | | +| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | +| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` (:ref:`Unbinding an EIP from an ECS and Releasing the EIP `). | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-02-15 | Added the following content: | +| | | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | +| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `) and :ref:`Adding EIPs to a Shared Bandwidth ` (:ref:`Adding EIPs to a Shared Bandwidth `). | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-12-15 | Modified the following content: | +| | | +| | - Added description about how to switch between the old and new console editions in :ref:`Document Usage Instructions `. | +| | - Added :ref:`Operation Guide (New Console Edition) ` and :ref:`Operation Guide (Old Console Edition) `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-08-25 | Modified the following content: | +| | | +| | Deleted the content related to the IP address group. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-06-18 | Modified the following content: | +| | | +| | - Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS ` (:ref:`Assigning an EIP and Binding It to an ECS `). | +| | - Updated screenshots in :ref:`Assigning a Shared Bandwidth ` (:ref:`Assigning a Shared Bandwidth `) and :ref:`Modifying a Shared Bandwidth ` (:ref:`Modifying a Shared Bandwidth `). | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-25 | Added the following content: | +| | | +| | - Added section :ref:`Shared Bandwidth `. | +| | | +| | Modified the following content: | +| | | +| | - Modified the steps in section :ref:`Elastic IP `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-12 | Added the following content: | +| | | +| | Added description that VPC flow logs support S2 ECSs in section :ref:`VPC Flow Log `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-01-08 | Added the following content: | +| | | +| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | +| | - Added section :ref:`Region and AZ `. | +| | - Added the example of allowing external access to a specified port in the section :ref:`Security Group Configuration Examples `. | +| | | +| | Modified the following content: | +| | | +| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | +| | | +| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | +| | - Optimized figure examples in this document. | +| | - Optimized descriptions in section :ref:`Firewall Configuration Examples `. | +| | - Optimized descriptions in section :ref:`Default Firewall Rules `. | +| | - Changed the position of section :ref:`Security `. | +| | - Optimized :ref:`What Is a Quota? `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted section "Deleting a VPN". | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-09-10 | Added the following content: | +| | | +| | - Added section :ref:`VPC Flow Log `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in section :ref:`Basic Concepts `. | +| | - Deleted the FAQs related to VPN in section :ref:`FAQs `. | +| | | +| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in section :ref:`Getting Started `. | +| | | +| | Modified the following content: | +| | | +| | - Optimized section :ref:`Service Overview ` and added the product advantage description to section :ref:`What Is Virtual Private Cloud? `. | +| | - Added section :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | +| | - Modified the description about how to switch to the **EIPs** page in section :ref:`Elastic IP `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-23 | Added the following content: | +| | | +| | - Added the description about batch subnet creation in section :ref:`VPC and Subnet `. | +| | - Added precautions about disabling a firewall in section :ref:`Enabling or Disabling a Firewall `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-22 | Added the following content: | +| | | +| | - Added the **Assign EIP** screenshot in section :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-15 | Added the following content: | +| | | +| | - Added the Anti-DDoS service restriction in section :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? `. | +| | - Added section :ref:`Modifying a Security Group `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-11 | Deleted the following content: | +| | | +| | - Deleted the console screenshot from section :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-31 | Accepted in OTC-4.0. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-30 | Modified the following content: | +| | | +| | - Modified the table listing the parameters for creating a VPC in section :ref:`VPC and Subnet `. | +| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | +| | - Added the link to the default security group rule introduction in section :ref:`Adding a Security Group Rule `. | +| | - Modified the format of the exported file to Excel in sections :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | +| | - Changed the number of characters allowed for the **Description** field to **255** in section :ref:`Creating a Firewall `. | +| | - Modified the steps in section :ref:`Managing EIP Tags `. | +| | - Added the **Monitoring Period** column to the table listing metrics in section :ref:`Supported Metrics `. | +| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in section :ref:`What Is the Bandwidth Size Range? `. | +| | - Modified the table listing subnet parameters in section :ref:`Modifying a Subnet `. | +| | - Updated the security group description in section :ref:`Security Group `. | +| | - Updated the VPC peering connection description in section :ref:`VPC Peering Connection `. | +| | - Updated the firewall description in section :ref:`Firewall `. | +| | - Updated the console screenshots in section :ref:`Adding a Firewall Rule `. | +| | - Updated the console screenshots in section :ref:`Modifying a Firewall Rule `. | +| | | +| | Added the following content: | +| | | +| | - Added section :ref:`Security Group Configuration Examples `. | +| | - Added section :ref:`Route Table Overview `. | +| | - Added section :ref:`Modifying an EIP Bandwidth `. | +| | - Added description about disassociating and releasing multiple EIPs at a time in section :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted description about the transitive peering relationships from section :ref:`Are There Any Constraints on Using VPC Peering Connections? `. | +| | - Deleted section **Viewing Routes Configured for a VPC Peering Connection in the VPC Peering Route Table**. | +| | - Deleted section **Deleting a Route from the VPC Peering Route Table**. | +| | - Deleted description about the **Reject** action from section :ref:`Adding a Firewall Rule `. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-12-30 | Modified the following content: | +| | | +| | - Modified the description about how to switch to the security group and firewall pages based on the changes made on the management console. | +| | | +| | Added the following content: | +| | | +| | - Added section **Firewall** **Overview**. | +| | - Added section **Firewall** **Configuration Examples**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-11-30 | Added the following content: | +| | | +| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | +| | | +| | Modified the following content: | +| | | +| | - Updated the document based on changes made to the firewall console pages. | +| | | +| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | +| | - Changed parameter **Any** to **All**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-06 | Modified the following content: | +| | | +| | - Modified the content and changed some screenshots in the document based on the latest management console. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-08-30 | This release incorporates the following change: | +| | | +| | - Added section **Adding Instances to and Removing Them from a Security Group**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-07-30 | This release incorporates the following changes: | +| | | +| | - Optimized the sections related to security groups: | +| | | +| | - Added section **Replicating a Security Group Rule**. | +| | - Added section **Modifying a Security Group Rule**. | +| | - Modified section **Deleting a Security Group Rule** and added description about how to delete multiple security group rules at a time. | +| | - Added section **Importing and Exporting Security Group Rules**. | +| | | +| | - Modified the VPN sections. The details are as follows: | +| | | +| | - Modified the step for switching to the VPN console. | +| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | +| | - Deleted section **VPN Best Practice**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-30 | This release incorporates the following changes: | +| | | +| | - Optimized sections under **Product Introduction**. | +| | - Optimized sections under **Security Group**. | +| | | +| | - Optimized section **Security Group Overview**. | +| | | +| | - Optimized section **Default Security Groups and Security Group Rules**. | +| | - Optimized section **Creating a Security Group**. | +| | - Optimized section **Adding a Security Group Rule**. | +| | - Optimized section **Fast-Adding Security Group Rules**. | +| | - Added security group configuration examples. | +| | - Added section **Viewing the Security Group of an ECS**. | +| | - Added section **Changing the Security Group of an ECS**. | +| | | +| | - Categorized FAQs. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-11 | This release incorporates the following changes: | +| | | +| | - Added section **Monitoring**. | +| | - Modified tag description. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-05-23 | Accepted in OTC 3.1. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-04-28 | This release incorporates the following changes: | +| | | +| | - Added description about VPN tagging. | +| | - Added the IPv6 address description. | +| | - Added section **Exporting VPC Information**. | +| | - Modified the bandwidth range. | +| | - Modified the VPN modification snapshot. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-03-30 | This release incorporates the following change: | +| | | +| | Deleted the IPv6 address description. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-02-28 | This release incorporates the following change: | +| | | +| | Added the description that the security group description can contain a maximum of 128 characters. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-01-30 | This release incorporates the following changes: | +| | | +| | - Added description about the function of unbinding and releasing EIPs in batches. | +| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | +| | - Added the description that the security group description can contain a maximum of 64 characters. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-11-30 | This release incorporates the following changes: | +| | | +| | - Updated screenshots and steps based on the latest management console pages. | +| | - Added description to indicate that subnets can be created without specifying the AZ. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-10-30 | This release incorporates the following changes: | +| | | +| | - Added description about the fast security group rule adding function. | +| | - Added ECS security group configuration examples. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-09-30 | This release incorporates the following changes: | +| | | +| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | +| | - Modified description in sections **Adding a Security Group Rule** and **Deleting a Security Group Rule** based on changes made to the network console. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-08-30 | This release incorporates the following changes: | +| | | +| | - Added section **Managing Subnet Tags**. | +| | - Added description about the VPC, subnet, and EIP tags. | +| | - Added section **Security Group Overview**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-07-30 | This release incorporates the following changes: | +| | | +| | - Added description about how to enable shared SNAT on the management console. | +| | - Added section **Managing VPC Tags**. | +| | - Added section **Managing EIP Tags**. | +| | - Changed the number of routes allowed in a route table by default to **100**. | +| | - Updated procedures in sections **VPC and Subnet** and **Custom Route** based on changes made to the network console. | +| | - Added description about the multi-project feature. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-06-30 | This release incorporates the following change: | +| | | +| | - Added description about the virtual IP address feature. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-05-30 | This release incorporates the following change: | +| | | +| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC**. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-04-28 | This release incorporates the following change: | +| | | +| | - Added description about how to add DNS server addresses during subnet information modification. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-03-30 | This release incorporates the following changes: | +| | | +| | - Added description about the firewall function. | +| | - Added description about the shared SNAT function. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-28 | This release incorporates the following change: | +| | | +| | - Deleted description about the button for disabling the DHCP function. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-24 | This release incorporates the following change: | +| | | +| | - Added description about the VPC peering function. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-01-12 | This release incorporates the following change: | +| | | +| | - Added description about the custom route table function. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-10-19 | This release incorporates the following change: | +| | | +| | - Updated the Help Center URL of the VPN service. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-07-15 | This release incorporates the following changes: | +| | | +| | - Modified the VPN authentication algorithm. | +| | - Optimized the traffic metering function. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-03-14 | This issue is the first official release. | ++-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst b/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst index 769141c..0808781 100644 --- a/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst +++ b/umn/source/faqs/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst @@ -5,9 +5,9 @@ What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ================================================================================================================================================================== -Dedicated bandwidth: The bandwidth can only be used by one EIP and the EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. +A dedicated bandwidth can only be used by one EIP. An EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. -Shared bandwidth: The bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your workloads. +A shared bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your workloads. A dedicated bandwidth cannot be changed to a shared bandwidth or the other way around. You can purchase a shared bandwidth for your EIPs. diff --git a/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst b/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst index 99e5e2d..08d0a33 100644 --- a/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst +++ b/umn/source/faqs/bandwidth/what_is_the_bandwidth_size_range.rst @@ -5,4 +5,4 @@ What Is the Bandwidth Size Range? ================================= -The bandwidth range is from 1 Mbit/s to 1,000 Mbit/s. +The bandwidth range is from 5 Mbit/s to 1000 Mbit/s. diff --git a/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst b/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst index 8cc5623..841d754 100644 --- a/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst +++ b/umn/source/faqs/connectivity/are_there_any_constraints_on_using_vpc_peering_connections.rst @@ -13,17 +13,17 @@ Are There Any Constraints on Using VPC Peering Connections? - If there are three VPCs, A, B, and C, and VPC A is peered with both VPC B and VPC C, but VPC B and VPC C overlap with each other, you cannot configure routes with the same destinations for VPC A. -- You cannot have more than one VPC peering connection between the same two VPCs at the same time. +- You can only have one VPC peering connection between two VPCs at the same time. -- A VPC peering connection between VPCs in different regions will not take effect. +- A VPC peering connection cannot be established between VPCs in different regions. - You cannot use the EIPs in a VPC to access resources in a peered VPC. For example, VPC A is peered with VPC B, and VPC B has EIPs that can be used to access the Internet, you cannot use EIPs in VPC B to access the Internet from VPC A. -- If you request a VPC peering connection with