diff --git a/doc/best-practice/source/_static/images/en-us_image_0000001124559429.png b/doc/best-practice/source/_static/images/en-us_image_0000001124559429.png new file mode 100644 index 0000000..5dbaced Binary files /dev/null and b/doc/best-practice/source/_static/images/en-us_image_0000001124559429.png differ diff --git a/doc/best-practice/source/_static/images/en-us_image_0000001124559441.png b/doc/best-practice/source/_static/images/en-us_image_0000001124559441.png new file mode 100644 index 0000000..615bd9d Binary files /dev/null and b/doc/best-practice/source/_static/images/en-us_image_0000001124559441.png differ diff --git a/doc/best-practice/source/_static/images/en-us_image_0141273034.png b/doc/best-practice/source/_static/images/en-us_image_0141273034.png new file mode 100644 index 0000000..c6c267e Binary files /dev/null and b/doc/best-practice/source/_static/images/en-us_image_0141273034.png differ diff --git a/doc/best-practice/source/_static/images/en-us_image_0287297889.png b/doc/best-practice/source/_static/images/en-us_image_0287297889.png new file mode 100644 index 0000000..4be1389 Binary files /dev/null and b/doc/best-practice/source/_static/images/en-us_image_0287297889.png differ diff --git a/doc/best-practice/source/best_practice/index.rst b/doc/best-practice/source/best_practice/index.rst index b7e79bc..fd3f60e 100644 --- a/doc/best-practice/source/best_practice/index.rst +++ b/doc/best-practice/source/best_practice/index.rst @@ -6,9 +6,13 @@ Best Practice ============= - :ref:`VPC Peering Configurations ` +- :ref:`VPC and Subnet Planning Suggestions ` +- :ref:`Using IP Address Groups to Reduce the Number of Security Group Rules ` .. toctree:: :maxdepth: 1 :hidden: vpc_peering_configurations/index + vpc_and_subnet_planning_suggestions + using_ip_address_groups_to_reduce_the_number_of_security_group_rules diff --git a/doc/best-practice/source/best_practice/using_ip_address_groups_to_reduce_the_number_of_security_group_rules.rst b/doc/best-practice/source/best_practice/using_ip_address_groups_to_reduce_the_number_of_security_group_rules.rst new file mode 100644 index 0000000..a638ce7 --- /dev/null +++ b/doc/best-practice/source/best_practice/using_ip_address_groups_to_reduce_the_number_of_security_group_rules.rst @@ -0,0 +1,96 @@ +:original_name: bestpractice_0013.html + +.. _bestpractice_0013: + +Using IP Address Groups to Reduce the Number of Security Group Rules +==================================================================== + +Scenarios +--------- + +Finance and securities enterprises have high security requirements when planning cloud networks. Access to servers is often controlled based on IP addresses. To simplify security group rule configuration and provide refined security control, you can use IP address groups in case of the following scenarios: + +- A security group has more than 40 rules. +- The direction, type, protocol, and port of security group rules are the same except the address. + +Constraints +----------- + +- An IP address group can contain a maximum of 20 IP addresses or IP address ranges. + +Prerequisites +------------- + +You have created one or more security groups for access control. + +Typical Case +------------ + +For example, you plan to configure the following rules for security group A. + +========= ==== ======== ========== ========================= +Direction Type Protocol Port Range Source/Destination +========= ==== ======== ========== ========================= +Inbound IPv4 TCP 22122 Source: 11.19.255.64/30 +Inbound IPv4 TCP 22122 Source: 113.31.128.252/30 +Inbound IPv4 TCP 22122 Source: 113.31.138.0/25 +Inbound IPv4 TCP 22122 Source: 183.232.25.208/28 +========= ==== ======== ========== ========================= + +The four inbound rules have the same port, type, and protocol but different source IP addresses. In this case, you can use an IP address group to reconfigure the security group rules. + +Procedure +--------- + +**Create an IP address group.** + +#. Log in to the management console. +#. Click |image1| in the upper left corner and Under **Network**, click **Elastic Load Balancing**. +#. In the navigation pane on the left, choose **IP Address Groups**. +#. Click **Create IP Address Group**. +#. Set the parameters. + + - **Name**: **ipGroup-A** + + - **IP Address**: + + 11.19.255.64/30 + 113.31.128.252/30 + 113.31.138.0/25 + 183.232.25.208/28 + + + .. figure:: /_static/images/en-us_image_0000001124559441.png + :alt: **Figure 1** Creating an IP address group + + **Figure 1** Creating an IP address group + +#. Click **OK**. + +**Configure a security group rule.** + +8. Click |image1| in the upper left corner and Under **Network**, click **Virtual Private Cloud**. +9. In the navigation pane on the left, choose **Access Control** > **Security Groups**. +10. Locate security group A and click **Manage Rule** in the **Operation** column. +11. Under **Inbound Rules**, click **Add Rule**. +12. Set the parameters. + + - **Protocol & Port**: **TCP** and **22122** + + - **Type**: **IPv4** + + - **Source**: **ipGroup-A** + + + .. figure:: /_static/images/en-us_image_0000001124559429.png + :alt: **Figure 2** Configuring a security group rule + + **Figure 2** Configuring a security group rule + +13. Click **OK**. + +**Delete old security group rules.** + +14. Delete four old security group rules after the configured security group rule takes effect. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/doc/best-practice/source/best_practice/vpc_and_subnet_planning_suggestions.rst b/doc/best-practice/source/best_practice/vpc_and_subnet_planning_suggestions.rst new file mode 100644 index 0000000..dd7dc0e --- /dev/null +++ b/doc/best-practice/source/best_practice/vpc_and_subnet_planning_suggestions.rst @@ -0,0 +1,154 @@ +:original_name: bestpractice_0002.html + +.. _bestpractice_0002: + +VPC and Subnet Planning Suggestions +=================================== + +Before creating your VPCs, determine how many VPCs, the number of subnets, and what IP address ranges or connectivity options you will need. + +- :ref:`How Do I Determine How Many VPCs I Need? ` +- :ref:`How Do I Plan Subnets? ` +- :ref:`How Do I Plan Routing Policies? ` +- :ref:`How Do I Connect to an On-Premises Data Center? ` +- :ref:`How Do I Access the Internet? ` + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_section089562719454: + +How Do I Determine How Many VPCs I Need? +---------------------------------------- + +VPCs are region-specific. By default, networks in VPCs in different regions or even in the same region are not connected. + +- One VPC + + If your services do not require network isolation, a single VPC should be enough. + +- Multiple VPCs + +If you have multiple service systems in a region and each service system requires an isolated network, you can create a separate VPC for each service system. + +If you require network connectivity between separate VPCs in the same account or in different accounts, you can use VPC peering connections or Cloud Connect. + +- If two VPCs are in the same region, use a `VPC peering connection `__. + + +.. note:: + + By default, you can create a maximum of five VPCs in each region. If this cannot meet your service requirements, request a quota increase. For details, see `How Do I Apply for a Higher Quota? `__ + +The following table lists the private CIDR blocks that you can specify when creating a VPC. Consider the following when selecting a VPC CIDR block: + +- Number of IP addresses: Reserve sufficient IP addresses in case of business growth. +- IP address range: Avoid IP address conflicts if you need to connect a VPC to an on-premises data center or connect two VPCs. + +:ref:`Table 1 ` lists the supported VPC CIDR blocks. + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_en-us_topic_0118499040_table3240172772213: + +.. table:: **Table 1** VPC CIDR blocks + + +-------------------+-----------------------------+--------------------------------+ + | VPC CIDR Block | IP Address Range | Maximum Number of IP Addresses | + +===================+=============================+================================+ + | 10.0.0.0/8-24 | 10.0.0.0-10.255.255.255 | 2^24-2=16777214 | + +-------------------+-----------------------------+--------------------------------+ + | 172.16.0.0/12-24 | 172.16.0.0-172.31.255.255 | 2^20-2=1048574 | + +-------------------+-----------------------------+--------------------------------+ + | 192.168.0.0/16-24 | 192.168.0.0-192.168.255.255 | 2^16-2=65534 | + +-------------------+-----------------------------+--------------------------------+ + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_section15166143804819: + +How Do I Plan Subnets? +---------------------- + +A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets. + +- By default, all instances in different subnets of the same VPC can communicate with each other and the subnets can be located in different AZs. For example, VPC-A has subnet A01 in AZ A and subnet A02 in AZ B. Subnet A01 and subnet B01 can communicate with each other by default. + +- After a subnet is created, its CIDR block cannot be modified. Subnets in the same VPC cannot overlap. + + When you create a VPC, a default subnet will be created together. If you need more subnets, see `Creating a Subnet for the VPC `__. + + A subnet mask can be between the netmask of its VPC CIDR block and /28 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can between 16 to 28. + + For example, if the CIDR block of VPC-A is 10.0.0.0/16, you can specify 10.0.0.0/24 for subnet A01, 10.0.1.0/24 for subnet A02, and 10.0.3.0/24 for subnet A03. + + .. note:: + + By default, you can create a maximum of 100 subnets in each region. If this cannot meet your service requirements, request a quota increase by referring to `How Do I Apply for a Higher Quota? `__ + +When planning subnets, consider the following: + +- You create different subnets for different modules in a VPC. For example, in VPC-A, you can create subnet A01 for web services, subnet A02 for management services, and subnet A03 for data services. You can leverage network ACLs to control access to each subnet. +- If your VPC needs to communicate with an on-premises data center through VPN or Direct Connect, ensure that the VPC subnet and the CIDR block used for communication in the data center do not overlap. + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_section169901852144820: + +How Do I Plan Routing Policies? +------------------------------- + +When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. The default route table ensures that subnets in a VPC can communicate with each other. + +If you do not want to use the default route table, you can now create a custom route table and associate it with the subnets. The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic. + +You can add routes to default and custom route tables and configure the destination, next hop type, and next hop in the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes. + +- System routes: Routes that are automatically added by the system and cannot be modified or deleted. System routes allow instances in a VPC to communicate with each other. + +- Custom routes: Routes that can be modified and deleted. The destination of a custom route cannot overlap with that of a system route. + + You cannot add two routes with the same destination to a VPC route table even if their next hop types are different, because the destination determines the route priority. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_section187551349164918: + +How Do I Connect to an On-Premises Data Center? +----------------------------------------------- + +If you require interconnection between a VPC and an on-premises data center, ensure that the VPC does not have an overlapping IP address range with the on-premises data center to be connected. + +As shown in :ref:`Figure 1 `, you have VPC 1 in region A and VPC 2 and VPC 3 in region B. To connect to an on-premises data center, they can use a VPN, as VPC 1 does in Region A; or a Direct Connect connection, as VPC 2 does in Region B. VPC 2 connects to the data center through a Direct Connect connection, but to connect to another VPC in that region, like VPC 3, a VPC peering connection must be established. + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_fig16817171713408: + +.. figure:: /_static/images/en-us_image_0287297889.png + :alt: **Figure 1** Connections to on-premises data centers + + **Figure 1** Connections to on-premises data centers + +When planning CIDR blocks for VPC 1, VPC 2, and VPC 3: + +- The CIDR block of VPC 1 cannot overlap with the CIDR block of the on-premises data center in Region A. +- The CIDR block of VPC 2 cannot overlap with the CIDR block of the on-premises data center in Region B. +- The CIDR blocks of VPC 2 and VPC 3 cannot overlap. + +.. _bestpractice_0002__en-us_topic_0167202536_en-us_topic_0119408804_section7650164019505: + +How Do I Access the Internet? +----------------------------- + +**Use EIPs to enable a small number of ECSs to access the Internet.** + +When only a few ECSs need to access the Internet, you can bind the EIPs to the ECSs. This will provide them with Internet access. You can also dynamically unbind the EIPs from the ECSs and bind them to NAT gateways and load balancers instead, which will also provide Internet access. The process is not complicated. + +For more information about EIP, see `EIP Overview `__. + +**Use a NAT gateway to enable a large number of ECSs to access the Internet.** + +When a large number of ECSs need to access the Internet, the public cloud provides NAT gateways for your ECSs. With NAT gateways, you do not need to assign an EIP to each ECS. NAT gateways reduce costs as you do not need so many EIPs. NAT gateways offer both source network address translation (SNAT) and destination network address translation (DNAT). SNAT allows multiple ECSs in the same VPC to share one or more EIPs to access the Internet. SNAT prevents the EIPs of ECSs from being exposed to the Internet. DNAT can implement port-level data forwarding. It maps EIP ports to ECS ports so that the ECSs in a VPC can share the same EIP and bandwidth to provide Internet-accessible services. + +For more information, see `NAT Gateway User Guide `__. + +**Use ELB to access the Internet If there are a large number of concurrent requests.** + +In high-concurrency scenarios, such as e-commerce, you can use load balancers provided by the ELB service to evenly distribute incoming traffic across multiple ECSs, allowing a large number of users to concurrently access your business system or application. ELB is deployed in the cluster mode. It provides fault tolerance for your applications by automatically balancing traffic across multiple AZs. You can also take advantage of deep integration with Auto Scaling (AS), which enables automatic scaling based on service traffic and ensures service stability and reliability. + +For more information, see `Elastic Load Balance User Guide `__. + +Helpful Links +------------- + +- `Application Scenarios `__ +- `Private Network Access `__ +- `Public Network Access `__ diff --git a/umn/source/_static/images/en-us_image_0000001197228903.png b/umn/source/_static/images/en-us_image_0000001197228903.png deleted file mode 100644 index 6ef66ec..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001197228903.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001211006359.png b/umn/source/_static/images/en-us_image_0000001211006359.png deleted file mode 100644 index 66686f7..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001211006359.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001211445065.png b/umn/source/_static/images/en-us_image_0000001211445065.png deleted file mode 100644 index a86f5c5..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001211445065.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001540725521.png b/umn/source/_static/images/en-us_image_0000001540725521.png deleted file mode 100644 index 2f6a7cf..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001540725521.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001627493158.png b/umn/source/_static/images/en-us_image_0000001627493158.png deleted file mode 100644 index 29a2351..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001627493158.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001627653972.png b/umn/source/_static/images/en-us_image_0000001627653972.png deleted file mode 100644 index be2f35c..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001627653972.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001454059512.png b/umn/source/_static/images/en-us_image_0000001649841616.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001454059512.png rename to umn/source/_static/images/en-us_image_0000001649841616.png diff --git a/umn/source/_static/images/en-us_image_0000001490118666.png b/umn/source/_static/images/en-us_image_0000001818822962.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001490118666.png rename to umn/source/_static/images/en-us_image_0000001818822962.png diff --git a/umn/source/_static/images/en-us_image_0162332046.png b/umn/source/_static/images/en-us_image_0000001818823006.png similarity index 100% rename from umn/source/_static/images/en-us_image_0162332046.png rename to umn/source/_static/images/en-us_image_0000001818823006.png diff --git a/umn/source/_static/images/en-us_image_0000001678437642.png b/umn/source/_static/images/en-us_image_0000001818823010.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001678437642.png rename to umn/source/_static/images/en-us_image_0000001818823010.png diff --git a/umn/source/_static/images/en-us_image_0000001221790501.png b/umn/source/_static/images/en-us_image_0000001818823030.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001221790501.png rename to umn/source/_static/images/en-us_image_0000001818823030.png diff --git a/umn/source/_static/images/en-us_image_0000001117669274.png b/umn/source/_static/images/en-us_image_0000001818823034.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001117669274.png rename to umn/source/_static/images/en-us_image_0000001818823034.png diff --git a/umn/source/_static/images/en-us_image_0142359884.png b/umn/source/_static/images/en-us_image_0000001818823038.png similarity index 100% rename from umn/source/_static/images/en-us_image_0142359884.png rename to umn/source/_static/images/en-us_image_0000001818823038.png diff --git a/umn/source/_static/images/en-us_image_0209583952.png b/umn/source/_static/images/en-us_image_0000001818823042.png similarity index 100% rename from umn/source/_static/images/en-us_image_0209583952.png rename to umn/source/_static/images/en-us_image_0000001818823042.png diff --git a/umn/source/_static/images/en-us_image_0000001221842468.png b/umn/source/_static/images/en-us_image_0000001818823050.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001221842468.png rename to umn/source/_static/images/en-us_image_0000001818823050.png diff --git a/umn/source/_static/images/en-us_image_0000001520717193.png b/umn/source/_static/images/en-us_image_0000001818823058.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001520717193.png rename to umn/source/_static/images/en-us_image_0000001818823058.png diff --git a/umn/source/_static/images/en-us_image_0211552164.png b/umn/source/_static/images/en-us_image_0000001818823074.png similarity index 100% rename from umn/source/_static/images/en-us_image_0211552164.png rename to umn/source/_static/images/en-us_image_0000001818823074.png diff --git a/umn/source/_static/images/en-us_image_0000001572300492.png b/umn/source/_static/images/en-us_image_0000001818823082.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001572300492.png rename to umn/source/_static/images/en-us_image_0000001818823082.png diff --git a/umn/source/_static/images/en-us_image_0000001208260576.png b/umn/source/_static/images/en-us_image_0000001818823110.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001208260576.png rename to umn/source/_static/images/en-us_image_0000001818823110.png diff --git a/umn/source/_static/images/en-us_image_0000001209442636.png b/umn/source/_static/images/en-us_image_0000001818823118.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001209442636.png rename to umn/source/_static/images/en-us_image_0000001818823118.png diff --git a/umn/source/_static/images/en-us_image_0000001237013856.png b/umn/source/_static/images/en-us_image_0000001818823138.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001237013856.png rename to umn/source/_static/images/en-us_image_0000001818823138.png diff --git a/umn/source/_static/images/en-us_image_0000001179761510.png b/umn/source/_static/images/en-us_image_0000001818823142.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001179761510.png rename to umn/source/_static/images/en-us_image_0000001818823142.png diff --git a/umn/source/_static/images/en-us_image_0000001626574358.png b/umn/source/_static/images/en-us_image_0000001818823162.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626574358.png rename to umn/source/_static/images/en-us_image_0000001818823162.png diff --git a/umn/source/_static/images/en-us_image_0000001626574362.png b/umn/source/_static/images/en-us_image_0000001818823166.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626574362.png rename to umn/source/_static/images/en-us_image_0000001818823166.png diff --git a/umn/source/_static/images/en-us_image_0000001626574366.png b/umn/source/_static/images/en-us_image_0000001818823186.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626574366.png rename to umn/source/_static/images/en-us_image_0000001818823186.png diff --git a/umn/source/_static/images/en-us_image_0000001515644737.png b/umn/source/_static/images/en-us_image_0000001818823194.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001515644737.png rename to umn/source/_static/images/en-us_image_0000001818823194.png diff --git a/umn/source/_static/images/en-us_image_0000001626574370.png b/umn/source/_static/images/en-us_image_0000001818823210.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626574370.png rename to umn/source/_static/images/en-us_image_0000001818823210.png diff --git a/umn/source/_static/images/en-us_image_0214585341.png b/umn/source/_static/images/en-us_image_0000001818823214.png similarity index 100% rename from umn/source/_static/images/en-us_image_0214585341.png rename to umn/source/_static/images/en-us_image_0000001818823214.png diff --git a/umn/source/_static/images/en-us_image_0000001626575750.png b/umn/source/_static/images/en-us_image_0000001818823254.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626575750.png rename to umn/source/_static/images/en-us_image_0000001818823254.png diff --git a/umn/source/_static/images/en-us_image_0000001626576382.png b/umn/source/_static/images/en-us_image_0000001818823270.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626576382.png rename to umn/source/_static/images/en-us_image_0000001818823270.png diff --git a/umn/source/_static/images/en-us_image_0214585309.png b/umn/source/_static/images/en-us_image_0000001818823278.png similarity index 100% rename from umn/source/_static/images/en-us_image_0214585309.png rename to umn/source/_static/images/en-us_image_0000001818823278.png diff --git a/umn/source/_static/images/en-us_image_0000001626576858.png b/umn/source/_static/images/en-us_image_0000001818823286.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626576858.png rename to umn/source/_static/images/en-us_image_0000001818823286.png diff --git a/umn/source/_static/images/en-us_image_0000001626578706.png b/umn/source/_static/images/en-us_image_0000001818823302.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626578706.png rename to umn/source/_static/images/en-us_image_0000001818823302.png diff --git a/umn/source/_static/images/en-us_image_0129304042.png b/umn/source/_static/images/en-us_image_0000001818823318.png similarity index 100% rename from umn/source/_static/images/en-us_image_0129304042.png rename to umn/source/_static/images/en-us_image_0000001818823318.png diff --git a/umn/source/_static/images/en-us_image_0000001626734158.png b/umn/source/_static/images/en-us_image_0000001818823338.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626734158.png rename to umn/source/_static/images/en-us_image_0000001818823338.png diff --git a/umn/source/_static/images/en-us_image_0152727234.png b/umn/source/_static/images/en-us_image_0000001818823370.png similarity index 100% rename from umn/source/_static/images/en-us_image_0152727234.png rename to umn/source/_static/images/en-us_image_0000001818823370.png diff --git a/umn/source/_static/images/en-us_image_0274115599.png b/umn/source/_static/images/en-us_image_0000001818823374.png similarity index 100% rename from umn/source/_static/images/en-us_image_0274115599.png rename to umn/source/_static/images/en-us_image_0000001818823374.png diff --git a/umn/source/_static/images/en-us_image_0000001626734162.png b/umn/source/_static/images/en-us_image_0000001818823378.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626734162.png rename to umn/source/_static/images/en-us_image_0000001818823378.png diff --git a/umn/source/_static/images/en-us_image_0152668782.png b/umn/source/_static/images/en-us_image_0000001818823386.png similarity index 100% rename from umn/source/_static/images/en-us_image_0152668782.png rename to umn/source/_static/images/en-us_image_0000001818823386.png diff --git a/umn/source/_static/images/en-us_image_0000001627174280.png b/umn/source/_static/images/en-us_image_0000001818823394.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627174280.png rename to umn/source/_static/images/en-us_image_0000001818823394.png diff --git a/umn/source/_static/images/en-us_image_0000001626734166.png b/umn/source/_static/images/en-us_image_0000001818823402.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626734166.png rename to umn/source/_static/images/en-us_image_0000001818823402.png diff --git a/umn/source/_static/images/en-us_image_0000001626734174.png b/umn/source/_static/images/en-us_image_0000001818823406.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626734174.png rename to umn/source/_static/images/en-us_image_0000001818823406.png diff --git a/umn/source/_static/images/en-us_image_0191588554.png b/umn/source/_static/images/en-us_image_0000001818823446.png similarity index 100% rename from umn/source/_static/images/en-us_image_0191588554.png rename to umn/source/_static/images/en-us_image_0000001818823446.png diff --git a/umn/source/_static/images/en-us_image_0000001626735566.png b/umn/source/_static/images/en-us_image_0000001818823450.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626735566.png rename to umn/source/_static/images/en-us_image_0000001818823450.png diff --git a/umn/source/_static/images/en-us_image_0000001818823514.png b/umn/source/_static/images/en-us_image_0000001818823514.png new file mode 100644 index 0000000..a587644 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001818823514.png differ diff --git a/umn/source/_static/images/en-us_image_0171311823.png b/umn/source/_static/images/en-us_image_0000001818823522.png similarity index 100% rename from umn/source/_static/images/en-us_image_0171311823.png rename to umn/source/_static/images/en-us_image_0000001818823522.png diff --git a/umn/source/_static/images/en-us_image_0000001818823594.png b/umn/source/_static/images/en-us_image_0000001818823594.png new file mode 100644 index 0000000..ebc4d6f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001818823594.png differ diff --git a/umn/source/_static/images/en-us_image_0000001464757610.png b/umn/source/_static/images/en-us_image_0000001818823598.