a VPC of another account, the connection takes effect only after the peer account accept the request. If you request a VPC peering connection with a VPC of your own, the system automatically accepts the request and activates the connection. +- If you request a VPC peering connection with a VPC of another account, the connection cannot be used until the peer account accept the request. If you request a VPC peering connection with a VPC of your own, the system automatically accepts the request and activates the connection. - To ensure security, do not accept VPC peering connections from unknown accounts. -- The owner either of a VPC in a peering connection can delete the VPC peering connection at any time. If a VPC peering connection is deleted by one of its owners, all information about this connection will also be deleted immediately, including routes added for the VPC peering connection. +- The owner of either VPC in a peering connection can delete the VPC peering connection at any time. Deleting a VPC peering connection will also all information about this connection, including routes added for the VPC peering connection. - After a VPC peering connection is established, the local and peer accounts must add routes to the route tables of the local and peer VPCs to enable communication between the two VPCs. diff --git a/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst b/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst index 7aa5274..fcc5854 100644 --- a/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst +++ b/umn/source/faqs/connectivity/how_many_vpc_peering_connections_can_i_create.rst @@ -7,8 +7,8 @@ How Many VPC Peering Connections Can I Create? Each account can have a maximum of 50 VPC peering connections in each region by default. -- VPC peering connections between VPCs in one account: Each account can create a maximum of 50 VPC peering connections in one region. +- VPC peering connections between VPCs from the same account: Each account can create a maximum of 50 VPC peering connections in one region. -- VPC peering connections between VPCs of different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. +- VPC peering connections between VPCs from different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. An account can create VPC peering connections with different accounts if the account has enough quota. diff --git a/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst b/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst index b812843..7cd306d 100644 --- a/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst +++ b/umn/source/faqs/eip/can_i_bind_an_eip_to_multiple_ecss.rst @@ -6,3 +6,5 @@ Can I Bind an EIP to Multiple ECSs? =================================== Each EIP can be bound to only one ECS at a time. + +Multiple ECSs cannot share the same EIP. An ECS and its bound EIP must be in the same region. If you want multiple ECSs in the same VPC to share an EIP, you have to use a NAT gateway. For more information, see *NAT Gateway User Guide*. diff --git a/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst b/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst index 446cce6..7c32ff7 100644 --- a/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst +++ b/umn/source/faqs/eip/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst @@ -9,10 +9,10 @@ Each ECS is automatically added to a security group after being created to ensur You can set **Protocol** to **TCP**, **UDP**, **ICMP**, or **All** as required on the page for creating a security group rule. -- If the ECS needs to be accessible over the Internet and the IP address used to access the ECS over the Internet has been configured on the ECS, or the ECS does not need to be accessible over the Internet, set **Source** to the IP address range containing the IP address that is allowed to access the ECS over the Internet. -- If the ECS needs to be accessible over the Internet and the IP address used to access the ECS over the Internet has not been configured on the ECS, it is recommended that you retain the default setting **0.0.0.0/0** for **Source**, and then set allowed ports to improve network security. -- Allocate ECSs that have different Internet access policies to different security groups. +- If your ECS needs to be accessible over the Internet and you know the IP address used to access the ECS, set **Source** to the IP address range containing the IP address. - .. note:: +- If your ECS needs to be accessible over the Internet but you do not know the IP address used to access the ECS, retain the default setting 0.0.0.0/0 for **Source**, and then set allowed ports to improve network security. - The default source IP address **0.0.0.0/0** indicates that all IP addresses can access ECSs in the security group. + The default source **0.0.0.0/0** indicates that all IP addresses can access ECSs in the security group. + +- Allocate ECSs that have different Internet access requirements to different security groups. diff --git a/umn/source/faqs/eip/index.rst b/umn/source/faqs/eip/index.rst index 1eeff13..aef7263 100644 --- a/umn/source/faqs/eip/index.rst +++ b/umn/source/faqs/eip/index.rst @@ -5,7 +5,7 @@ EIP === -- :ref:`What Are EIPs? ` +- :ref:`What Is an EIP? ` - :ref:`Can I Bind an EIP to Multiple ECSs? ` - :ref:`How Do I Access an ECS with an EIP Bound from the Internet? ` @@ -13,6 +13,6 @@ EIP :maxdepth: 1 :hidden: - what_are_eips + what_is_an_eip can_i_bind_an_eip_to_multiple_ecss how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet diff --git a/umn/source/faqs/eip/what_are_eips.rst b/umn/source/faqs/eip/what_is_an_eip.rst similarity index 94% rename from umn/source/faqs/eip/what_are_eips.rst rename to umn/source/faqs/eip/what_is_an_eip.rst index 1571c42..2951d37 100644 --- a/umn/source/faqs/eip/what_are_eips.rst +++ b/umn/source/faqs/eip/what_is_an_eip.rst @@ -2,8 +2,8 @@ .. _vpc_faq_0013: -What Are EIPs? -============== +What Is an EIP? +=============== The Elastic IP (EIP) service enables your cloud resources to communicate with the Internet using static public IP addresses and scalable bandwidths. EIPs can be bound to or unbound from ECSs, BMSs, virtual IP addresses, NAT gateways, or load balancers. diff --git a/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst b/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst index 926fa50..ce92b9f 100644 --- a/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst +++ b/umn/source/faqs/vpc_and_subnet/what_is_virtual_private_cloud.rst @@ -5,9 +5,9 @@ What Is Virtual Private Cloud? ============================== -The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. +The Virtual Private Cloud (VPC) service enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. -Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules for communication between ECSs in the same security group or in different security groups. +Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. .. figure:: /_static/images/en-us_image_0209606948.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index 1d37017..e7c99ba 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -5,6 +5,118 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs ============================================================== +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + +#. Click **Create VPC**. + +#. On the **Create VPC** page, set parameters as prompted. + + A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. table:: **Table 1** VPC parameter descriptions + + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + + .. table:: **Table 2** VPC tag key and value requirements + + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+============================================================================+=======================+ + | Key | - Cannot be left blank. | vpc_key1 | + | | - Must be unique for the same VPC and can be the same for different VPCs. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | vpc-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+----------------------------------------------------------------------------+-----------------------+ + + .. _en-us_topic_0017816228__en-us_topic_0118498860_en-us_topic_0118498861_table6536185812515: + + .. table:: **Table 3** Subnet tag key and value requirements + + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+=====================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Special characters, including hyphens (-) and underscores (_) | | + +-----------------------+---------------------------------------------------------------------+-----------------------+ + +#. Click **Create Now**. + - :ref:`Overview ` - :ref:`Step 1: Create a VPC ` - :ref:`Step 2: Create a Subnet for the VPC ` @@ -12,6 +124,8 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs - :ref:`Step 4: Create a Security Group ` - :ref:`Step 5: Add a Security Group Rule ` +.. |image1| image:: /_static/images/en-us_image_0141273034.png + .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst index e1f5548..05cdfcf 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst @@ -20,30 +20,30 @@ If your ECSs need to access the Internet (for example, the ECSs functioning as t .. table:: **Table 1** Configuration process description - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Task | Description | - +======================================+===============================================================================================================================================================================================================================================================================================+ - | Create a VPC. | This task is mandatory. | - | | | - | | A created VPC comes with a default subnet you specified. | - | | | - | | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Create another subnet for the VPC. | This task is optional. | - | | | - | | If the default subnet cannot meet your requirements, you can create one. | - | | | - | | The new subnet is used to assign IP addresses to NICs added to the ECS. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Assign an EIP and bind it to an ECS. | This task is mandatory. | - | | | - | | You can assign an EIP and bind it to an ECS so that the ECS can access the Internet. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Create a security group. | This task is mandatory. | - | | | - | | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. After a security group is created, it has a default rule, which allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Add a security group rule. | This task is optional. | - | | | - | | If the default rule does not meet your service requirements, you can add security group rules. | - +--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Task | Description | + +======================================+=============================================================================================================================================================================================================================================================================================+ + | Create a VPC. | This task is mandatory. | + | | | + | | A created VPC comes with a default subnet you specified. | + | | | + | | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Create another subnet for the VPC. | This task is optional. | + | | | + | | If the default subnet cannot meet your requirements, you can create one. | + | | | + | | The new subnet is used to assign IP addresses to NICs added to the ECS. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Assign an EIP and bind it to an ECS. | This task is mandatory. | + | | | + | | You can assign an EIP and bind it to an ECS for Internet access. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Create a security group. | This task is mandatory. | + | | | + | | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. After a security group is created, it has default rules, which allow all outgoing data packets. ECSs in a security group can access each other without the need to add rules. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Add a security group rule. | This task is optional. | + | | | + | | If the default rule does not meet your service requirements, you can add security group rules. | + +--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst index 903bfae..a3d8cbe 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -21,6 +21,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **Subnets**. 5. Click **Create Subnet**. diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst index 2ab28e0..1ecb437 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst @@ -12,11 +12,16 @@ You can assign an EIP and bind it to an ECS so that the ECS can access the Inter .. note:: - EIPs for dedicated load balancers: + Note the following when you use EIPs of the Dedicated Load Balancer (**5_gray**) type: - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. + - In **eu-de**, EIPs of the Dedicated Load Balancer (5_gray) type cannot be created any more. + - Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see "Binding an EIP" and "Unbinding an EIP" in "API V3" section in the *Elastic IP API Reference*. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Assigning an EIP ---------------- @@ -39,26 +44,26 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=========================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 192.168.12.10 | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Quantity | The number of EIPs you want to purchase. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ .. _vpc_qs_0011__en-us_topic_0118499041_en-us_topic_0118498850_table36606052153313: @@ -95,7 +100,7 @@ Binding an EIP #. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. -#. Select the instance to which you want to bind the EIP. +#. Select the instance that you want to bind the EIP to. .. figure:: /_static/images/en-us_image_0000001166028070.png @@ -105,7 +110,7 @@ Binding an EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` Follow-Up Procedure ------------------- diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst index aae35ff..8d403ac 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst @@ -8,22 +8,22 @@ Step 4: Create a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -51,6 +51,6 @@ Procedure | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index 4f8f9df..9aceeec 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -42,26 +42,26 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+====================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,24 +75,24 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst index bfdc646..c355069 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -21,6 +21,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **Subnets**. 5. Click **Create Subnet**. diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst index b20e13e..5bda1b4 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst @@ -8,22 +8,22 @@ Step 3: Create a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -51,6 +51,6 @@ Procedure | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 3426390..9197f62 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -42,26 +42,26 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+====================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,24 +75,24 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/operation_guide_new_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst similarity index 77% rename from umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst rename to umn/source/operation_guide_new_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index 3e3d250..536cebd 100644 --- a/umn/source/operation_guide_new_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/operation_guide_new_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -12,11 +12,16 @@ You can assign an EIP and bind it to an ECS so that the ECS can access the Inter .. note:: - EIPs for dedicated load balancers: + Note the following when you use EIPs of the Dedicated Load Balancer (**5_gray**) type: - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. + - In **eu-de**, EIPs of the Dedicated Load Balancer (5_gray) type cannot be created any more. + - Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see "Binding an EIP" and "Unbinding an EIP" in "API V3" section in the *Elastic IP API Reference*. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Assigning an EIP ---------------- @@ -39,26 +44,26 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=========================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 192.168.12.10 | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Quantity | The number of EIPs you want to purchase. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ .. _en-us_topic_0013748738__en-us_topic_0118498850_table36606052153313: @@ -95,7 +100,7 @@ Binding an EIP #. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. -#. Select the instance to which you want to bind the EIP. +#. Select the instance that you want to bind the EIP to. .. figure:: /_static/images/en-us_image_0000001166028070.png @@ -105,7 +110,7 @@ Binding an EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` Follow-Up Procedure ------------------- diff --git a/umn/source/operation_guide_new_console_edition/eip/index.rst b/umn/source/operation_guide_new_console_edition/elastic_ip/index.rst similarity index 95% rename from umn/source/operation_guide_new_console_edition/eip/index.rst rename to umn/source/operation_guide_new_console_edition/elastic_ip/index.rst index 41e3858..0efb762 100644 --- a/umn/source/operation_guide_new_console_edition/eip/index.rst +++ b/umn/source/operation_guide_new_console_edition/elastic_ip/index.rst @@ -2,8 +2,8 @@ .. _vpc_eip_0000: -EIP -=== +Elastic IP +========== - :ref:`Assigning an EIP and Binding It to an ECS ` - :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` diff --git a/umn/source/operation_guide_new_console_edition/eip/managing_eip_tags.rst b/umn/source/operation_guide_new_console_edition/elastic_ip/managing_eip_tags.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/eip/managing_eip_tags.rst rename to umn/source/operation_guide_new_console_edition/elastic_ip/managing_eip_tags.rst diff --git a/umn/source/operation_guide_new_console_edition/eip/modifying_an_eip_bandwidth.rst b/umn/source/operation_guide_new_console_edition/elastic_ip/modifying_an_eip_bandwidth.rst similarity index 100% rename from umn/source/operation_guide_new_console_edition/eip/modifying_an_eip_bandwidth.rst rename to umn/source/operation_guide_new_console_edition/elastic_ip/modifying_an_eip_bandwidth.rst diff --git a/umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/operation_guide_new_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst similarity index 69% rename from umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst rename to umn/source/operation_guide_new_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst index 205c6f0..32f3cc9 100644 --- a/umn/source/operation_guide_new_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst +++ b/umn/source/operation_guide_new_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst @@ -13,7 +13,14 @@ If you no longer need an EIP, unbind it from the ECS and release the EIP to avoi Notes and Constraints --------------------- -- EIP assigned together with your load balancers will also be displayed in the EIP list on the VPC console. On the EIP console or using EIP APIs, you cannot bind EIPs to or unbind them from dedicated load balancers, but you can bind EIPs to or unbind them from shared load balancers. +- In **eu-de**, EIPs of the Dedicated Load Balancer (5_gray) type cannot be created any more. +- Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see "Binding an EIP" and "Unbinding an EIP" in "API V3" section in the *Elastic IP API Reference*. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + +- EIP assigned together with your load balancers will also be displayed in the EIP list. - You can only release EIPs that are not bound to any resources. Procedure @@ -30,11 +37,10 @@ Procedure **Releasing a single EIP** #. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. -5. Click **Yes** in the displayed dialog box. +#. Click |image2| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Elastic IP**. +#. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. +#. Click **Yes** in the displayed dialog box. **Unbinding multiple EIPs at once** diff --git a/umn/source/operation_guide_new_console_edition/index.rst b/umn/source/operation_guide_new_console_edition/index.rst index 4ac0003..9e31c9b 100644 --- a/umn/source/operation_guide_new_console_edition/index.rst +++ b/umn/source/operation_guide_new_console_edition/index.rst @@ -7,7 +7,7 @@ Operation Guide (New Console Edition) - :ref:`VPC and Subnet ` - :ref:`Security ` -- :ref:`EIP ` +- :ref:`Elastic IP ` - :ref:`Shared Bandwidth ` - :ref:`Route Table ` - :ref:`VPC Peering Connection ` @@ -22,7 +22,7 @@ Operation Guide (New Console Edition) vpc_and_subnet/index security/index - eip/index + elastic_ip/index shared_bandwidth/index route_table/index vpc_peering_connection/index diff --git a/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst b/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst index 1580b78..73c022e 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst +++ b/umn/source/operation_guide_new_console_edition/monitoring/creating_an_alarm_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. In the left navigation pane on the left, choose **Alarm Management** > **Alarm Rules**. diff --git a/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst b/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst index 3bde4f0..4542bd6 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst +++ b/umn/source/operation_guide_new_console_edition/monitoring/supported_metrics.rst @@ -20,25 +20,25 @@ Monitoring Metrics .. table:: **Table 1** EIP and bandwidth metrics - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | - +======================+====================+=================================================+=============+==================+================================+ - | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | up_stream | Outbound Traffic | Network traffic going out of the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | down_stream | Inbound Traffic | Network traffic going into the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | + +======================+====================+=============================================================+=============+==================+================================+ + | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | up_stream | Outbound Traffic | Network traffic going out of the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | down_stream | Inbound Traffic | Network traffic going into the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ Dimensions ---------- diff --git a/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst b/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst index 99442c8..db75ccb 100644 --- a/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst +++ b/umn/source/operation_guide_new_console_edition/monitoring/viewing_metrics.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. 5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. diff --git a/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst index 6a6b651..5c95b7d 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/associating_a_subnet_with_a_route_table.rst @@ -24,8 +24,6 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. - #. In the route table list, locate the row that contains the target route table and click **Associate Subnet** in the **Operation** column. #. Select the subnet to be associated. diff --git a/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst index e864816..6edf12f 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/changing_the_route_table_associated_with_a_subnet.rst @@ -19,8 +19,6 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. - #. In the route table list, click the name of the target route table. #. On the **Associated Subnets** tab page, click **Change Route Table** in the **Operation** column and select a new route table as prompted. diff --git a/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst b/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst index 67c1bb0..8a94e25 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/configuring_an_snat_server.rst @@ -26,7 +26,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Compute**, click **Elastic Cloud Server**. +3. Under **Computing**, click **Elastic Cloud Server**. 4. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. @@ -34,12 +34,12 @@ Procedure 6. Click the NIC IP address. In the displayed area showing the NIC details, disable the source/destination check function. - By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. Therefore, you need to disable the source/destination check for SNAT servers. + By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This prevents packet spoofing and improves system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. To stop this, you can disable the source/destination check for SNAT servers. 7. Bind an EIP. - - Bind an EIP with the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. - - Bind an EIP with the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. + - Bind an EIP to the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. + - Bind an EIP to the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. 8. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. @@ -47,11 +47,11 @@ Procedure **su - root** -10. Run the following command to check whether the ECS can successfully connect to the Internet: +10. Check whether the ECS can connect to the Internet. .. note:: - Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and enable the security group rules. + Before running the following command, you must disable the response iptables rule on the ECS where SNAT is configured and add certain security group rules. **ping www.google.com** @@ -65,22 +65,22 @@ Procedure 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms -11. Run the following command to check whether IP forwarding of the Linux OS is enabled: +11. Check whether IP forwarding of the Linux OS is enabled: **cat /proc/sys/net/ipv4/ip_forward** In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - If IP forwarding in Linux is enabled, go to step :ref:`14 `. - - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable IP forwarding in Linux. + - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable it. - Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. + Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these, you need to enable the IP forwarding function and configure SNAT rules. 12. .. _vpc_route_0004__en-us_topic_0118499009_li3948189019612: Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. -13. Run the following command to make the change take effect: +13. Make the change take effect: **sysctl -p /etc/sysctl.conf** @@ -88,7 +88,7 @@ Procedure Configure SNAT. - Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: :ref:`Figure 1 ` shows the example command. + Enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function. :ref:`Figure 1 ` shows the example. **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** @@ -101,25 +101,25 @@ Procedure .. note:: - - To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. + - To ensure that the configured rules will not be lost after the restart, write the rules into the **/etc/rc.local** file. - a. Run the following command to switch to the **/etc/sysctl.conf** file: + a. Switch to the **/etc/sysctl.conf** file: **vi /etc/rc.local** b. Perform :ref:`14 ` to configure SNAT. - c. Run the following command to save the configuration and exit: + c. Save the configuration and exit: **:wq** - d. Run the following command to add the execute permission for the **rc.local** file: + d. Add the execute permission for the **rc.local** file: **# chmod +x /etc/rc.local** - To ensure that the configuration takes effect, run the **iptables -L** command to check whether the configured rules conflict with each other. -15. Run the following command to check whether the operation is successful: If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the operation was successful. +15. Check whether the configuration is successful. If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the configuration was successful. **iptables -t nat --list** @@ -132,7 +132,7 @@ Procedure 16. Add a route. For details, see section :ref:`Adding a Custom Route `. - Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. + Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed, for example, **192.168.1.4**. After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. diff --git a/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst index d00d9ec..8729bcd 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/creating_a_custom_route_table.rst @@ -19,8 +19,6 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. - #. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. diff --git a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst index c3b97e0..30a8988 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route.rst @@ -8,7 +8,7 @@ Deleting a Route Scenarios --------- -Delete a route if it is no longer required. +This section describes how to delete a custom route from a route table. Procedure --------- diff --git a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst index 520838f..2c09147 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/deleting_a_route_table.rst @@ -21,7 +21,6 @@ Procedure #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. #. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. #. In the route table list, locate the row that contains the route table to be deleted and click **Delete** in the **Operation** column. #. Click **Yes**. diff --git a/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst b/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst index 6e7a7c2..4167b7f 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/exporting_route_table_information.rst @@ -19,8 +19,6 @@ Procedure #. Under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. - #. On the displayed page, click |image2| in the upper right of the route table list. The system will automatically export information about all route tables under your account in the current region as an Excel file to a local directory. diff --git a/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst b/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst index e79c80b..c38bff5 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/replicating_a_route.rst @@ -26,8 +26,6 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Route Tables**. - #. In the route table list, locate the row that contains the target route table and click **Replicate Route** in the **Operation** column. #. Select the target route table and then the route to be replicated as prompted. diff --git a/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst b/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst index 30deb5e..3d90199 100644 --- a/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst +++ b/umn/source/operation_guide_new_console_edition/route_table/route_table_overview.rst @@ -55,28 +55,31 @@ A route is configured with the destination, next hop type, and next hop to deter .. table:: **Table 1** Next hop type - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | Description | Supported Route Table | - +========================+==============================================================================================================================================================+========================+ - | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Description | Supported Route Table | + +==========================+==============================================================================================================================================================+========================+ + | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ .. note:: diff --git a/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst b/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst index 3e5854c..11664e5 100644 --- a/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/operation_guide_new_console_edition/security/differences_between_security_groups_and_firewalls.rst @@ -30,7 +30,7 @@ For details, see :ref:`Figure 1 `. +When a firewall is disabled, custom rules will become invalid while default rules still take effect. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules `. Procedure --------- diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst b/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst index a7c5a84..f77b434 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst +++ b/umn/source/operation_guide_new_console_edition/security/firewall/firewall_configuration_examples.rst @@ -43,7 +43,7 @@ Firewall Configuration Allowing Access from Specific Ports and Protocols ------------------------------------------------- -In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic regardless of the port. You need to configure both the firewall rules and security group rules to allow the traffic. +In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic. You need to configure both the firewall rules and security group rules to allow the traffic. Firewall Configuration diff --git a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst b/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst index ca2b752..fce0d14 100644 --- a/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/operation_guide_new_console_edition/security/firewall/modifying_a_firewall_rule.rst @@ -56,7 +56,7 @@ Procedure | | | | | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | Destination | The destination to which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | | | | | diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst b/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst index a745a48..ace0a8b 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/adding_a_security_group_rule.rst @@ -42,26 +42,26 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+====================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,24 +75,24 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst index 88aa884..31470af 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst @@ -16,27 +16,25 @@ Adding Instances to a Security Group ------------------------------------ #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, click **Add** and add one or more servers to the current security group. -7. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. -8. Click **OK**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, click **Add** and add one or more servers to the current security group. +#. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. +#. Click **OK**. Removing Instances from a Security Group ---------------------------------------- #. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. -7. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. -8. Click **Yes**. +#. Click |image2| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. +#. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. +#. Click **Yes**. **Removing multiple instances from a security group** diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst index cc2dda4..7721c7a 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/creating_a_security_group.rst @@ -8,22 +8,22 @@ Creating a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -51,6 +51,6 @@ Procedure | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst b/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst index 274b19c..dc753be 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst @@ -5,18 +5,18 @@ Default Security Groups and Security Group Rules ================================================ -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. +The system creates a default security group for each account. By default, the default security group rules: -:ref:`Figure 1 ` shows the default security group rules. The following uses access between ECSs as an example. +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. -.. _securitygroup_0003__en-us_topic_0118534003_fig997718156161: .. figure:: /_static/images/en-us_image_0000001230120807.png :alt: **Figure 1** Default security group **Figure 1** Default security group -:ref:`Table 1 ` describes the default rules for the default security group. +:ref:`Table 1 ` describes the default rules in the default security group. .. _securitygroup_0003__en-us_topic_0118534003_table493045171919: diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst b/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst index a54f0ed..dd2e37a 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/deleting_a_security_group.rst @@ -8,23 +8,42 @@ Deleting a Security Group Scenarios --------- -This section describes how to delete security groups that you are no longer required. +This section describes how to delete security groups. Notes and Constraints --------------------- -- The default security group cannot be deleted. -- If a security group is associated with resources other than servers and extension NICs, the security group cannot be deleted. +- The default security group is named **default** and cannot be deleted. + +- A security group cannot be deleted if it is being used by instances, such as cloud servers, containers, and databases. + + If want to delete such a security group, delete the instances or change the security group used by the instance first. + +- A security group cannot be deleted if it is used as the source of a rule in another security group. + + :ref:`Delete ` or :ref:`modify ` the rule and delete the security group again. + + For example, if the source of a rule in security group **sg-B** is set to **sg-A**, you need to delete or modify the rule in **sg-B** before deleting **sg-A**. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. -6. Click **Yes** in the displayed dialog box. +#. Click |image1| in the upper left corner and select the desired region and project. + +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + + The security group list is displayed. + +#. Locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst index 81d9d00..d0901a3 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst @@ -21,12 +21,11 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. Export and import security group rules. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. Export and import security group rules. - Click |image2| to export all rules of the current security group to an Excel file. @@ -38,38 +37,38 @@ Procedure .. table:: **Table 1** Template parameters - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - Inbound rules control incoming traffic to cloud resources in the security group. | | - | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Last Modified | The time when the security group was modified. | ``-`` | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - Inbound rules control incoming traffic to cloud resources in the security group. | | + | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Last Modified | The time when the security group was modified. | ``-`` | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. |image1| image:: /_static/images/en-us_image_0141273034.png .. |image2| image:: /_static/images/en-us_image_0142360062.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst b/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst index beda16e..54fa766 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/modifying_a_security_group_rule.rst @@ -14,12 +14,11 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. -7. Modify the rule and click **Confirm**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. +#. Modify the rule and click **Confirm**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst b/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst index ccc7571..e6c3b7b 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/replicating_a_security_group_rule.rst @@ -15,18 +15,18 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. +#. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. +#. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. You can also modify the security group rule as required to quickly generate a new rule. -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst b/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst index 006f6e0..1ad8098 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/security_group_configuration_examples.rst @@ -60,7 +60,7 @@ Enabling ECSs in Different Security Groups to Communicate with Each Other Throug You can add an inbound rule to the security groups containing the ECSs to allow access from ECSs in the other security group. The required rule is as follows. +-----------+----------------------------------------------------+--------------------+------------------------------+ - | Direction | Protocol/Application | Port | Source | + | Direction | Protocol | Port | Source | +===========+====================================================+====================+==============================+ | Inbound | Used for communication through an internal network | Port or port range | ID of another security group | +-----------+----------------------------------------------------+--------------------+------------------------------+ diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst b/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst index 37c2b04..2c9edcb 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/security_group_overview.rst @@ -8,11 +8,16 @@ Security Group Overview Security Group -------------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. You can directly use the default security group. For details, see :ref:`Default Security Groups and Security Group Rules `. +The system creates a default security group for each account. By default, the :ref:`default security group ` rules: -You can also create custom security groups to meet your specific service requirements. For details, see :ref:`Creating a Security Group `. +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. + +Instances in the same security group can communicate with each other without adding additional rules. + +If the default security group does not meet your requirements, you can :ref:`modify security group rules ` or :ref:`create a custom security group `. Security Group Basics --------------------- @@ -45,7 +50,7 @@ Security Group Constraints - By default, you can create a maximum of 100 security groups in your cloud account. - By default, you can add up to 50 security group rules to a security group. -- By default, you can add an ECS or an extension NIC to a maximum of five security groups. In such a case, the rules of all the selected security groups are aggregated to take effect. +- By default, you can associate no more than five security groups with each ECS or extension NIC. In such a case, the rules of all the selected security groups are aggregated to take effect. - When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. diff --git a/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst index 89a12cc..cd1db3f 100644 --- a/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst +++ b/umn/source/operation_guide_new_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst @@ -14,10 +14,9 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. On the **Elastic Cloud Server** page, click the name of the target ECS. -5. Click the **Security Groups** tab and view information about the security group used by the ECS. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Under **Computing**, click **Elastic Cloud Server**. +#. On the **Elastic Cloud Server** page, click the name of the target ECS. +#. Click the **Security Groups** tab and view information about the security group used by the ECS. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst b/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst index d80170b..e49f990 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst +++ b/umn/source/operation_guide_new_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst @@ -15,7 +15,7 @@ Notes and Constraints - After an EIP is added to a shared bandwidth, the original bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth. - The EIP's original dedicated bandwidth will be deleted. -- Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. +- Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Procedure --------- diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst index 1074a93..4cb8274 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ b/umn/source/operation_guide_new_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst @@ -36,7 +36,7 @@ Procedure +================+=========================================================================================================================================================================================================================================================================================================+===============+ | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth | The bandwidth size in Mbit/s. The value ranges from starting with 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | + | Bandwidth | The bandwidth size in Mbit/s. The minimum value is 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Bandwidth Name | The name of the shared bandwidth. | Bandwidth-001 | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ diff --git a/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst b/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst index 7d05eba..9f119c2 100644 --- a/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst +++ b/umn/source/operation_guide_new_console_edition/shared_bandwidth/shared_bandwidth_overview.rst @@ -5,9 +5,9 @@ Shared Bandwidth Overview ========================= -Shared bandwidth allows multiple EIPs to share the same bandwidth. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. +A shared bandwidth can be shared by multiple EIPs and controls the data transfer rate on these EIPs in a centralized manner. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. -When you host a large number of applications on the cloud, if each EIP uses an independent bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. +When you host a large number of applications on the cloud, if each EIP uses a bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. - Easy to Manage @@ -15,4 +15,4 @@ When you host a large number of applications on the cloud, if each EIP uses an i - Flexible Operations - You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the instances to which they are bound. + You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the EIP types and the instances that they are bound to. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst index 9823614..549cadb 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -15,20 +15,28 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image1| in the upper left corner and select the desired region and project. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet where a virtual IP address is to be assigned, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet where a virtual IP address is to be assigned. -7. Click the **Virtual IP Addresses** tab and click **Assign Virtual IP Address**. -8. Select a virtual IP address assignment mode. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - **Automatic**: The system assigns an IP address automatically. - - **Manual**: You can specify an IP address. + The **Virtual Private Cloud** page is displayed. -9. Select **Manual** and enter a virtual IP address. -10. Click **OK**. +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the VPC containing the subnet where a virtual IP address is to be assigned, and click the VPC name. + +#. On the **Subnets** tab, click the name of the subnet where a virtual IP address is to be assigned. + +#. Click the **Virtual IP Addresses** tab and click **Assign Virtual IP Address**. + +#. Select a virtual IP address assignment mode. + + - **Automatic**: The system assigns an IP address automatically. + - **Manual**: You can specify an IP address. + +#. Select **Manual** and enter a virtual IP address. + +#. Click **OK**. You can then query the assigned virtual IP address in the IP address list. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst index 8208cce..2cf1b8c 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst @@ -19,11 +19,10 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. -5. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. -6. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Elastic IP**. +#. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. +#. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. +#. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst index 4696b08..2cc8deb 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -15,21 +15,28 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image1| in the upper left corner and select the desired region and project. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the virtual IP address and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet that the virtual IP address belongs to. -7. Click the **IP Addresses** tab, locate the row that contains the virtual IP address to be bound to an EIP or ECS, and choose **Bind to EIP** or **Bind to Server** in the **Operation** column. -8. Select the desired EIP, or ECS and its NIC. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the VPC containing the virtual IP address and click the VPC name. + +#. On the **Subnets** tab, click the name of the subnet that the virtual IP address belongs to. + +#. Click the **IP Addresses** tab, locate the row that contains the virtual IP address to be bound to an EIP or ECS, and choose **Bind to EIP** or **Bind to Server** in the **Operation** column. + +#. Select the desired EIP, or ECS and its NIC. .. note:: - If the ECS has multiple NICs, bind the virtual IP address to the primary NIC. - Multiple virtual IP addresses can be bound to an ECS NIC. -9. Click **OK**. +#. Click **OK**. 10. Manually configure the virtual IP address bound to an ECS. diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst index 08a5406..277e1dc 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst @@ -6,11 +6,10 @@ Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) =========================================================================== #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. In the ECS list, click the ECS name. -5. On the displayed ECS details page, click the **NICs** tab. -6. Check that **Source/Destination Check** is disabled. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Under **Computing**, click **Elastic Cloud Server**. +#. In the ECS list, click the ECS name. +#. On the displayed ECS details page, click the **NICs** tab. +#. Check that **Source/Destination Check** is disabled. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst index ca48083..28b272b 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst @@ -10,8 +10,8 @@ Scenarios If you no longer need a virtual IP address or a reserved virtual IP address, you can release it to avoid wasting resources. -Prerequisites -------------- +Notes and Constraints +--------------------- Before deleting a virtual IP address, ensure that the virtual IP address has been unbound from the following resources: @@ -24,13 +24,20 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image1| in the upper left corner and select the desired region and project. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet from which a virtual IP address is to be released, and click the VPC name. -6. On the **Subnets** tab, click the name of the subnet from which a virtual IP address is to be released. -7. Click the **Virtual IP Addresses** tab, locate the row that contains the virtual IP address to be released, click **More** in the **Operation** column, and select **Release**. -8. Click **Yes** in the displayed dialog box. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the VPC containing the subnet from which a virtual IP address is to be released, and click the VPC name. + +#. On the **Subnets** tab, click the name of the subnet from which a virtual IP address is to be released. + +#. Click the **Virtual IP Addresses** tab, locate the row that contains the virtual IP address to be released, click **More** in the **Operation** column, and select **Release**. + +#. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst b/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst index 4705506..b890f91 100644 --- a/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst +++ b/umn/source/operation_guide_new_console_edition/virtual_ip_address/virtual_ip_address_overview.rst @@ -88,5 +88,5 @@ Notes and Constraints sysctl -p /etc/sysctl.conf - Each virtual IP address can be bound to only one EIP. -- It is recommended that no more than eight virtual IP addresses be bound to an ECS. -- It is recommended that no more than 10 ECSs be bound to a virtual IP address. +- An ECS can have up to eight virtual IP addresses bound. +- A virtual IP address can be bound to up to 10 ECSs. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst index 2ca3d31..e06eaa2 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- @@ -21,6 +21,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **Subnets**. 5. Click **Create Subnet**. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst index 957c4d0..ccb6992 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_subnet.rst @@ -8,12 +8,12 @@ Deleting a Subnet Scenarios --------- -You can delete a subnet to release network resources if the subnet is no longer required. +This section describes how to delete a subnet. -Prerequisites -------------- +Notes and Constraints +--------------------- -You can delete a subnet only if there are no resources in the subnet. If there are resources in the subnet, you must delete those resources before you can delete the subnet. +If you want to delete a subnet with resources deployed, you must delete those resources first. You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. @@ -36,16 +36,18 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. -5. In the subnet list, locate the row that contains the subnet you want to delete and click **Delete** in the **Operation** column. +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. In the subnet list, locate the row that contains the subnet you want to delete and click **Delete** in the **Operation** column. A confirmation dialog box is displayed. -6. Click **Yes**. +#. Click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst index 77afe95..a2d50e4 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/deleting_a_vpc.rst @@ -8,32 +8,40 @@ Deleting a VPC Scenarios --------- -You can delete a VPC if the VPC is no longer required. - -You can delete a VPC only if there are no resources in the VPC. If there are resources in the VPC, you must delete those resources before you can delete the VPC. - -A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. - -- Subnets. For details, see section :ref:`Deleting a Subnet `. -- VPNs. For details, see *Virtual Private Network User Guide*. -- Direct Connect connections. For details, see the *Direct Connect User Guide*. -- Custom routes. For details, see section :ref:`Deleting a Route `. -- VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. +This section describes how to delete a VPC. Notes and Constraints --------------------- -If there are any EIPs or security groups, the last VPC cannot be deleted. +- If you want to delete a VPC with resources deployed, you must delete those resources first. + + A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. + + - Subnets. For details, see section :ref:`Deleting a Subnet `. + - VPNs. For details, see *Virtual Private Network User Guide*. + - Direct Connect connections. For details, see the *Direct Connect User Guide*. + - Custom routes. For details, see section :ref:`Deleting a Route `. + - VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. + +- If there are any EIPs or security groups, the last VPC cannot be deleted. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. -6. Click **Yes** in the displayed dialog box. +#. Click |image1| in the upper left corner and select the desired region and project. + +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst index 802da92..468b54c 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/exporting_vpc_list.rst @@ -15,13 +15,15 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. -5. In the upper right corner of the VPC list, click |image2|. +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. In the upper right corner of the VPC list, click |image2|. The system will automatically export information about all VPCs under your account in the current region. They will be exported in Excel format. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst index 5c67bdc..35e62af 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_subnet_tags.rst @@ -49,6 +49,8 @@ Procedure #. Under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Subnets**. #. In the upper right corner of the subnet list, click **Search by Tag**. @@ -68,10 +70,17 @@ Procedure **Add, delete, edit, and view tags on the Tags tab of a subnet.** #. Log in to the management console. + #. Click |image2| in the upper left corner and select the desired region and project. + #. Under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Subnets**. + #. In the subnet list, locate the target subnet and click its name. + #. On the subnet details page, click the **Tags** tab and perform desired operations on tags. - View tags. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst index dcb52db..6f41f56 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/managing_vpc_tags.rst @@ -49,6 +49,8 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. #. In the upper right corner of the VPC list, click **Search by Tag**. @@ -73,6 +75,8 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the VPC whose tags are to be managed and click the VPC name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst index 85c682e..78db137 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_subnet.rst @@ -14,10 +14,17 @@ Procedure --------- #. Log in to the management console. + #. Click |image1| in the upper left corner and select the desired region and project. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Subnets**. + #. In the subnet list, locate the target subnet and click its name. + #. On the subnet details page, modify required parameters. .. table:: **Table 1** Parameter descriptions diff --git a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst index 751fa8b..3e6df39 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_and_subnet/modifying_a_vpc.rst @@ -56,7 +56,7 @@ Procedure #. Click |image2| in the upper left corner and select the desired region and project. #. On the console homepage, under **Network**, click **Virtual Private Cloud**. #. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Modify the basic information about a VPC using either of the following methods : +#. Modify the basic information about a VPC using either of the following methods: - In the VPC list, click |image3| on the right of the VPC name to change the VPC name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst b/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst index 79c20ba..62a8049 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_flow_log/vpc_flow_log_overview.rst @@ -7,14 +7,14 @@ VPC Flow Log Overview A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification. -VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring the VPC flow log function. +VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring VPC flow logs. .. _flowlog_0002__en-us_topic_0151014680_fig1535115691415: .. figure:: /_static/images/en-us_image_0162336264.png - :alt: **Figure 1** Configuring the VPC flow log function + :alt: **Figure 1** Configuring VPC flow logs - **Figure 1** Configuring the VPC flow log function + **Figure 1** Configuring VPC flow logs Notes and Constraints --------------------- diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst index c61bf07..ad574ee 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -19,6 +19,8 @@ Creating a VPC Peering Connection 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the right pane displayed, click **Create VPC Peering Connection**. @@ -67,6 +69,8 @@ To request a VPC peering connection with a VPC in another account, the owner of #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. #. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. @@ -85,9 +89,15 @@ Refusing a VPC Peering Connection The owner of the peer account can reject any VPC peering connection request that they receive. If a VPC peering connection request is rejected, the connection will not be established. You must delete the rejected VPC peering connection request before creating a VPC peering connection between the same VPCs as those in the rejected request. #. The owner of the peer account logs in to the management console. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. + #. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Reject Request** in the **Operation** column. + #. Click **Yes** in the displayed dialog box. Adding Routes for a VPC Peering Connection @@ -97,6 +107,8 @@ If you request a VPC peering connection with a VPC in another account, the owner #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. #. Locate the VPC peering connection that you want to configure routes for in the connection list and click the connection name. @@ -214,8 +226,15 @@ Obtaining the Peer VPC ID ------------------------- #. The owner of the peer account logs in to the management console. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Click the target VPC name and view VPC ID on the VPC details page. + +#. Click the name of the target VPC. + + On the displayed page, you can view the VPC ID. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst index f246086..05a949b 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -24,6 +24,8 @@ Creating a VPC Peering Connection 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the right pane displayed, click **Create VPC Peering Connection**. @@ -74,6 +76,8 @@ If you request a VPC peering connection with another VPC in your own account, th #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. #. Locate the VPC peering connection that you want to configure routes for in the connection list and click the connection name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst index a50e20e..3e1f5f8 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst index f078cd5..75913a9 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/deleting_a_vpc_peering_route.rst @@ -14,10 +14,19 @@ Procedure --------- #. Log in to the management console. + #. Click |image1| in the upper left corner and select the desired region and project. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, click **VPC Peering**. + #. In the connection list, locate the VPC peering connection that you need to delete routes. + #. Click the name of the VPC peering connection to switch to the page showing details about the connection. + #. Delete the route added to the route table of the local VPC: a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst index 9966475..f1c6fee 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst index 217dd5f..dd523b7 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -16,11 +16,19 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. + 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. + 5. Locate the target VPC peering connection in the connection list. + 6. Click the name of the VPC peering connection to switch to the page showing details about the connection. + 7. On the displayed page, click the **Local Routes** tab and view information about the local route added for the VPC peering connection. + 8. On the page showing details about the VPC peering connection, click the **Peer Routes** tab and view information about the peer route added for the VPC peering connection. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst index 247a72b..7df1bbf 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst index aa87a53..50a667b 100644 --- a/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst +++ b/umn/source/operation_guide_new_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst @@ -5,7 +5,7 @@ VPC Peering Connection Creation Procedure ========================================= -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. +A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same network. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. - Creating a VPC peering connection between VPCs in your account diff --git a/umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/operation_guide_old_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst similarity index 77% rename from umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst rename to umn/source/operation_guide_old_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index ed57fd2..ce12290 100644 --- a/umn/source/operation_guide_old_console_edition/eip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/operation_guide_old_console_edition/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -12,11 +12,16 @@ You can assign an EIP and bind it to an ECS so that the ECS can access the Inter .. note:: - EIPs for dedicated load balancers: + Note the following when you use EIPs of the Dedicated Load Balancer (**5_gray**) type: - - In the **eu-de** region, if you choose to assign an EIP when you create a dedicated load balancer on the management console or using APIs, EIPs for dedicated load balancers (**5_gray**) will be assigned. - - Do not bind EIPs of this type to non-dedicated load balancers. - - Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. + - In **eu-de**, EIPs of the Dedicated Load Balancer (5_gray) type cannot be created any more. + - Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see "Binding an EIP" and "Unbinding an EIP" in "API V3" section in the *Elastic IP API Reference*. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + + - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Assigning an EIP ---------------- @@ -39,26 +44,26 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to purchase. | 1 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=========================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 192.168.12.10 | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + | Quantity | The number of EIPs you want to purchase. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ .. _vpc_eip02_0001__en-us_topic_0118498850_table36606052153313: @@ -95,7 +100,7 @@ Binding an EIP #. On the **EIPs** page, locate the row that contains the target EIP, and click **Bind**. -#. Select the instance to which you want to bind the EIP. +#. Select the instance that you want to bind the EIP to. .. figure:: /_static/images/en-us_image_0000001166028070.png @@ -105,7 +110,7 @@ Binding an EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details about the implementation and constraints, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` Follow-Up Procedure ------------------- diff --git a/umn/source/operation_guide_old_console_edition/eip/index.rst b/umn/source/operation_guide_old_console_edition/elastic_ip/index.rst similarity index 95% rename from umn/source/operation_guide_old_console_edition/eip/index.rst rename to umn/source/operation_guide_old_console_edition/elastic_ip/index.rst index 9b20f37..ca91cd8 100644 --- a/umn/source/operation_guide_old_console_edition/eip/index.rst +++ b/umn/source/operation_guide_old_console_edition/elastic_ip/index.rst @@ -2,8 +2,8 @@ .. _vpc_eip02_0000: -EIP -=== +Elastic IP +========== - :ref:`Assigning an EIP and Binding It to an ECS ` - :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` diff --git a/umn/source/operation_guide_old_console_edition/eip/managing_eip_tags.rst b/umn/source/operation_guide_old_console_edition/elastic_ip/managing_eip_tags.rst similarity index 100% rename from umn/source/operation_guide_old_console_edition/eip/managing_eip_tags.rst rename to umn/source/operation_guide_old_console_edition/elastic_ip/managing_eip_tags.rst diff --git a/umn/source/operation_guide_old_console_edition/eip/modifying_an_eip_bandwidth.rst b/umn/source/operation_guide_old_console_edition/elastic_ip/modifying_an_eip_bandwidth.rst similarity index 100% rename from umn/source/operation_guide_old_console_edition/eip/modifying_an_eip_bandwidth.rst rename to umn/source/operation_guide_old_console_edition/elastic_ip/modifying_an_eip_bandwidth.rst diff --git a/umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/operation_guide_old_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst similarity index 69% rename from umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst rename to umn/source/operation_guide_old_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst index 772e299..28b3fed 100644 --- a/umn/source/operation_guide_old_console_edition/eip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst +++ b/umn/source/operation_guide_old_console_edition/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst @@ -13,7 +13,14 @@ If you no longer need an EIP, unbind it from the ECS and release the EIP to avoi Notes and Constraints --------------------- -- EIP assigned together with your load balancers will also be displayed in the EIP list on the VPC console. On the EIP console or using EIP APIs, you cannot bind EIPs to or unbind them from dedicated load balancers, but you can bind EIPs to or unbind them from shared load balancers. +- In **eu-de**, EIPs of the Dedicated Load Balancer (5_gray) type cannot be created any more. +- Existing EIPs of the Dedicated Load Balancer (**5_gray**) type can be bound to dedicated or shared load balancers. + + - The EIP console cannot be used to bind EIPs to or unbind them from dedicated load balancers. + - You can use APIs to bind EIPs to or unbind them from dedicated load balancers. For details, see "Binding an EIP" and "Unbinding an EIP" in "API V3" section in the *Elastic IP API Reference*. + - EIPs of this type can be bound to or unbound from shared load balancers using the EIP console or APIs. + +- EIP assigned together with your load balancers will also be displayed in the EIP list. - You can only release EIPs that are not bound to any resources. Procedure @@ -30,11 +37,10 @@ Procedure **Releasing a single EIP** #. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. -5. Click **Yes** in the displayed dialog box. +#. Click |image2| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Elastic IP**. +#. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. +#. Click **Yes** in the displayed dialog box. **Unbinding multiple EIPs at once** diff --git a/umn/source/operation_guide_old_console_edition/index.rst b/umn/source/operation_guide_old_console_edition/index.rst index 59f889f..f2b9276 100644 --- a/umn/source/operation_guide_old_console_edition/index.rst +++ b/umn/source/operation_guide_old_console_edition/index.rst @@ -7,7 +7,7 @@ Operation Guide (Old Console Edition) - :ref:`VPC and Subnet ` - :ref:`Security ` -- :ref:`EIP ` +- :ref:`Elastic IP ` - :ref:`Shared Bandwidth ` - :ref:`Route Table ` - :ref:`VPC Peering Connection ` @@ -22,7 +22,7 @@ Operation Guide (Old Console Edition) vpc_and_subnet/index security/index - eip/index + elastic_ip/index shared_bandwidth/index route_table/index vpc_peering_connection/index diff --git a/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst b/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst index dfcc52c..661aad4 100644 --- a/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst +++ b/umn/source/operation_guide_old_console_edition/monitoring/creating_an_alarm_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. In the left navigation pane on the left, choose **Alarm Management** > **Alarm Rules**. diff --git a/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst b/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst index 59c9fd2..fb000f7 100644 --- a/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst +++ b/umn/source/operation_guide_old_console_edition/monitoring/supported_metrics.rst @@ -20,25 +20,25 @@ Monitoring Metrics .. table:: **Table 1** EIP and bandwidth metrics - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | - +======================+====================+=================================================+=============+==================+================================+ - | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: bit/s | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | up_stream | Outbound Traffic | Network traffic going out of the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ - | down_stream | Inbound Traffic | Network traffic going into the cloud platform | >= 0 bytes | Bandwidth or EIP | 1 minute | - | | | | | | | - | | | Unit: byte | | | | - +----------------------+--------------------+-------------------------------------------------+-------------+------------------+--------------------------------+ + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | ID | Name | Description | Value Range | Monitored Object | Monitoring Interval (Raw Data) | + +======================+====================+=============================================================+=============+==================+================================+ + | upstream_bandwidth | Outbound Bandwidth | Network rate of outbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | downstream_bandwidth | Inbound Bandwidth | Network rate of inbound traffic | >= 0 bit/s | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: bit/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | up_stream | Outbound Traffic | Network traffic going out of the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ + | down_stream | Inbound Traffic | Network traffic going into the cloud platform in a minute | >= 0 bytes | Bandwidth or EIP | 1 minute | + | | | | | | | + | | | Unit: byte/s | | | | + +----------------------+--------------------+-------------------------------------------------------------+-------------+------------------+--------------------------------+ Dimensions ---------- diff --git a/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst b/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst index 54f97e5..5d4103d 100644 --- a/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst +++ b/umn/source/operation_guide_old_console_edition/monitoring/viewing_metrics.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. Hover on the upper left corner to display **Service List** and choose **Management & Governance** > **Cloud Eye**. +3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. 5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. diff --git a/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst b/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst index f2c9420..ad4788c 100644 --- a/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst +++ b/umn/source/operation_guide_old_console_edition/route_table/configuring_an_snat_server.rst @@ -26,7 +26,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Compute**, click **Elastic Cloud Server**. +3. Under **Computing**, click **Elastic Cloud Server**. 4. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. @@ -34,12 +34,12 @@ Procedure 6. Click the NIC IP address. In the displayed area showing the NIC details, disable the source/destination check function. - By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. Therefore, you need to disable the source/destination check for SNAT servers. + By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This prevents packet spoofing and improves system security. If SNAT is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. To stop this, you can disable the source/destination check for SNAT servers. 7. Bind an EIP. - - Bind an EIP with the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. - - Bind an EIP with the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. + - Bind an EIP to the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. + - Bind an EIP to the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. 8. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. @@ -47,11 +47,11 @@ Procedure **su - root** -10. Run the following command to check whether the ECS can successfully connect to the Internet: +10. Check whether the ECS can connect to the Internet. .. note:: - Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and enable the security group rules. + Before running the following command, you must disable the response iptables rule on the ECS where SNAT is configured and add certain security group rules. **ping www.google.com** @@ -65,22 +65,22 @@ Procedure 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms -11. Run the following command to check whether IP forwarding of the Linux OS is enabled: +11. Check whether IP forwarding of the Linux OS is enabled: **cat /proc/sys/net/ipv4/ip_forward** In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - If IP forwarding in Linux is enabled, go to step :ref:`14 `. - - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable IP forwarding in Linux. + - If IP forwarding in Linux is disabled, perform step :ref:`12 ` to enable it. - Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. + Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these, you need to enable the IP forwarding function and configure SNAT rules. 12. .. _vpc_route02_0002__en-us_topic_0118499009_li3948189019612: Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. -13. Run the following command to make the change take effect: +13. Make the change take effect: **sysctl -p /etc/sysctl.conf** @@ -88,7 +88,7 @@ Procedure Configure SNAT. - Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: :ref:`Figure 1 ` shows the example command. + Enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function. :ref:`Figure 1 ` shows the example. **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** @@ -101,25 +101,25 @@ Procedure .. note:: - - To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. + - To ensure that the configured rules will not be lost after the restart, write the rules into the **/etc/rc.local** file. - a. Run the following command to switch to the **/etc/sysctl.conf** file: + a. Switch to the **/etc/sysctl.conf** file: **vi /etc/rc.local** b. Perform :ref:`14 ` to configure SNAT. - c. Run the following command to save the configuration and exit: + c. Save the configuration and exit: **:wq** - d. Run the following command to add the execute permission for the **rc.local** file: + d. Add the execute permission for the **rc.local** file: **# chmod +x /etc/rc.local** - To ensure that the configuration takes effect, run the **iptables -L** command to check whether the configured rules conflict with each other. -15. Run the following command to check whether the operation is successful: If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the operation was successful. +15. Check whether the configuration is successful. If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the configuration was successful. **iptables -t nat --list** @@ -132,7 +132,7 @@ Procedure 16. Add a route. For details, see section :ref:`Adding a Custom Route `. - Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. + Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed, for example, **192.168.1.4**. After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. diff --git a/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst b/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst index 3d4e941..4aff42b 100644 --- a/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/operation_guide_old_console_edition/security/differences_between_security_groups_and_firewalls.rst @@ -30,7 +30,7 @@ For details, see :ref:`Figure 1 `. +When a firewall is disabled, custom rules will become invalid while default rules still take effect. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules `. Procedure --------- diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst b/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst index 98027dd..a04f4ec 100644 --- a/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst +++ b/umn/source/operation_guide_old_console_edition/security/firewall/firewall_configuration_examples.rst @@ -43,7 +43,7 @@ Firewall Configuration Allowing Access from Specific Ports and Protocols ------------------------------------------------- -In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic regardless of the port. You need to configure both the firewall rules and security group rules to allow the traffic. +In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic. You need to configure both the firewall rules and security group rules to allow the traffic. Firewall Configuration diff --git a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst b/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst index 73d56c2..9531fef 100644 --- a/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/operation_guide_old_console_edition/security/firewall/modifying_a_firewall_rule.rst @@ -56,7 +56,7 @@ Procedure | | | | | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | Destination | The destination to which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | | | | | diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst index 92e0c73..eeb189b 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/adding_a_security_group_rule.rst @@ -42,26 +42,26 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+====================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -75,24 +75,24 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst index adbe0ae..1355e14 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst @@ -16,27 +16,25 @@ Adding Instances to a Security Group ------------------------------------ #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, click **Add** and add one or more servers to the current security group. -7. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. -8. Click **OK**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, click **Add** and add one or more servers to the current security group. +#. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group. +#. Click **OK**. Removing Instances from a Security Group ---------------------------------------- #. Log in to the management console. - -2. Click |image2| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. -6. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. -7. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. -8. Click **Yes**. +#. Click |image2| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. +#. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. +#. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group. +#. Click **Yes**. **Removing multiple instances from a security group** diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst index 6f01087..11980f5 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/creating_a_security_group.rst @@ -8,22 +8,22 @@ Creating a Security Group Scenarios --------- -To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access policies to different security groups. +To improve ECS access security, you can create security groups, define security group rules, and add ECSs in a VPC to different security groups. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click **Create Security Group**. +#. On the **Security Groups** page, click **Create Security Group**. -6. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. +#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. .. figure:: /_static/images/en-us_image_0000001197426329.png @@ -51,6 +51,6 @@ Procedure | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst b/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst index 90dfa05..260233a 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/default_security_groups_and_security_group_rules.rst @@ -5,18 +5,18 @@ Default Security Groups and Security Group Rules ================================================ -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. +The system creates a default security group for each account. By default, the default security group rules: -:ref:`Figure 1 ` shows the default security group rules. The following uses access between ECSs as an example. +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. -.. _vpc_securitygroup02_0002__en-us_topic_0118534003_fig997718156161: .. figure:: /_static/images/en-us_image_0000001230120807.png :alt: **Figure 1** Default security group **Figure 1** Default security group -:ref:`Table 1 ` describes the default rules for the default security group. +:ref:`Table 1 ` describes the default rules in the default security group. .. _vpc_securitygroup02_0002__en-us_topic_0118534003_table493045171919: diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst b/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst index c60a6c1..05b4475 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/deleting_a_security_group.rst @@ -8,23 +8,42 @@ Deleting a Security Group Scenarios --------- -This section describes how to delete security groups that you are no longer required. +This section describes how to delete security groups. Notes and Constraints --------------------- -- The default security group cannot be deleted. -- If a security group is associated with resources other than servers and extension NICs, the security group cannot be deleted. +- The default security group is named **default** and cannot be deleted. + +- A security group cannot be deleted if it is being used by instances, such as cloud servers, containers, and databases. + + If want to delete such a security group, delete the instances or change the security group used by the instance first. + +- A security group cannot be deleted if it is used as the source of a rule in another security group. + + :ref:`Delete ` or :ref:`modify ` the rule and delete the security group again. + + For example, if the source of a rule in security group **sg-B** is set to **sg-A**, you need to delete or modify the rule in **sg-B** before deleting **sg-A**. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. -6. Click **Yes** in the displayed dialog box. +#. Click |image1| in the upper left corner and select the desired region and project. + +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + + The security group list is displayed. + +#. Locate the row that contains the target security group, click **More** in the **Operation** column, and click **Delete**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst index 3b100b8..fe74d5a 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/importing_and_exporting_security_group_rules.rst @@ -21,12 +21,11 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. Export and import security group rules. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. Export and import security group rules. - Click |image2| to export all rules of the current security group to an Excel file. @@ -38,38 +37,38 @@ Procedure .. table:: **Table 1** Template parameters - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================================================+=======================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - Inbound rules control incoming traffic to cloud resources in the security group. | | - | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Last Modified | The time when the security group was modified. | ``-`` | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================+=======================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - Inbound rules control incoming traffic to cloud resources in the security group. | | + | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Last Modified | The time when the security group was modified. | ``-`` | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. |image1| image:: /_static/images/en-us_image_0141273034.png .. |image2| image:: /_static/images/en-us_image_0142360062.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst index c4248f0..bd2ea4b 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/modifying_a_security_group_rule.rst @@ -14,12 +14,11 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. -7. Modify the rule and click **Confirm**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. On the **Security Groups** page, click the security group name. +#. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. +#. Modify the rule and click **Confirm**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst b/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst index a1bac05..49347c9 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/replicating_a_security_group_rule.rst @@ -15,18 +15,18 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. -5. On the **Security Groups** page, click the security group name. +#. On the **Security Groups** page, click the security group name. -6. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. +#. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column. You can also modify the security group rule as required to quickly generate a new rule. -7. Click **OK**. +#. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst index e7a0e25..0278906 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_configuration_examples.rst @@ -60,7 +60,7 @@ Enabling ECSs in Different Security Groups to Communicate with Each Other Throug You can add an inbound rule to the security groups containing the ECSs to allow access from ECSs in the other security group. The required rule is as follows. +-----------+----------------------------------------------------+--------------------+------------------------------+ - | Direction | Protocol/Application | Port | Source | + | Direction | Protocol | Port | Source | +===========+====================================================+====================+==============================+ | Inbound | Used for communication through an internal network | Port or port range | ID of another security group | +-----------+----------------------------------------------------+--------------------+------------------------------+ diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst index 2f2527d..6fd402a 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/security_group_overview.rst @@ -8,11 +8,16 @@ Security Group Overview Security Group -------------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. You can directly use the default security group. For details, see :ref:`Default Security Groups and Security Group Rules `. +The system creates a default security group for each account. By default, the :ref:`default security group ` rules: -You can also create custom security groups to meet your specific service requirements. For details, see :ref:`Creating a Security Group `. +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. + +Instances in the same security group can communicate with each other without adding additional rules. + +If the default security group does not meet your requirements, you can :ref:`modify security group rules ` or :ref:`create a custom security group `. Security Group Basics --------------------- @@ -45,7 +50,7 @@ Security Group Constraints - By default, you can create a maximum of 100 security groups in your cloud account. - By default, you can add up to 50 security group rules to a security group. -- By default, you can add an ECS or an extension NIC to a maximum of five security groups. In such a case, the rules of all the selected security groups are aggregated to take effect. +- By default, you can associate no more than five security groups with each ECS or extension NIC. In such a case, the rules of all the selected security groups are aggregated to take effect. - When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. diff --git a/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst index 123b31a..094dd1b 100644 --- a/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst +++ b/umn/source/operation_guide_old_console_edition/security/security_group/viewing_the_security_group_of_an_ecs.rst @@ -14,10 +14,9 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. On the **Elastic Cloud Server** page, click the name of the target ECS. -5. Click the **Security Groups** tab and view information about the security group used by the ECS. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Under **Computing**, click **Elastic Cloud Server**. +#. On the **Elastic Cloud Server** page, click the name of the target ECS. +#. Click the **Security Groups** tab and view information about the security group used by the ECS. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst index 711be77..ca2c4ff 100644 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst +++ b/umn/source/operation_guide_old_console_edition/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst @@ -15,7 +15,7 @@ Notes and Constraints - After an EIP is added to a shared bandwidth, the original bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth. - The EIP's original dedicated bandwidth will be deleted. -- Do not add EIPs of the dedicated load balancer type and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. +- Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. Procedure --------- diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst index 689b667..5f66cb4 100644 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ b/umn/source/operation_guide_old_console_edition/shared_bandwidth/assigning_a_shared_bandwidth.rst @@ -36,7 +36,7 @@ Procedure +================+=========================================================================================================================================================================================================================================================================================================+===============+ | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Bandwidth | The bandwidth size in Mbit/s. The value ranges from starting with 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | + | Bandwidth | The bandwidth size in Mbit/s. The minimum value is 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Bandwidth Name | The name of the shared bandwidth. | Bandwidth-001 | +----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ diff --git a/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst b/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst index 1ae3230..6b8cc57 100644 --- a/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst +++ b/umn/source/operation_guide_old_console_edition/shared_bandwidth/shared_bandwidth_overview.rst @@ -5,9 +5,9 @@ Shared Bandwidth Overview ========================= -Shared bandwidth allows multiple EIPs to share the same bandwidth. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. +A shared bandwidth can be shared by multiple EIPs and controls the data transfer rate on these EIPs in a centralized manner. All ECSs, BMSs, and load balancers that have EIPs bound in the same region can share a bandwidth. -When you host a large number of applications on the cloud, if each EIP uses an independent bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. +When you host a large number of applications on the cloud, if each EIP uses a bandwidth, a lot of bandwidths are required, increasing O&M workload. If all EIPs share the same bandwidth, VPCs and the region-level bandwidth can be managed in a unified manner, simplifying O&M statistics and network operations cost settlement. - Easy to Manage @@ -15,4 +15,4 @@ When you host a large number of applications on the cloud, if each EIP uses an i - Flexible Operations - You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the instances to which they are bound. + You can add EIPs to a shared bandwidth or remove them from a shared bandwidth regardless of the EIP types and the instances that they are bound to. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst index fade059..11be423 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -14,9 +14,13 @@ Procedure --------- #. Log in to the management console. + #. Click |image1| in the upper left corner and select the desired region and project. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **Virtual Private Cloud**. 5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet where a virtual IP address is to be assigned, and click the VPC name. 6. On the **Subnets** tab, click the name of the subnet where a virtual IP address is to be assigned. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst index 56ea6c7..1319c35 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst @@ -19,11 +19,10 @@ Procedure --------- #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Elastic IP**. -4. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. -5. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. -6. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. +#. Click |image1| in the upper left corner and select the desired region and project. +#. On the console homepage, under **Network**, click **Elastic IP**. +#. Locate the row that contains the EIP to be bound to the virtual IP address, and click **Bind** in the **Operation** column. +#. In the **Bind EIP** dialog box, set **Instance Type** to **Virtual IP address**. +#. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst index e6804d4..b0de9e8 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -14,8 +14,13 @@ Procedure --------- #. Log in to the management console. + #. Click |image1| in the upper left corner and select the desired region and project. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. 5. On the **Virtual Private Cloud** page, locate the VPC containing the virtual IP address and click the VPC name. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst index f1e724a..7dfedb8 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst @@ -6,11 +6,10 @@ Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) =========================================================================== #. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. -3. Under **Compute**, click **Elastic Cloud Server**. -4. In the ECS list, click the ECS name. -5. On the displayed ECS details page, click the **NICs** tab. -6. Check that **Source/Destination Check** is disabled. +#. Click |image1| in the upper left corner and select the desired region and project. +#. Under **Computing**, click **Elastic Cloud Server**. +#. In the ECS list, click the ECS name. +#. On the displayed ECS details page, click the **NICs** tab. +#. Check that **Source/Destination Check** is disabled. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst index 51e0ae5..f27772c 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/releasing_a_virtual_ip_address.rst @@ -10,8 +10,8 @@ Scenarios If you no longer need a virtual IP address or a reserved virtual IP address, you can release it to avoid wasting resources. -Prerequisites -------------- +Notes and Constraints +--------------------- Before deleting a virtual IP address, ensure that the virtual IP address has been unbound from the following resources: @@ -25,8 +25,11 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. + 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **Virtual Private Cloud**. 5. On the **Virtual Private Cloud** page, locate the VPC containing the subnet from which a virtual IP address is to be released, and click the VPC name. diff --git a/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst b/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst index 01bf42a..29412ff 100644 --- a/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst +++ b/umn/source/operation_guide_old_console_edition/virtual_ip_address/virtual_ip_address_overview.rst @@ -85,6 +85,6 @@ Precautions sysctl -p /etc/sysctl.conf -- The virtual IP address can use only the default security group, which cannot be changed to a custom security group. -- It is recommended that no more than eight virtual IP addresses be bound to an ECS. -- It is recommended that no more than 10 ECSs be bound to a virtual IP address. +- A virtual IP address can use only the default security group, which cannot be changed to a custom security group. +- An ECS can have up to eight virtual IP addresses bound. +- A virtual IP address can be bound to up to 10 ECSs. diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst index 3527c51..4d46fcc 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/creating_a_subnet_for_the_vpc.rst @@ -10,7 +10,7 @@ Scenarios A VPC comes with a default subnet. If the default subnet cannot meet your requirements, you can create one. -The subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. +A subnet is configured with DHCP by default. When an ECS in this subnet starts, the ECS automatically obtains an IP address using DHCP. Procedure --------- diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst index 18af104..155f30e 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_subnet.rst @@ -8,12 +8,12 @@ Deleting a Subnet Scenarios --------- -You can delete a subnet to release network resources if the subnet is no longer required. +This section describes how to delete a subnet. -Prerequisites -------------- +Notes and Constraints +--------------------- -You can delete a subnet only if there are no resources in the subnet. If there are resources in the subnet, you must delete those resources before you can delete the subnet. +If you want to delete a subnet with resources deployed, you must delete those resources first. You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst index 345ed69..342f1d1 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/deleting_a_vpc.rst @@ -8,32 +8,40 @@ Deleting a VPC Scenarios --------- -You can delete a VPC if the VPC is no longer required. - -You can delete a VPC only if there are no resources in the VPC. If there are resources in the VPC, you must delete those resources before you can delete the VPC. - -A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. - -- Subnets. For details, see section :ref:`Deleting a Subnet `. -- VPNs. For details, see *Virtual Private Network User Guide*. -- Direct Connect connections. For details, see the *Direct Connect User Guide*. -- Custom routes. For details, see section :ref:`Deleting a Route `. -- VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. +This section describes how to delete a VPC. Notes and Constraints --------------------- -If there are any EIPs or security groups, the last VPC cannot be deleted. +- If you want to delete a VPC with resources deployed, you must delete those resources first. + + A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. + + - Subnets. For details, see section :ref:`Deleting a Subnet `. + - VPNs. For details, see *Virtual Private Network User Guide*. + - Direct Connect connections. For details, see the *Direct Connect User Guide*. + - Custom routes. For details, see section :ref:`Deleting a Route `. + - VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. + +- If there are any EIPs or security groups, the last VPC cannot be deleted. Procedure --------- #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. -5. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. -6. Click **Yes** in the displayed dialog box. +#. Click |image1| in the upper left corner and select the desired region and project. + +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst index 560b1ff..655b3a4 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/exporting_vpc_list.rst @@ -15,13 +15,15 @@ Procedure #. Log in to the management console. -2. Click |image1| in the upper left corner and select the desired region and project. +#. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -4. In the navigation pane on the left, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. -5. In the upper right corner of the VPC list, click |image2|. +#. In the navigation pane on the left, click **Virtual Private Cloud**. + +#. In the upper right corner of the VPC list, click |image2|. The system will automatically export information about all VPCs under your account in the current region. They will be exported in Excel format. diff --git a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst index c5bbacb..594d3b5 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_and_subnet/managing_vpc_tags.rst @@ -49,6 +49,8 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. #. In the upper right corner of the VPC list, click **Search by Tag**. @@ -73,6 +75,8 @@ Procedure #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the VPC whose tags are to be managed and click the VPC name. diff --git a/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst b/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst index 2c5c8d6..9b5abc5 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_flow_log/vpc_flow_log_overview.rst @@ -7,14 +7,14 @@ VPC Flow Log Overview A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification. -VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring the VPC flow log function. +VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 ` shows the process for configuring VPC flow logs. .. _vpc_flowlog02_0001__en-us_topic_0151014680_fig1535115691415: .. figure:: /_static/images/en-us_image_0162336264.png - :alt: **Figure 1** Configuring the VPC flow log function + :alt: **Figure 1** Configuring VPC flow logs - **Figure 1** Configuring the VPC flow log function + **Figure 1** Configuring VPC flow logs Notes and Constraints --------------------- diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst index 22a5bd2..ce56699 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -67,6 +67,8 @@ To request a VPC peering connection with a VPC in another account, the owner of #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. #. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. @@ -85,9 +87,15 @@ Refusing a VPC Peering Connection The owner of the peer account can reject any VPC peering connection request that they receive. If a VPC peering connection request is rejected, the connection will not be established. You must delete the rejected VPC peering connection request before creating a VPC peering connection between the same VPCs as those in the rejected request. #. The owner of the peer account logs in to the management console. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **VPC Peering**. + #. In the VPC peering connection list, locate the row that contains the target VPC peering connection and click **Reject Request** in the **Operation** column. + #. Click **Yes** in the displayed dialog box. Adding Routes for the VPC Peering Connection @@ -148,8 +156,15 @@ Obtaining the Peer VPC ID ------------------------- #. The owner of the peer account logs in to the management console. + #. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + #. In the navigation pane on the left, click **Virtual Private Cloud**. -#. Click the target VPC name and view VPC ID on the VPC details page. + +#. Click the name of the target VPC. + + On the displayed page, you can view the VPC ID. .. |image1| image:: /_static/images/en-us_image_0226829583.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst index e56336f..3978bc4 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -24,6 +24,8 @@ Creating a VPC Peering Connection 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the right pane displayed, click **Create VPC Peering Connection**. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst index 6a40b0e..1a1b67d 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/deleting_a_vpc_peering_connection.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst index 3961ad5..8c029f2 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/modifying_a_vpc_peering_connection.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst index 1bff595..413c9ce 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -16,11 +16,19 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. + 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. + 5. Locate the target VPC peering connection in the connection list. + 6. Click the name of the VPC peering connection to switch to the page showing details about the connection. + 7. On the displayed page, click the **Local Routes** tab and view information about the local route added for the VPC peering connection. + 8. On the page showing details about the VPC peering connection, click the **Peer Routes** tab and view information about the peer route added for the VPC peering connection. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst index e8a9e87..d6fbf17 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/viewing_vpc_peering_connections.rst @@ -19,6 +19,8 @@ Procedure 3. On the console homepage, under **Network**, click **Virtual Private Cloud**. + The **Virtual Private Cloud** page is displayed. + 4. In the navigation pane on the left, click **VPC Peering**. 5. In the displayed pane on the right, view information about the VPC peering connections. You can search for specific VPC peering connections by connection status or by name. diff --git a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst index 704ea09..176e8e4 100644 --- a/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst +++ b/umn/source/operation_guide_old_console_edition/vpc_peering_connection/vpc_peering_connection_creation_procedure.rst @@ -5,7 +5,7 @@ VPC Peering Connection Creation Procedure ========================================= -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. +A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same network. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. - Creating a VPC peering connection between VPCs in your account diff --git a/umn/source/service_overview/basic_concepts/route_table.rst b/umn/source/service_overview/basic_concepts/route_table.rst index 868ee1e..9731b32 100644 --- a/umn/source/service_overview/basic_concepts/route_table.rst +++ b/umn/source/service_overview/basic_concepts/route_table.rst @@ -46,7 +46,10 @@ A route table contains a set of routes that are used to determine where network Default Route Table and Custom Route Table ------------------------------------------ -When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. You can add, delete, and modify routes in the default route table, but you cannot delete the route table. When you create a VPN, Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you want to modify or delete the route, you can associate your subnet with a custom route table and replicate the route to the custom route table to modify or delete it. +When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. + +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPN, or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required. @@ -72,32 +75,37 @@ A route is configured with the destination, next hop type, and next hop to deter You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + You cannot add two routes with the same destination to a VPC route table even if their next hop types are different. The route priority depends on the destination. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. + .. _en-us_topic_0038263963__en-us_topic_0118498988_en-us_topic_0121831807_table1727714140542: .. table:: **Table 1** Next hop type - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | Description | Supported Route Table | - +========================+==============================================================================================================================================================+========================+ - | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | - | | | - Custom route table | - +------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Description | Supported Route Table | + +==========================+==============================================================================================================================================================+========================+ + | Server | Traffic intended for the destination is forwarded to an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Direct Connect gateway | Traffic intended for the destination is forwarded to a Direct Connect gateway. | Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | NAT gateway | Traffic intended for the destination is forwarded to a NAT gateway. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | VPC peering connection | Traffic intended for the destination is forwarded to a VPC peering connection. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Virtual IP address | Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound. | - Default route table | + | | | - Custom route table | + +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ .. note:: @@ -125,7 +133,7 @@ You can use a route table configured in standalone mode or active/standby mode. In standalone mode, ECSs in a VPC that do not have EIPs bound access the Internet through an ECS that has an EIP bound and has the SNAT function configured. - You can create a route table for the VPC used by ECSs that do not have EIPs bound to enable these ECSs to access the Internet. The next hop in the route table is the private IP address of the ECS that has an EIP bound (that is the private IP address of the SNAT server). + You can add a route to the route table of the VPC used by ECSs that do not have EIPs bound to enable these ECSs to access the Internet. The next hop of the route is the private IP address of the ECS that has an EIP bound (that is the private IP address of the SNAT server). - :ref:`Figure 5 ` shows the route table configured in active/standby mode. @@ -138,7 +146,7 @@ You can use a route table configured in standalone mode or active/standby mode. In active/standby mode, ECSs in a VPC that do not have EIPs bound access the Internet through two ECSs that have EIPs bound and have the SNAT function configured. - In active/standby mode, you can add a route table for the VPC used by ECSs that do not have EIPs bound, to enable these ECSs to access the Internet. The next hop in the route table is the virtual IP address of the two ECSs that have EIPs bound. + In active/standby mode, you can add a route to the route table of the VPC used by ECSs that do not have EIPs bound, to enable these ECSs to access the Internet. The next hop of the route is the virtual IP address of the two ECSs that have EIPs bound. In both the standalone and active/standby modes, the ECSs that have EIPs bound must have the SNAT function. For details about the SNAT function, see :ref:`SNAT `. For details about how to configure an ECS as the SNAT server, see :ref:`Configuring an SNAT Server `. diff --git a/umn/source/service_overview/basic_concepts/security_group.rst b/umn/source/service_overview/basic_concepts/security_group.rst index cb40f2c..d2e6bd8 100644 --- a/umn/source/service_overview/basic_concepts/security_group.rst +++ b/umn/source/service_overview/basic_concepts/security_group.rst @@ -5,6 +5,9 @@ Security Group ============== -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. +The system creates a default security group for each account. By default, the default security group rules: + +- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. +- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. diff --git a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst index 68837df..85c732d 100644 --- a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst +++ b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst @@ -5,13 +5,13 @@ VPC Peering Connection ====================== -A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same region. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. +A VPC peering connection is a network connection between two VPCs in one region that enables you to route traffic between them using private IP addresses. ECSs in either VPC can communicate with each other just as if they were in the same network. You can create a VPC peering connection between your own VPCs, or between your VPC and another account's VPC within the same region. However, you cannot create a VPC peering connection between VPCs in different regions. Each account can have a maximum of 50 VPC peering connections in each region by default. -- VPC peering connections between VPCs in one account: Each account can create a maximum of 50 VPC peering connections in one region. +- VPC peering connections between VPCs from the same account: Each account can create a maximum of 50 VPC peering connections in one region. -- VPC peering connections between VPCs of different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. +- VPC peering connections between VPCs from different accounts: Accepted VPC peering connections use the quotas of both accounts. To-be-accepted VPC peering connections only use the quotas of accounts that request the connections. An account can create VPC peering connections with different accounts if the account has enough quota. diff --git a/umn/source/service_overview/what_is_virtual_private_cloud.rst b/umn/source/service_overview/what_is_virtual_private_cloud.rst index 804a734..851e1a3 100644 --- a/umn/source/service_overview/what_is_virtual_private_cloud.rst +++ b/umn/source/service_overview/what_is_virtual_private_cloud.rst @@ -8,9 +8,9 @@ What Is Virtual Private Cloud? Overview -------- -The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. +The Virtual Private Cloud (VPC) service enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. -Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules for communication between ECSs in the same security group or in different security groups. +Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. .. figure:: /_static/images/en-us_image_0209606948.png @@ -27,11 +27,11 @@ Advantages - Secure and reliable - Each VPC is completely logically isolated from other VPCs using the tunneling technology. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect instances, such as cloud servers, containers, and databases. The firewalls and security groups add additional layers of security to your VPCs, making your network secure. + Each VPC is completely logically isolated from other VPCs using the tunneling technology. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect instances, such as cloud servers, containers, and databases. They add additional layers of security to your VPCs, making your network secure. - Interconnectivity - By default, instances in a VPC cannot access the Internet. You can leverage Elastic IP (EIP), Elastic Load Balancing (ELB), NAT Gateways, Virtual Private Network (VPN), and Direct Connect to enable access to or from the Internet. + By default, instances in a VPC cannot access the Internet. You can leverage EIPs, load balancers, NAT gateways, VPN connections, and Direct Connect connections to enable access to or from the Internet. By default, instances in two VPCs cannot communicate with each other. You can create a VPC peering connection to enable the instances in the two VPCs in the same region to communicate with each other using private IP addresses. @@ -52,4 +52,4 @@ You can access the VPC service through the management console or using HTTPS-bas - API - If you need to integrate the VPC service provided by the cloud system into a third-party system for secondary development, you can use APIs to access the VPC service. For details, see the *Virtual Private Cloud API Reference*. + If you need to integrate a VPC into a third-party system for secondary development, you can use APIs to access the VPC service. For details, see the *Virtual Private Cloud API Reference*.