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001464757610.png rename to umn/source/_static/images/en-us_image_0000001818823598.png diff --git a/umn/source/_static/images/en-us_image_0167839112.png b/umn/source/_static/images/en-us_image_0000001818823602.png similarity index 100% rename from umn/source/_static/images/en-us_image_0167839112.png rename to umn/source/_static/images/en-us_image_0000001818823602.png diff --git a/umn/source/_static/images/en-us_image_0162336264.png b/umn/source/_static/images/en-us_image_0000001818823626.png similarity index 100% rename from umn/source/_static/images/en-us_image_0162336264.png rename to umn/source/_static/images/en-us_image_0000001818823626.png diff --git a/umn/source/_static/images/en-us_image_0000001512701025.png b/umn/source/_static/images/en-us_image_0000001818823678.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001512701025.png rename to umn/source/_static/images/en-us_image_0000001818823678.png diff --git a/umn/source/_static/images/en-us_image_0000001209321492.png b/umn/source/_static/images/en-us_image_0000001818823702.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001209321492.png rename to umn/source/_static/images/en-us_image_0000001818823702.png diff --git a/umn/source/_static/images/en-us_image_0000001626735570.png b/umn/source/_static/images/en-us_image_0000001818823714.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626735570.png rename to umn/source/_static/images/en-us_image_0000001818823714.png diff --git a/umn/source/_static/images/en-us_image_0000001626736198.png b/umn/source/_static/images/en-us_image_0000001818823738.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626736198.png rename to umn/source/_static/images/en-us_image_0000001818823738.png diff --git a/umn/source/_static/images/en-us_image_0162329244.png b/umn/source/_static/images/en-us_image_0000001818823762.png similarity index 100% rename from umn/source/_static/images/en-us_image_0162329244.png rename to umn/source/_static/images/en-us_image_0000001818823762.png diff --git a/umn/source/_static/images/en-us_image_0000001626736678.png b/umn/source/_static/images/en-us_image_0000001818823766.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626736678.png rename to umn/source/_static/images/en-us_image_0000001818823766.png diff --git a/umn/source/_static/images/en-us_image_0000001796404809.png b/umn/source/_static/images/en-us_image_0000001818823770.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001796404809.png rename to umn/source/_static/images/en-us_image_0000001818823770.png diff --git a/umn/source/_static/images/en-us_image_0000001626736794.png b/umn/source/_static/images/en-us_image_0000001818823798.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626736794.png rename to umn/source/_static/images/en-us_image_0000001818823798.png diff --git a/umn/source/_static/images/en-us_image_0000001117669524.png b/umn/source/_static/images/en-us_image_0000001818823830.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001117669524.png rename to umn/source/_static/images/en-us_image_0000001818823830.png diff --git a/umn/source/_static/images/en-us_image_0093507575.png b/umn/source/_static/images/en-us_image_0000001818982734.png similarity index 100% rename from umn/source/_static/images/en-us_image_0093507575.png rename to umn/source/_static/images/en-us_image_0000001818982734.png diff --git a/umn/source/_static/images/en-us_image_0000001570070841.png b/umn/source/_static/images/en-us_image_0000001818982758.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001570070841.png rename to umn/source/_static/images/en-us_image_0000001818982758.png diff --git a/umn/source/_static/images/en-us_image_0000001626738526.png b/umn/source/_static/images/en-us_image_0000001818982762.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626738526.png rename to umn/source/_static/images/en-us_image_0000001818982762.png diff --git a/umn/source/_static/images/en-us_image_0000001461263993.png b/umn/source/_static/images/en-us_image_0000001818982794.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001461263993.png rename to umn/source/_static/images/en-us_image_0000001818982794.png diff --git a/umn/source/_static/images/en-us_image_0000001626894086.png b/umn/source/_static/images/en-us_image_0000001818982798.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894086.png rename to umn/source/_static/images/en-us_image_0000001818982798.png diff --git a/umn/source/_static/images/en-us_image_0000001626894090.png b/umn/source/_static/images/en-us_image_0000001818982822.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894090.png rename to umn/source/_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/_static/images/en-us_image_0000001626894094.png b/umn/source/_static/images/en-us_image_0000001818982826.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894094.png rename to umn/source/_static/images/en-us_image_0000001818982826.png diff --git a/umn/source/_static/images/en-us_image_0000001626894098.png b/umn/source/_static/images/en-us_image_0000001818982830.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894098.png rename to umn/source/_static/images/en-us_image_0000001818982830.png diff --git a/umn/source/_static/images/en-us_image_0142360094.png b/umn/source/_static/images/en-us_image_0000001818982838.png similarity index 100% rename from umn/source/_static/images/en-us_image_0142360094.png rename to umn/source/_static/images/en-us_image_0000001818982838.png diff --git a/umn/source/_static/images/en-us_image_0000001626894106.png b/umn/source/_static/images/en-us_image_0000001818982846.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894106.png rename to umn/source/_static/images/en-us_image_0000001818982846.png diff --git a/umn/source/_static/images/en-us_image_0000001626894110.png b/umn/source/_static/images/en-us_image_0000001818982858.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626894110.png rename to umn/source/_static/images/en-us_image_0000001818982858.png diff --git a/umn/source/_static/images/en-us_image_0000001626895486.png b/umn/source/_static/images/en-us_image_0000001818982866.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626895486.png rename to umn/source/_static/images/en-us_image_0000001818982866.png diff --git a/umn/source/_static/images/en-us_image_0000001254335981.png b/umn/source/_static/images/en-us_image_0000001818982898.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001254335981.png rename to umn/source/_static/images/en-us_image_0000001818982898.png diff --git a/umn/source/_static/images/en-us_image_0000001207699446.png b/umn/source/_static/images/en-us_image_0000001818982906.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001207699446.png rename to umn/source/_static/images/en-us_image_0000001818982906.png diff --git a/umn/source/_static/images/en-us_image_0000001626896590.png b/umn/source/_static/images/en-us_image_0000001818982918.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626896590.png rename to umn/source/_static/images/en-us_image_0000001818982918.png diff --git a/umn/source/_static/images/en-us_image_0000001281210233.png b/umn/source/_static/images/en-us_image_0000001818982930.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001281210233.png rename to umn/source/_static/images/en-us_image_0000001818982930.png diff --git a/umn/source/_static/images/en-us_image_0000001225081545.png b/umn/source/_static/images/en-us_image_0000001818982934.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001225081545.png rename to umn/source/_static/images/en-us_image_0000001818982934.png diff --git a/umn/source/_static/images/en-us_image_0000001699135873.png b/umn/source/_static/images/en-us_image_0000001818982946.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001699135873.png rename to umn/source/_static/images/en-us_image_0000001818982946.png diff --git a/umn/source/_static/images/en-us_image_0162335382.png b/umn/source/_static/images/en-us_image_0000001818982962.png similarity index 100% rename from umn/source/_static/images/en-us_image_0162335382.png rename to umn/source/_static/images/en-us_image_0000001818982962.png diff --git a/umn/source/_static/images/en-us_image_0000001626897562.png b/umn/source/_static/images/en-us_image_0000001818982974.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001626897562.png rename to umn/source/_static/images/en-us_image_0000001818982974.png diff --git a/umn/source/_static/images/en-us_image_0000001512591549.png b/umn/source/_static/images/en-us_image_0000001818983018.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001512591549.png rename to umn/source/_static/images/en-us_image_0000001818983018.png diff --git a/umn/source/_static/images/en-us_image_0000001627052380.png b/umn/source/_static/images/en-us_image_0000001818983026.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627052380.png rename to umn/source/_static/images/en-us_image_0000001818983026.png diff --git a/umn/source/_static/images/en-us_image_0000001627054054.png b/umn/source/_static/images/en-us_image_0000001818983042.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627054054.png rename to umn/source/_static/images/en-us_image_0000001818983042.png diff --git a/umn/source/_static/images/en-us_image_0141273034.png b/umn/source/_static/images/en-us_image_0000001818983054.png similarity index 100% rename from umn/source/_static/images/en-us_image_0141273034.png rename to umn/source/_static/images/en-us_image_0000001818983054.png diff --git a/umn/source/_static/images/en-us_image_0214585308.png b/umn/source/_static/images/en-us_image_0000001818983066.png similarity index 100% rename from umn/source/_static/images/en-us_image_0214585308.png rename to umn/source/_static/images/en-us_image_0000001818983066.png diff --git a/umn/source/_static/images/en-us_image_0000001627054058.png b/umn/source/_static/images/en-us_image_0000001818983162.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627054058.png rename to umn/source/_static/images/en-us_image_0000001818983162.png diff --git a/umn/source/_static/images/en-us_image_0118499140.png b/umn/source/_static/images/en-us_image_0000001818983170.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118499140.png rename to umn/source/_static/images/en-us_image_0000001818983170.png diff --git a/umn/source/_static/images/en-us_image_0000001627054062.png b/umn/source/_static/images/en-us_image_0000001818983174.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627054062.png rename to umn/source/_static/images/en-us_image_0000001818983174.png diff --git a/umn/source/_static/images/en-us_image_0000001627334080.png b/umn/source/_static/images/en-us_image_0000001818983186.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627334080.png rename to umn/source/_static/images/en-us_image_0000001818983186.png diff --git a/umn/source/_static/images/en-us_image_0000001627054082.png b/umn/source/_static/images/en-us_image_0000001818983190.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627054082.png rename to umn/source/_static/images/en-us_image_0000001818983190.png diff --git a/umn/source/_static/images/en-us_image_0000001465124712.png b/umn/source/_static/images/en-us_image_0000001818983194.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001465124712.png rename to umn/source/_static/images/en-us_image_0000001818983194.png diff --git a/umn/source/_static/images/en-us_image_0000001627055450.png b/umn/source/_static/images/en-us_image_0000001818983198.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627055450.png rename to umn/source/_static/images/en-us_image_0000001818983198.png diff --git a/umn/source/_static/images/en-us_image_0209577986.png b/umn/source/_static/images/en-us_image_0000001818983218.png similarity index 100% rename from umn/source/_static/images/en-us_image_0209577986.png rename to umn/source/_static/images/en-us_image_0000001818983218.png diff --git a/umn/source/_static/images/en-us_image_0191594527.png b/umn/source/_static/images/en-us_image_0000001818983242.png similarity index 100% rename from umn/source/_static/images/en-us_image_0191594527.png rename to umn/source/_static/images/en-us_image_0000001818983242.png diff --git a/umn/source/_static/images/en-us_image_0000001627055454.png b/umn/source/_static/images/en-us_image_0000001818983298.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627055454.png rename to umn/source/_static/images/en-us_image_0000001818983298.png diff --git a/umn/source/_static/images/en-us_image_0000001627056086.png b/umn/source/_static/images/en-us_image_0000001818983374.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627056086.png rename to umn/source/_static/images/en-us_image_0000001818983374.png diff --git a/umn/source/_static/images/en-us_image_0000001818983398.png b/umn/source/_static/images/en-us_image_0000001818983398.png new file mode 100644 index 0000000..f3053c0 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001818983398.png differ diff --git a/umn/source/_static/images/en-us_image_0000001627056574.png b/umn/source/_static/images/en-us_image_0000001818983406.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627056574.png rename to umn/source/_static/images/en-us_image_0000001818983406.png diff --git a/umn/source/_static/images/en-us_image_0000001627056686.png b/umn/source/_static/images/en-us_image_0000001818983414.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627056686.png rename to umn/source/_static/images/en-us_image_0000001818983414.png diff --git a/umn/source/_static/images/en-us_image_0000001627744152.png b/umn/source/_static/images/en-us_image_0000001818983426.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001627744152.png rename to umn/source/_static/images/en-us_image_0000001818983426.png diff --git a/umn/source/_static/images/en-us_image_0000001209777270.png b/umn/source/_static/images/en-us_image_0000001818983474.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001209777270.png rename to umn/source/_static/images/en-us_image_0000001818983474.png diff --git a/umn/source/_static/images/en-us_image_0000001646961692.png b/umn/source/_static/images/en-us_image_0000001818983486.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001646961692.png rename to umn/source/_static/images/en-us_image_0000001818983486.png diff --git a/umn/source/_static/images/en-us_image_0000001675254013.png b/umn/source/_static/images/en-us_image_0000001818983494.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675254013.png rename to umn/source/_static/images/en-us_image_0000001818983494.png diff --git a/umn/source/_static/images/en-us_image_0000001675254017.png b/umn/source/_static/images/en-us_image_0000001818983506.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675254017.png rename to umn/source/_static/images/en-us_image_0000001818983506.png diff --git a/umn/source/_static/images/en-us_image_0000001675254021.png b/umn/source/_static/images/en-us_image_0000001818983610.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675254021.png rename to umn/source/_static/images/en-us_image_0000001818983610.png diff --git a/umn/source/_static/images/en-us_image_0000001832479012.png b/umn/source/_static/images/en-us_image_0000001832479012.png new file mode 100644 index 0000000..2fb3fb2 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001832479012.png differ diff --git a/umn/source/_static/images/en-us_image_0000001602035305.png b/umn/source/_static/images/en-us_image_0000001865582513.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001602035305.png rename to umn/source/_static/images/en-us_image_0000001865582513.png diff --git a/umn/source/_static/images/en-us_image_0000001163949251.png b/umn/source/_static/images/en-us_image_0000001865582577.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001163949251.png rename to umn/source/_static/images/en-us_image_0000001865582577.png diff --git a/umn/source/_static/images/en-us_image_0000001675254033.png b/umn/source/_static/images/en-us_image_0000001865582585.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675254033.png rename to umn/source/_static/images/en-us_image_0000001865582585.png diff --git a/umn/source/_static/images/en-us_image_0000001675255405.png b/umn/source/_static/images/en-us_image_0000001865582593.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675255405.png rename to umn/source/_static/images/en-us_image_0000001865582593.png diff --git a/umn/source/_static/images/en-us_image_0211560998.png b/umn/source/_static/images/en-us_image_0000001865582617.png similarity index 100% rename from umn/source/_static/images/en-us_image_0211560998.png rename to umn/source/_static/images/en-us_image_0000001865582617.png diff --git a/umn/source/_static/images/en-us_image_0284993717.png b/umn/source/_static/images/en-us_image_0000001865582629.png similarity index 100% rename from umn/source/_static/images/en-us_image_0284993717.png rename to umn/source/_static/images/en-us_image_0000001865582629.png diff --git a/umn/source/_static/images/en-us_image_0000001675256029.png b/umn/source/_static/images/en-us_image_0000001865582633.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675256029.png rename to umn/source/_static/images/en-us_image_0000001865582633.png diff --git a/umn/source/_static/images/en-us_image_0000001675256529.png b/umn/source/_static/images/en-us_image_0000001865582665.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675256529.png rename to umn/source/_static/images/en-us_image_0000001865582665.png diff --git a/umn/source/_static/images/en-us_image_0000001675256657.png b/umn/source/_static/images/en-us_image_0000001865582673.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675256657.png rename to umn/source/_static/images/en-us_image_0000001865582673.png diff --git a/umn/source/_static/images/en-us_image_0000001237328110.png b/umn/source/_static/images/en-us_image_0000001865582677.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001237328110.png rename to umn/source/_static/images/en-us_image_0000001865582677.png diff --git a/umn/source/_static/images/en-us_image_0000001675258381.png b/umn/source/_static/images/en-us_image_0000001865582681.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675258381.png rename to umn/source/_static/images/en-us_image_0000001865582681.png diff --git a/umn/source/_static/images/en-us_image_0000001675258889.png b/umn/source/_static/images/en-us_image_0000001865582701.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675258889.png rename to umn/source/_static/images/en-us_image_0000001865582701.png diff --git a/umn/source/_static/images/en-us_image_0000001675373901.png b/umn/source/_static/images/en-us_image_0000001865582721.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675373901.png rename to umn/source/_static/images/en-us_image_0000001865582721.png diff --git a/umn/source/_static/images/en-us_image_0000001675373905.png b/umn/source/_static/images/en-us_image_0000001865582729.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675373905.png rename to umn/source/_static/images/en-us_image_0000001865582729.png diff --git a/umn/source/_static/images/en-us_image_0000001865582789.png b/umn/source/_static/images/en-us_image_0000001865582789.png new file mode 100644 index 0000000..92cd504 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865582789.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865582793.png b/umn/source/_static/images/en-us_image_0000001865582793.png new file mode 100644 index 0000000..0587b67 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865582793.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675373909.png b/umn/source/_static/images/en-us_image_0000001865582809.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675373909.png rename to umn/source/_static/images/en-us_image_0000001865582809.png diff --git a/umn/source/_static/images/en-us_image_0000001675373913.png b/umn/source/_static/images/en-us_image_0000001865582817.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675373913.png rename to umn/source/_static/images/en-us_image_0000001865582817.png diff --git a/umn/source/_static/images/en-us_image_0000001675373917.png b/umn/source/_static/images/en-us_image_0000001865582825.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675373917.png rename to umn/source/_static/images/en-us_image_0000001865582825.png diff --git a/umn/source/_static/images/en-us_image_0000001675375297.png b/umn/source/_static/images/en-us_image_0000001865582893.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675375297.png rename to umn/source/_static/images/en-us_image_0000001865582893.png diff --git a/umn/source/_static/images/en-us_image_0191544038.png b/umn/source/_static/images/en-us_image_0000001865582905.png similarity index 100% rename from umn/source/_static/images/en-us_image_0191544038.png rename to umn/source/_static/images/en-us_image_0000001865582905.png diff --git a/umn/source/_static/images/en-us_image_0000001675375405.png b/umn/source/_static/images/en-us_image_0000001865582933.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675375405.png rename to umn/source/_static/images/en-us_image_0000001865582933.png diff --git a/umn/source/_static/images/en-us_image_0275513364.png b/umn/source/_static/images/en-us_image_0000001865582937.png similarity index 100% rename from umn/source/_static/images/en-us_image_0275513364.png rename to umn/source/_static/images/en-us_image_0000001865582937.png diff --git a/umn/source/_static/images/en-us_image_0285048674.png b/umn/source/_static/images/en-us_image_0000001865582941.png similarity index 100% rename from umn/source/_static/images/en-us_image_0285048674.png rename to umn/source/_static/images/en-us_image_0000001865582941.png diff --git a/umn/source/_static/images/en-us_image_0000001675378241.png b/umn/source/_static/images/en-us_image_0000001865582981.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675378241.png rename to umn/source/_static/images/en-us_image_0000001865582981.png diff --git a/umn/source/_static/images/en-us_image_0000001675413821.png b/umn/source/_static/images/en-us_image_0000001865582989.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413821.png rename to umn/source/_static/images/en-us_image_0000001865582989.png diff --git a/umn/source/_static/images/en-us_image_0000001675413825.png b/umn/source/_static/images/en-us_image_0000001865583133.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413825.png rename to umn/source/_static/images/en-us_image_0000001865583133.png diff --git a/umn/source/_static/images/en-us_image_0000001865583153.png b/umn/source/_static/images/en-us_image_0000001865583153.png new file mode 100644 index 0000000..53878c8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865583153.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675413829.png b/umn/source/_static/images/en-us_image_0000001865583165.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413829.png rename to umn/source/_static/images/en-us_image_0000001865583165.png diff --git a/umn/source/_static/images/en-us_image_0000001675413833.png b/umn/source/_static/images/en-us_image_0000001865583185.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413833.png rename to umn/source/_static/images/en-us_image_0000001865583185.png diff --git a/umn/source/_static/images/en-us_image_0000001462622484.png b/umn/source/_static/images/en-us_image_0000001865583217.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001462622484.png rename to umn/source/_static/images/en-us_image_0000001865583217.png diff --git a/umn/source/_static/images/en-us_image_0000001675413841.png b/umn/source/_static/images/en-us_image_0000001865583245.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413841.png rename to umn/source/_static/images/en-us_image_0000001865583245.png diff --git a/umn/source/_static/images/en-us_image_0157880395.png b/umn/source/_static/images/en-us_image_0000001865583253.png similarity index 100% rename from umn/source/_static/images/en-us_image_0157880395.png rename to umn/source/_static/images/en-us_image_0000001865583253.png diff --git a/umn/source/_static/images/en-us_image_0000001865583269.png b/umn/source/_static/images/en-us_image_0000001865583269.png new file mode 100644 index 0000000..f1f960f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865583269.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675413845.png b/umn/source/_static/images/en-us_image_0000001865583297.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675413845.png rename to umn/source/_static/images/en-us_image_0000001865583297.png diff --git a/umn/source/_static/images/en-us_image_0000001337710801.png b/umn/source/_static/images/en-us_image_0000001865583301.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001337710801.png rename to umn/source/_static/images/en-us_image_0000001865583301.png diff --git a/umn/source/_static/images/en-us_image_0000001675415213.png b/umn/source/_static/images/en-us_image_0000001865662721.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675415213.png rename to umn/source/_static/images/en-us_image_0000001865662721.png diff --git a/umn/source/_static/images/en-us_image_0000001865662737.png b/umn/source/_static/images/en-us_image_0000001865662737.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865662737.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675415841.png b/umn/source/_static/images/en-us_image_0000001865662745.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675415841.png rename to umn/source/_static/images/en-us_image_0000001865662745.png diff --git a/umn/source/_static/images/en-us_image_0118499144.png b/umn/source/_static/images/en-us_image_0000001865662749.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118499144.png rename to umn/source/_static/images/en-us_image_0000001865662749.png diff --git a/umn/source/_static/images/en-us_image_0162733894.png b/umn/source/_static/images/en-us_image_0000001865662753.png similarity index 100% rename from umn/source/_static/images/en-us_image_0162733894.png rename to umn/source/_static/images/en-us_image_0000001865662753.png diff --git a/umn/source/_static/images/en-us_image_0000001865662757.jpg b/umn/source/_static/images/en-us_image_0000001865662757.jpg new file mode 100644 index 0000000..ad56842 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865662757.jpg differ diff --git a/umn/source/_static/images/en-us_image_0000001166028070.png b/umn/source/_static/images/en-us_image_0000001865662761.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001166028070.png rename to umn/source/_static/images/en-us_image_0000001865662761.png diff --git a/umn/source/_static/images/en-us_image_0000001675416345.png b/umn/source/_static/images/en-us_image_0000001865662765.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675416345.png rename to umn/source/_static/images/en-us_image_0000001865662765.png diff --git a/umn/source/_static/images/en-us_image_0000001675418673.png b/umn/source/_static/images/en-us_image_0000001865662773.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675418673.png rename to umn/source/_static/images/en-us_image_0000001865662773.png diff --git a/umn/source/_static/images/en-us_image_0000001865662813.png b/umn/source/_static/images/en-us_image_0000001865662813.png new file mode 100644 index 0000000..9c32482 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865662813.png differ diff --git a/umn/source/_static/images/en-us_image_0284920908.png b/umn/source/_static/images/en-us_image_0000001865662817.png similarity index 100% rename from umn/source/_static/images/en-us_image_0284920908.png rename to umn/source/_static/images/en-us_image_0000001865662817.png diff --git a/umn/source/_static/images/en-us_image_0000001230120807.png b/umn/source/_static/images/en-us_image_0000001865662829.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001230120807.png rename to umn/source/_static/images/en-us_image_0000001865662829.png diff --git a/umn/source/_static/images/en-us_image_0000001521533677.png b/umn/source/_static/images/en-us_image_0000001865662833.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001521533677.png rename to umn/source/_static/images/en-us_image_0000001865662833.png diff --git a/umn/source/_static/images/en-us_image_0000001207827554.png b/umn/source/_static/images/en-us_image_0000001865662841.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001207827554.png rename to umn/source/_static/images/en-us_image_0000001865662841.png diff --git a/umn/source/_static/images/en-us_image_0000001197426329.png b/umn/source/_static/images/en-us_image_0000001865662885.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001197426329.png rename to umn/source/_static/images/en-us_image_0000001865662885.png diff --git a/umn/source/_static/images/en-us_image_0000001675613937.png b/umn/source/_static/images/en-us_image_0000001865662901.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675613937.png rename to umn/source/_static/images/en-us_image_0000001865662901.png diff --git a/umn/source/_static/images/en-us_image_0000001650535960.png b/umn/source/_static/images/en-us_image_0000001865662949.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001650535960.png rename to umn/source/_static/images/en-us_image_0000001865662949.png diff --git a/umn/source/_static/images/en-us_image_0000001540846821.png b/umn/source/_static/images/en-us_image_0000001865662969.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001540846821.png rename to umn/source/_static/images/en-us_image_0000001865662969.png diff --git a/umn/source/_static/images/en-us_image_0000001675613941.png b/umn/source/_static/images/en-us_image_0000001865662989.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675613941.png rename to umn/source/_static/images/en-us_image_0000001865662989.png diff --git a/umn/source/_static/images/en-us_image_0000001675613945.png b/umn/source/_static/images/en-us_image_0000001865663001.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675613945.png rename to umn/source/_static/images/en-us_image_0000001865663001.png diff --git a/umn/source/_static/images/en-us_image_0000001865663033.png b/umn/source/_static/images/en-us_image_0000001865663033.png new file mode 100644 index 0000000..ce84b5c Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865663033.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675613953.png b/umn/source/_static/images/en-us_image_0000001865663057.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675613953.png rename to umn/source/_static/images/en-us_image_0000001865663057.png diff --git a/umn/source/_static/images/en-us_image_0000001675613957.png b/umn/source/_static/images/en-us_image_0000001865663089.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675613957.png rename to umn/source/_static/images/en-us_image_0000001865663089.png diff --git a/umn/source/_static/images/en-us_image_0000001865663101.png b/umn/source/_static/images/en-us_image_0000001865663101.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865663101.png differ diff --git a/umn/source/_static/images/en-us_image_0000001675615337.png b/umn/source/_static/images/en-us_image_0000001865663109.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675615337.png rename to umn/source/_static/images/en-us_image_0000001865663109.png diff --git a/umn/source/_static/images/en-us_image_0152667656.png b/umn/source/_static/images/en-us_image_0000001865663121.png similarity index 100% rename from umn/source/_static/images/en-us_image_0152667656.png rename to umn/source/_static/images/en-us_image_0000001865663121.png diff --git a/umn/source/_static/images/en-us_image_0000001675616433.png b/umn/source/_static/images/en-us_image_0000001865663129.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675616433.png rename to umn/source/_static/images/en-us_image_0000001865663129.png diff --git a/umn/source/_static/images/en-us_image_0000001675813933.png b/umn/source/_static/images/en-us_image_0000001865663133.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675813933.png rename to umn/source/_static/images/en-us_image_0000001865663133.png diff --git a/umn/source/_static/images/en-us_image_0000001675616561.png b/umn/source/_static/images/en-us_image_0000001865663157.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675616561.png rename to umn/source/_static/images/en-us_image_0000001865663157.png diff --git a/umn/source/_static/images/en-us_image_0191577030.png b/umn/source/_static/images/en-us_image_0000001865663181.png similarity index 100% rename from umn/source/_static/images/en-us_image_0191577030.png rename to umn/source/_static/images/en-us_image_0000001865663181.png diff --git a/umn/source/_static/images/en-us_image_0209606948.png b/umn/source/_static/images/en-us_image_0000001865663209.png similarity index 100% rename from umn/source/_static/images/en-us_image_0209606948.png rename to umn/source/_static/images/en-us_image_0000001865663209.png diff --git a/umn/source/_static/images/en-us_image_0000001675618277.png b/umn/source/_static/images/en-us_image_0000001865663213.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675618277.png rename to umn/source/_static/images/en-us_image_0000001865663213.png diff --git a/umn/source/_static/images/en-us_image_0000001512876289.png b/umn/source/_static/images/en-us_image_0000001865663449.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001512876289.png rename to umn/source/_static/images/en-us_image_0000001865663449.png diff --git a/umn/source/_static/images/en-us_image_0167840073.png b/umn/source/_static/images/en-us_image_0000001865663453.png similarity index 100% rename from umn/source/_static/images/en-us_image_0167840073.png rename to umn/source/_static/images/en-us_image_0000001865663453.png diff --git a/umn/source/_static/images/en-us_image_0000001675619157.png b/umn/source/_static/images/en-us_image_0000001865663457.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001675619157.png rename to umn/source/_static/images/en-us_image_0000001865663457.png diff --git a/umn/source/_static/images/en-us_image_0000001676063997.png b/umn/source/_static/images/en-us_image_0000001865663461.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001676063997.png rename to umn/source/_static/images/en-us_image_0000001865663461.png diff --git a/umn/source/_static/images/en-us_image_0000001681512581.png b/umn/source/_static/images/en-us_image_0000001865663473.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001681512581.png rename to umn/source/_static/images/en-us_image_0000001865663473.png diff --git a/umn/source/_static/images/en-us_image_0000001865663509.png b/umn/source/_static/images/en-us_image_0000001865663509.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865663509.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865663521.png b/umn/source/_static/images/en-us_image_0000001865663521.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865663521.png differ diff --git a/umn/source/_static/images/en-us_image_0240332622.png b/umn/source/_static/images/en-us_image_0000001865663537.png similarity index 100% rename from umn/source/_static/images/en-us_image_0240332622.png rename to umn/source/_static/images/en-us_image_0000001865663537.png diff --git a/umn/source/_static/images/en-us_image_0000001865674836.png b/umn/source/_static/images/en-us_image_0000001865674836.png new file mode 100644 index 0000000..73149eb Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865674836.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865684752.png b/umn/source/_static/images/en-us_image_0000001865684752.png new file mode 100644 index 0000000..fed32d8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865684752.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865828728.png b/umn/source/_static/images/en-us_image_0000001865828728.png new file mode 100644 index 0000000..e308d67 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865828728.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865833004.png b/umn/source/_static/images/en-us_image_0000001865833004.png new file mode 100644 index 0000000..d67dfd8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865833004.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865837676.png b/umn/source/_static/images/en-us_image_0000001865837676.png new file mode 100644 index 0000000..267f2de Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865837676.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865884494.png b/umn/source/_static/images/en-us_image_0000001865884494.png new file mode 100644 index 0000000..eaa0302 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865884494.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865898552.png b/umn/source/_static/images/en-us_image_0000001865898552.png new file mode 100644 index 0000000..5aa7f83 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865898552.png differ diff --git a/umn/source/_static/images/en-us_image_0000001866046474.png b/umn/source/_static/images/en-us_image_0000001866046474.png new file mode 100644 index 0000000..8bbd514 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001866046474.png differ diff --git a/umn/source/_static/images/en-us_image_0000001866063864.png b/umn/source/_static/images/en-us_image_0000001866063864.png new file mode 100644 index 0000000..51d37f5 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001866063864.png differ diff --git a/umn/source/_static/images/en-us_image_0000001879005797.png b/umn/source/_static/images/en-us_image_0000001879005797.png new file mode 100644 index 0000000..f620327 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001879005797.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911771617.png b/umn/source/_static/images/en-us_image_0000001911771617.png new file mode 100644 index 0000000..51d37f5 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911771617.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911842313.png b/umn/source/_static/images/en-us_image_0000001911842313.png new file mode 100644 index 0000000..a93b49a Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911842313.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911849797.png b/umn/source/_static/images/en-us_image_0000001911849797.png new file mode 100644 index 0000000..53e6dfa Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911849797.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911853289.png b/umn/source/_static/images/en-us_image_0000001911853289.png new file mode 100644 index 0000000..e2ad780 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911853289.png differ diff --git a/umn/source/_static/images/en-us_image_0142360062.png b/umn/source/_static/images/en-us_image_0142360062.png deleted file mode 100644 index f5a39cd..0000000 Binary files a/umn/source/_static/images/en-us_image_0142360062.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0162391155.png b/umn/source/_static/images/en-us_image_0162391155.png deleted file mode 100644 index 8dc4f6f..0000000 Binary files a/umn/source/_static/images/en-us_image_0162391155.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0214585306.png b/umn/source/_static/images/en-us_image_0214585306.png deleted file mode 100644 index e0684de..0000000 Binary files a/umn/source/_static/images/en-us_image_0214585306.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0214585307.png b/umn/source/_static/images/en-us_image_0214585307.png deleted file mode 100644 index f5a39cd..0000000 Binary files a/umn/source/_static/images/en-us_image_0214585307.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0233469196.png b/umn/source/_static/images/en-us_image_0233469196.png deleted file mode 100644 index a844ced..0000000 Binary files a/umn/source/_static/images/en-us_image_0233469196.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0233469654.png b/umn/source/_static/images/en-us_image_0233469654.png deleted file mode 100644 index f5a39cd..0000000 Binary files a/umn/source/_static/images/en-us_image_0233469654.png and /dev/null differ diff --git a/umn/source/access_control/differences_between_security_groups_and_firewalls.rst b/umn/source/access_control/differences_between_security_groups_and_firewalls.rst index c4b42e5..de9a514 100644 --- a/umn/source/access_control/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/access_control/differences_between_security_groups_and_firewalls.rst @@ -5,16 +5,16 @@ Differences Between Security Groups and Firewalls ================================================= -You can configure security groups and firewalls to increase the security of ECSs in your VPC. +You can configure firewall and security group rules to protect the instances in your VPC, such as ECSs and databases. -- Security groups operate at the ECS level. -- Firewalls protect associated subnets and all the resources in the subnets. +- A security group protects the instances in it. +- A firewall protects associated subnets and all the resources in the subnets. For details, see :ref:`Figure 1 `. .. _en-us_topic_0052003963__fig9582182315479: -.. figure:: /_static/images/en-us_image_0000001699135873.png +.. figure:: /_static/images/en-us_image_0000001818982946.png :alt: **Figure 1** Security groups and firewalls **Figure 1** Security groups and firewalls @@ -25,16 +25,20 @@ For details, see :ref:`Figure 1 `. .. table:: **Table 1** Differences between security groups and firewalls - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Category | Security Group | Firewall | - +==========+================================================================================================================================================+=============================================================================================================================================================================================================================================================================================================================+ - | Scope | Operates at the ECS level. | Operates at the subnet level. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Rules | Does not support **Allow** or **Deny** rules. | Supports both **Allow** and **Deny** rules. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Priority | If there are conflicting rules, they are combined and applied together. | If rules conflict, the rule with the highest priority takes effect. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Usage | Automatically applies to ECSs in the security group that is selected during ECS creation. You must select a security group when creating ECSs. | Applies to all ECSs in the subnets associated with the firewall. Selecting a firewall is not allowed during subnet creation. You must create a firewall, associate subnets with it, add inbound and outbound rules, and enable firewall. The firewall then takes effect for the associated subnets and ECSs in the subnets. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Packets | Only packet filtering based on the 3-tuple (protocol, port, and peer IP address) is supported. | Only packet filtering based on the 5-tuple (protocol, source port, destination port, source IP address, and destination IP address) is supported. | - +----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Category | Security Group | Firewall | + +=======================+========================================================================================================================================================================+===========================================================================================================================================================================================================================================================+ + | Protection Scope | Protects instances in a security group, such as ECSs and databases. | Protects subnets and all the instances in the subnets. | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Rules | Does not support **Allow** or **Deny** rules. | Supports both **Allow** and **Deny** rules. | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Matching Order | If there are conflicting rules, they are combined and applied together. | If rules conflict, the rule with the highest priority takes effect. | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Usage | - When creating an instance, such as an ECS, you must select a security group. If you do not have a security group, a default security group will be created for you. | Selecting a firewall is not allowed when you create a subnet. You must create a firewall, add inbound and outbound rules, associate subnets with it, and enable firewall. The firewall then protects the associated subnets and instances in the subnets. | + | | - After creating an instance, you can: | | + | | | | + | | - Add or remove the instance to or from the security group on the security group console. | | + | | - Associate or disassociate a security group with or from the instance on the instance console. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Packets | Packet filtering based on the 3-tuple (protocol, port, and source/destination) is supported. | Packet filtering based on the 5-tuple (protocol, source port, destination port, and source/destination) is supported. | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/access_control/firewall/adding_a_firewall_rule.rst b/umn/source/access_control/firewall/adding_a_firewall_rule.rst deleted file mode 100644 index 6510a64..0000000 --- a/umn/source/access_control/firewall/adding_a_firewall_rule.rst +++ /dev/null @@ -1,93 +0,0 @@ -:original_name: en-us_topic_0051746702.html - -.. _en-us_topic_0051746702: - -Adding a Firewall Rule -====================== - -Scenarios ---------- - -Add an inbound or outbound rule based on your network security requirements. - -Notes and Constraints ---------------------- - -A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - -4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, click **Add Rule** to add an inbound or outbound rule. - - - Click **+** to add more rules. - - Locate the row that contains the firewall rule and click **Replicate** in the **Operation** column to replicate an existing rule. - - - .. figure:: /_static/images/en-us_image_0274115599.png - :alt: **Figure 1** Add Inbound Rule - - **Figure 1** Add Inbound Rule - - .. table:: **Table 1** Parameter descriptions - - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +========================+=================================================================================================================================================================================================================================================================================================================================+=======================+ - | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | - | | | | - | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054054.png diff --git a/umn/source/access_control/firewall/firewall_overview.rst b/umn/source/access_control/firewall/firewall_overview.rst index d585350..e925870 100644 --- a/umn/source/access_control/firewall/firewall_overview.rst +++ b/umn/source/access_control/firewall/firewall_overview.rst @@ -11,7 +11,7 @@ A firewall is an optional layer of security for your subnets. After you associat .. _acl_0001__fig9582182315479: -.. figure:: /_static/images/en-us_image_0000001699135873.png +.. figure:: /_static/images/en-us_image_0000001818982946.png :alt: **Figure 1** Security groups and firewalls **Figure 1** Security groups and firewalls @@ -24,9 +24,22 @@ Firewall Basics --------------- - Your VPC does not come with a firewall, but you can create a firewall and associate it with a VPC subnet if required. By default, each firewall denies all inbound traffic to and outbound traffic from the associated subnet until you add rules. + - You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. + - Each newly created firewall is in the **Inactive** state until you associate subnets with it. +- Firewalls use connection tracking to track traffic to and from instances. Changes to inbound and outbound rules do not take effect immediately for the existing traffic. + + If you add, modify, or delete a firewall rule, or associate or disassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected. New rules will only be applied for the new connections. + +.. important:: + + After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will apply when the timeout period (30s) expires. + + - The timeout period of connection tracking varies by protocol. The timeout period of a TCP connection in the established state is 600s, and that of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s. + - The timeout period of TCP connections varies by connection status. The timeout period of a TCP connection in the established state is 600s, and that of a TCP connection in the FIN-WAIT state is 30s. + .. _acl_0001__section99541345213: Default Firewall Rules @@ -58,8 +71,8 @@ By default, each firewall has preset rules that allow the following packets: | Outbound | \* | Deny | All | 0.0.0.0/0 | 0.0.0.0/0 | Denies all outbound traffic. | +-----------+----------+--------+----------+-----------+-------------+------------------------------+ -Rule Priorities ---------------- +How Traffic Matches Firewall Rules +---------------------------------- - Each firewall rule has a priority value where a smaller value corresponds to a higher priority. Any time two rules conflict, the rule with the higher priority is the one that gets applied. The rule whose priority value is an asterisk (*) has the lowest priority. - If multiple firewall rules conflict, only the rule with the highest priority takes effect. If you need a rule to take effect before or after a specific rule, you can insert that rule before or after the specific rule. @@ -90,7 +103,7 @@ Configuration Procedure .. _acl_0001__fig1643183218163: -.. figure:: /_static/images/en-us_image_0162335382.png +.. figure:: /_static/images/en-us_image_0000001818982962.png :alt: **Figure 2** firewall configuration procedure **Figure 2** firewall configuration procedure diff --git a/umn/source/access_control/firewall/index.rst b/umn/source/access_control/firewall/index.rst index 2f4cc01..39ecda7 100644 --- a/umn/source/access_control/firewall/index.rst +++ b/umn/source/access_control/firewall/index.rst @@ -7,18 +7,9 @@ Firewall - :ref:`Firewall Overview ` - :ref:`Firewall Configuration Examples ` -- :ref:`Creating a Firewall ` -- :ref:`Adding a Firewall Rule ` -- :ref:`Associating Subnets with a Firewall ` -- :ref:`Disassociating Subnets from a Firewall ` -- :ref:`Changing the Sequence of a Firewall Rule ` -- :ref:`Modifying a Firewall Rule ` -- :ref:`Enabling or Disabling a Firewall Rule ` -- :ref:`Deleting a Firewall Rule ` -- :ref:`Viewing a Firewall ` -- :ref:`Modifying a Firewall ` -- :ref:`Enabling or Disabling a Firewall ` -- :ref:`Deleting a Firewall ` +- :ref:`Managing Firewalls ` +- :ref:`Management Firewall Rules ` +- :ref:`Managing Subnets Associated with a Firewall ` .. toctree:: :maxdepth: 1 @@ -26,15 +17,6 @@ Firewall firewall_overview firewall_configuration_examples - creating_a_firewall - adding_a_firewall_rule - associating_subnets_with_a_firewall - disassociating_subnets_from_a_firewall - changing_the_sequence_of_a_firewall_rule - modifying_a_firewall_rule - enabling_or_disabling_a_firewall_rule - deleting_a_firewall_rule - viewing_a_firewall - modifying_a_firewall - enabling_or_disabling_a_firewall - deleting_a_firewall + managing_firewalls/index + management_firewall_rules/index + managing_subnets_associated_with_a_firewall/index diff --git a/umn/source/access_control/firewall/management_firewall_rules/adding_a_firewall_rule.rst b/umn/source/access_control/firewall/management_firewall_rules/adding_a_firewall_rule.rst new file mode 100644 index 0000000..ffb0801 --- /dev/null +++ b/umn/source/access_control/firewall/management_firewall_rules/adding_a_firewall_rule.rst @@ -0,0 +1,89 @@ +:original_name: en-us_topic_0051746702.html + +.. _en-us_topic_0051746702: + +Adding a Firewall Rule +====================== + +Scenarios +--------- + +Add an inbound or outbound rule based on your network security requirements. + +Notes and Constraints +--------------------- + +A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. + +5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. + +6. On the **Inbound Rules** or **Outbound Rules** tab, click **Add Rule** to add an inbound or outbound rule. + + - Click **+** to add more rules. + - Locate the row that contains the firewall rule and click **Replicate** in the **Operation** column to replicate an existing rule. + + + .. figure:: /_static/images/en-us_image_0000001818823374.png + :alt: **Figure 1** Add Inbound Rule + + **Figure 1** Add Inbound Rule + + .. table:: **Table 1** Parameter descriptions + + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +========================+========================================================================================================================================================================================+=======================+ + | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | + | | | | + | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983162.png diff --git a/umn/source/access_control/firewall/changing_the_sequence_of_a_firewall_rule.rst b/umn/source/access_control/firewall/management_firewall_rules/changing_the_sequence_of_a_firewall_rule.rst similarity index 90% rename from umn/source/access_control/firewall/changing_the_sequence_of_a_firewall_rule.rst rename to umn/source/access_control/firewall/management_firewall_rules/changing_the_sequence_of_a_firewall_rule.rst index f56ccf5..4511c34 100644 --- a/umn/source/access_control/firewall/changing_the_sequence_of_a_firewall_rule.rst +++ b/umn/source/access_control/firewall/management_firewall_rules/changing_the_sequence_of_a_firewall_rule.rst @@ -33,5 +33,5 @@ Procedure The rule is inserted. The procedure for inserting an outbound rule is the same as that for inserting an inbound rule. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626894110.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582933.png diff --git a/umn/source/access_control/firewall/deleting_a_firewall_rule.rst b/umn/source/access_control/firewall/management_firewall_rules/deleting_a_firewall_rule.rst similarity index 89% rename from umn/source/access_control/firewall/deleting_a_firewall_rule.rst rename to umn/source/access_control/firewall/management_firewall_rules/deleting_a_firewall_rule.rst index 278b692..93cf3f9 100644 --- a/umn/source/access_control/firewall/deleting_a_firewall_rule.rst +++ b/umn/source/access_control/firewall/management_firewall_rules/deleting_a_firewall_rule.rst @@ -33,5 +33,5 @@ Procedure You can also select multiple firewall rules and click **Delete** above the firewall rule list to delete multiple rules at a time. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054082.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823162.png diff --git a/umn/source/access_control/firewall/enabling_or_disabling_a_firewall_rule.rst b/umn/source/access_control/firewall/management_firewall_rules/enabling_or_disabling_a_firewall_rule.rst similarity index 89% rename from umn/source/access_control/firewall/enabling_or_disabling_a_firewall_rule.rst rename to umn/source/access_control/firewall/management_firewall_rules/enabling_or_disabling_a_firewall_rule.rst index 6d66828..7be2761 100644 --- a/umn/source/access_control/firewall/enabling_or_disabling_a_firewall_rule.rst +++ b/umn/source/access_control/firewall/management_firewall_rules/enabling_or_disabling_a_firewall_rule.rst @@ -31,5 +31,5 @@ Procedure The rule is enabled or disabled. The procedure for enabling or disabling an outbound rule is the same as that for enabling or disabling an inbound rule. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254033.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823738.png diff --git a/umn/source/access_control/firewall/management_firewall_rules/index.rst b/umn/source/access_control/firewall/management_firewall_rules/index.rst new file mode 100644 index 0000000..2324c9c --- /dev/null +++ b/umn/source/access_control/firewall/management_firewall_rules/index.rst @@ -0,0 +1,22 @@ +:original_name: vpc_acl_0015.html + +.. _vpc_acl_0015: + +Management Firewall Rules +========================= + +- :ref:`Adding a Firewall Rule ` +- :ref:`Modifying a Firewall Rule ` +- :ref:`Changing the Sequence of a Firewall Rule ` +- :ref:`Enabling or Disabling a Firewall Rule ` +- :ref:`Deleting a Firewall Rule ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + adding_a_firewall_rule + modifying_a_firewall_rule + changing_the_sequence_of_a_firewall_rule + enabling_or_disabling_a_firewall_rule + deleting_a_firewall_rule diff --git a/umn/source/access_control/firewall/management_firewall_rules/modifying_a_firewall_rule.rst b/umn/source/access_control/firewall/management_firewall_rules/modifying_a_firewall_rule.rst new file mode 100644 index 0000000..cfa8eb2 --- /dev/null +++ b/umn/source/access_control/firewall/management_firewall_rules/modifying_a_firewall_rule.rst @@ -0,0 +1,83 @@ +:original_name: vpc_acl_0005.html + +.. _vpc_acl_0005: + +Modifying a Firewall Rule +========================= + +Scenarios +--------- + +Modify an inbound or outbound firewall rule based on your network security requirements. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. + +5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. + +6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Modify** in the **Operation** column. In the displayed dialog box, configure parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. + + + .. figure:: /_static/images/en-us_image_0000001865582941.png + :alt: **Figure 1** Modify Rule + + **Figure 1** Modify Rule + + .. _vpc_acl_0005__table59686157164549: + + .. table:: **Table 1** Parameter descriptions + + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Item | Description | Example Value | + +============================+========================================================================================================================================================================================+=======================+ + | Type | Specifies the firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Action | Specifies the firewall policy. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol | Specifies the protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. | TCP | + | | | | + | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | **Destination Port Range** | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Provides supplementary information about the firewall network ACL rule. This parameter is optional. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +7. Click **Confirm**. + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823406.png diff --git a/umn/source/access_control/firewall/creating_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/creating_a_firewall.rst similarity index 94% rename from umn/source/access_control/firewall/creating_a_firewall.rst rename to umn/source/access_control/firewall/managing_firewalls/creating_a_firewall.rst index 32fdb05..408e08a 100644 --- a/umn/source/access_control/firewall/creating_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/creating_a_firewall.rst @@ -30,7 +30,7 @@ Procedure 6. On the **Create Firewall** page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0129304042.png + .. figure:: /_static/images/en-us_image_0000001818823318.png :alt: **Figure 1** Create Firewall **Figure 1** Create Firewall @@ -51,5 +51,5 @@ Procedure 7. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626574358.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663057.png diff --git a/umn/source/access_control/firewall/deleting_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/deleting_a_firewall.rst similarity index 85% rename from umn/source/access_control/firewall/deleting_a_firewall.rst rename to umn/source/access_control/firewall/managing_firewalls/deleting_a_firewall.rst index 057b698..05bc8cd 100644 --- a/umn/source/access_control/firewall/deleting_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/deleting_a_firewall.rst @@ -31,5 +31,5 @@ Procedure Deleting a firewall will also disassociate its associated subnets and delete the firewall rules. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675613953.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982830.png diff --git a/umn/source/access_control/firewall/enabling_or_disabling_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/enabling_or_disabling_a_firewall.rst similarity index 90% rename from umn/source/access_control/firewall/enabling_or_disabling_a_firewall.rst rename to umn/source/access_control/firewall/managing_firewalls/enabling_or_disabling_a_firewall.rst index 60c71ff..4475948 100644 --- a/umn/source/access_control/firewall/enabling_or_disabling_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/enabling_or_disabling_a_firewall.rst @@ -29,5 +29,5 @@ Procedure 6. Click **Yes** in the displayed dialog box. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626894106.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823714.png diff --git a/umn/source/access_control/firewall/managing_firewalls/index.rst b/umn/source/access_control/firewall/managing_firewalls/index.rst new file mode 100644 index 0000000..1a72832 --- /dev/null +++ b/umn/source/access_control/firewall/managing_firewalls/index.rst @@ -0,0 +1,22 @@ +:original_name: vpc_acl_0014.html + +.. _vpc_acl_0014: + +Managing Firewalls +================== + +- :ref:`Creating a Firewall ` +- :ref:`Modifying a Firewall ` +- :ref:`Enabling or Disabling a Firewall ` +- :ref:`Viewing a Firewall ` +- :ref:`Deleting a Firewall ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_firewall + modifying_a_firewall + enabling_or_disabling_a_firewall + viewing_a_firewall + deleting_a_firewall diff --git a/umn/source/access_control/firewall/modifying_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/modifying_a_firewall.rst similarity index 77% rename from umn/source/access_control/firewall/modifying_a_firewall.rst rename to umn/source/access_control/firewall/managing_firewalls/modifying_a_firewall.rst index e201d2b..62144fe 100644 --- a/umn/source/access_control/firewall/modifying_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/modifying_a_firewall.rst @@ -33,7 +33,7 @@ Procedure 9. Click Y to save the new firewall description. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675413841.png -.. |image3| image:: /_static/images/en-us_image_0142359884.png -.. |image4| image:: /_static/images/en-us_image_0142359884.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983494.png +.. |image3| image:: /_static/images/en-us_image_0000001865583253.png +.. |image4| image:: /_static/images/en-us_image_0000001865583253.png diff --git a/umn/source/access_control/firewall/viewing_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst similarity index 74% rename from umn/source/access_control/firewall/viewing_a_firewall.rst rename to umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst index eb2ded4..946272d 100644 --- a/umn/source/access_control/firewall/viewing_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst @@ -27,5 +27,11 @@ Procedure 6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675373917.png + + .. figure:: /_static/images/en-us_image_0000001865684752.png + :alt: **Figure 1** Viewing a firewall + + **Figure 1** Viewing a firewall + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865662773.png diff --git a/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/associating_subnets_with_a_firewall.rst similarity index 92% rename from umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst rename to umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/associating_subnets_with_a_firewall.rst index b6cd722..4faccce 100644 --- a/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/associating_subnets_with_a_firewall.rst @@ -41,5 +41,5 @@ Procedure A subnet with a firewall associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626734158.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823450.png diff --git a/umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/disassociating_subnets_from_a_firewall.rst similarity index 89% rename from umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst rename to umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/disassociating_subnets_from_a_firewall.rst index b850868..baa0ab5 100644 --- a/umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/disassociating_subnets_from_a_firewall.rst @@ -35,5 +35,5 @@ Procedure Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the firewall at a time. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675413845.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818822962.png diff --git a/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/index.rst b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/index.rst new file mode 100644 index 0000000..4e1ccb7 --- /dev/null +++ b/umn/source/access_control/firewall/managing_subnets_associated_with_a_firewall/index.rst @@ -0,0 +1,16 @@ +:original_name: vpc_acl_0016.html + +.. _vpc_acl_0016: + +Managing Subnets Associated with a Firewall +=========================================== + +- :ref:`Associating Subnets with a Firewall ` +- :ref:`Disassociating Subnets from a Firewall ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + associating_subnets_with_a_firewall + disassociating_subnets_from_a_firewall diff --git a/umn/source/access_control/firewall/modifying_a_firewall_rule.rst b/umn/source/access_control/firewall/modifying_a_firewall_rule.rst deleted file mode 100644 index 6bfc3ea..0000000 --- a/umn/source/access_control/firewall/modifying_a_firewall_rule.rst +++ /dev/null @@ -1,87 +0,0 @@ -:original_name: vpc_acl_0005.html - -.. _vpc_acl_0005: - -Modifying a Firewall Rule -========================= - -Scenarios ---------- - -Modify an inbound or outbound firewall rule based on your network security requirements. - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - -4. In the navigation pane on the left, choose **Access Control** > **Firewalls**. - -5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. - -6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Modify** in the **Operation** column. In the displayed dialog box, configure parameters as prompted. :ref:`Table 1 ` lists the parameters to be configured. - - - .. figure:: /_static/images/en-us_image_0285048674.png - :alt: **Figure 1** Modify Rule - - **Figure 1** Modify Rule - - .. _vpc_acl_0005__table59686157164549: - - .. table:: **Table 1** Parameter descriptions - - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +========================+=================================================================================================================================================================================================================================================================================================================================+=======================+ - | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | - | | | | - | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -7. Click **Confirm**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675613957.png diff --git a/umn/source/access_control/security_group/creating_a_security_group.rst b/umn/source/access_control/security_group/creating_a_security_group.rst deleted file mode 100644 index e6844a6..0000000 --- a/umn/source/access_control/security_group/creating_a_security_group.rst +++ /dev/null @@ -1,90 +0,0 @@ -:original_name: en-us_topic_0013748715.html - -.. _en-us_topic_0013748715: - -Creating a Security Group -========================= - -Scenarios ---------- - -A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules. - -If your instances have different Internet access requirements, you can allocate them to different security groups when creating them. - -Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group. - -Notes and Constraints ---------------------- - -If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. - -The default security group name is **default**. For details, see :ref:`Default Security Group and Its Rules `. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - -#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. - - The security group list is displayed. - -#. In the upper right corner, click **Create Security Group**. - - The **Create Security Group** page is displayed. - -#. Configure the parameters as prompted. - - - .. figure:: /_static/images/en-us_image_0000001197426329.png - :alt: **Figure 1** Create Security Group - - **Figure 1** Create Security Group - - .. table:: **Table 1** Parameter description - - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================================================================================+============================+ - | Name | Mandatory | sg-AB | - | | | | - | | Enter the security group name. | | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Enterprise Project | Mandatory | default | - | | | | - | | When creating a security group, you can add the security group to an enabled enterprise project. | | - | | | | - | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Template | Mandatory | General-purpose web server | - | | | | - | | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | | - | | | | - | | - **Custom**: This template allows you to create security groups with custom security group rules. | | - | | - **General-purpose web server** (default value): The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | - | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Description | Optional | N/A | - | | | | - | | Supplementary information about the security group. This parameter is optional. | | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - -#. Confirm the inbound and outbound rules of the template and click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054062.png diff --git a/umn/source/access_control/security_group/default_security_group_and_its_rules.rst b/umn/source/access_control/security_group/default_security_group_and_its_rules.rst index dfc0a07..805837a 100644 --- a/umn/source/access_control/security_group/default_security_group_and_its_rules.rst +++ b/umn/source/access_control/security_group/default_security_group_and_its_rules.rst @@ -5,13 +5,13 @@ Default Security Group and Its Rules ==================================== -If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules: +If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance when you create it. A default security group has the following rules: - Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied. - Outbound rules allow all outbound traffic and response traffic to the outbound requests. -.. figure:: /_static/images/en-us_image_0000001230120807.png +.. figure:: /_static/images/en-us_image_0000001865662829.png :alt: **Figure 1** Default security group **Figure 1** Default security group @@ -19,7 +19,7 @@ If you have not created any security groups yet, the system automatically create .. note:: - You cannot delete the default security group, but you can modify existing rules or add rules to the group. - - The default security group is automatically created to simplify the process of creating an instance for the first time. The default security group denies all external requests. To log in to an instance, add a security group rule by referring to :ref:`Remotely Logging In to an ECS from a Local Server `. + - The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to :ref:`Remotely Logging In to an ECS from a Local Server `. :ref:`Table 1 ` describes the default rules for the default security group. diff --git a/umn/source/access_control/security_group/index.rst b/umn/source/access_control/security_group/index.rst index 65b3757..aeb6a86 100644 --- a/umn/source/access_control/security_group/index.rst +++ b/umn/source/access_control/security_group/index.rst @@ -8,20 +8,9 @@ Security Group - :ref:`Security Groups and Security Group Rules ` - :ref:`Default Security Group and Its Rules ` - :ref:`Security Group Configuration Examples ` -- :ref:`Creating a Security Group ` -- :ref:`Cloning a Security Group ` -- :ref:`Modifying a Security Group ` -- :ref:`Deleting a Security Group ` -- :ref:`Adding a Security Group Rule ` -- :ref:`Fast-Adding Security Group Rules ` -- :ref:`Allowing Common Ports with A Few Clicks ` -- :ref:`Modifying a Security Group Rule ` -- :ref:`Replicating a Security Group Rule ` -- :ref:`Importing and Exporting Security Group Rules ` -- :ref:`Deleting a Security Group Rule ` -- :ref:`Adding an Instance to or Removing an Instance from a Security Group ` -- :ref:`Viewing the Security Group of an ECS ` -- :ref:`Changing the Security Group of an ECS ` +- :ref:`Managing a Security Group ` +- :ref:`Managing Security Group Rules ` +- :ref:`Managing Instances Associated with a Security Group ` .. toctree:: :maxdepth: 1 @@ -30,17 +19,6 @@ Security Group security_groups_and_security_group_rules default_security_group_and_its_rules security_group_configuration_examples - creating_a_security_group - cloning_a_security_group - modifying_a_security_group - deleting_a_security_group - adding_a_security_group_rule - fast-adding_security_group_rules - allowing_common_ports_with_a_few_clicks - modifying_a_security_group_rule - replicating_a_security_group_rule - importing_and_exporting_security_group_rules - deleting_a_security_group_rule - adding_an_instance_to_or_removing_an_instance_from_a_security_group - viewing_the_security_group_of_an_ecs - changing_the_security_group_of_an_ecs + managing_a_security_group/index + managing_security_group_rules/index + managing_instances_associated_with_a_security_group/index diff --git a/umn/source/access_control/security_group/cloning_a_security_group.rst b/umn/source/access_control/security_group/managing_a_security_group/cloning_a_security_group.rst similarity index 92% rename from umn/source/access_control/security_group/cloning_a_security_group.rst rename to umn/source/access_control/security_group/managing_a_security_group/cloning_a_security_group.rst index 6d6690a..327dddd 100644 --- a/umn/source/access_control/security_group/cloning_a_security_group.rst +++ b/umn/source/access_control/security_group/managing_a_security_group/cloning_a_security_group.rst @@ -46,7 +46,7 @@ Procedure #. Select the region and name of the new security group as prompted. - .. figure:: /_static/images/en-us_image_0000001602035305.png + .. figure:: /_static/images/en-us_image_0000001865582513.png :alt: **Figure 1** Clone Security Group **Figure 1** Clone Security Group @@ -55,5 +55,5 @@ Procedure You can then switch to the required region to view the cloned security group in the security group list. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675373901.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982762.png diff --git a/umn/source/access_control/security_group/managing_a_security_group/creating_a_security_group.rst b/umn/source/access_control/security_group/managing_a_security_group/creating_a_security_group.rst new file mode 100644 index 0000000..85f7fe4 --- /dev/null +++ b/umn/source/access_control/security_group/managing_a_security_group/creating_a_security_group.rst @@ -0,0 +1,143 @@ +:original_name: en-us_topic_0013748715.html + +.. _en-us_topic_0013748715: + +Creating a Security Group +========================= + +Scenarios +--------- + +A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules. + +If your instances have different Internet access requirements, you can allocate them to different security groups when creating them. + +Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group. + +Security Group Templates +------------------------ + +The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. :ref:`Table 1 ` describes the security group templates. + +.. _en-us_topic_0013748715__table117828131111: + +.. table:: **Table 1** Security group templates + + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Template | Direction | Protocol/Port/Type | Source/Destination | Description | Application Scenario | + +============================+===========+==========================+====================+===================================================================================================================================+============================================================================================================================================================================================================================+ + | General-purpose web server | Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. | - Remotely log in to ECSs. | + | | | | | | - Use the ping command to test ECS connectivity. | + | | | | | | - ECSs functioning as web servers provide website access services. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | All ports open | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | Opening all ECS ports in a security group poses security risks. | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | 0.0.0.0/0 | Allows all IP addresses to access ECSs in the security group over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Fast-add rule | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | You can select protocols and ports that the inbound rule will apply to. | + | | | | | | | + | | | All (IPv6) | | | If you do not select any protocols and ports, no protocols and ports will be opened. After the security group is created, add required rules by referring to :ref:`Adding a Security Group Rule `. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | Custom port and protocol | 0.0.0.0/0 | Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | ::/0 | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notes and Constraints +--------------------- + +If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. + +The default security group name is **default**. For details, see :ref:`Default Security Group and Its Rules `. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + + The security group list is displayed. + +#. In the upper right corner, click **Create Security Group**. + + The **Create Security Group** page is displayed. + +#. Configure the parameters as prompted. + + + .. figure:: /_static/images/en-us_image_0000001865662885.png + :alt: **Figure 1** Create Security Group + + **Figure 1** Create Security Group + + .. table:: **Table 2** Parameter description + + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+================================================================================================================================================================================================================================+============================+ + | Name | Mandatory | sg-AB | + | | | | + | | Enter the security group name. | | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | Mandatory | default | + | | | | + | | When creating a security group, you can add the security group to an enabled enterprise project. | | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | Mandatory | General-purpose web server | + | | | | + | | The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. | | + | | | | + | | :ref:`Table 1 ` describes the security group templates. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Optional | N/A | + | | | | + | | Supplementary information about the security group. This parameter is optional. | | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + +#. Confirm the inbound and outbound rules of the template and click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582681.png diff --git a/umn/source/access_control/security_group/deleting_a_security_group.rst b/umn/source/access_control/security_group/managing_a_security_group/deleting_a_security_group.rst similarity index 92% rename from umn/source/access_control/security_group/deleting_a_security_group.rst rename to umn/source/access_control/security_group/managing_a_security_group/deleting_a_security_group.rst index c288840..8a2f5ff 100644 --- a/umn/source/access_control/security_group/deleting_a_security_group.rst +++ b/umn/source/access_control/security_group/managing_a_security_group/deleting_a_security_group.rst @@ -44,5 +44,5 @@ Procedure #. Confirm the information and click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626574362.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982846.png diff --git a/umn/source/access_control/security_group/managing_a_security_group/index.rst b/umn/source/access_control/security_group/managing_a_security_group/index.rst new file mode 100644 index 0000000..a6f4722 --- /dev/null +++ b/umn/source/access_control/security_group/managing_a_security_group/index.rst @@ -0,0 +1,20 @@ +:original_name: vpc_SecurityGroup_0012.html + +.. _vpc_SecurityGroup_0012: + +Managing a Security Group +========================= + +- :ref:`Creating a Security Group ` +- :ref:`Cloning a Security Group ` +- :ref:`Modifying a Security Group ` +- :ref:`Deleting a Security Group ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_security_group + cloning_a_security_group + modifying_a_security_group + deleting_a_security_group diff --git a/umn/source/access_control/security_group/modifying_a_security_group.rst b/umn/source/access_control/security_group/managing_a_security_group/modifying_a_security_group.rst similarity index 87% rename from umn/source/access_control/security_group/modifying_a_security_group.rst rename to umn/source/access_control/security_group/managing_a_security_group/modifying_a_security_group.rst index 5a6798e..d638c34 100644 --- a/umn/source/access_control/security_group/modifying_a_security_group.rst +++ b/umn/source/access_control/security_group/managing_a_security_group/modifying_a_security_group.rst @@ -33,5 +33,5 @@ Procedure #. Click **OK** to save the modification. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626894086.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982918.png diff --git a/umn/source/access_control/security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst similarity index 92% rename from umn/source/access_control/security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst rename to umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst index e24950e..b5638f1 100644 --- a/umn/source/access_control/security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst +++ b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/adding_an_instance_to_or_removing_an_instance_from_a_security_group.rst @@ -78,7 +78,7 @@ Follow-Up Operations You can delete the security groups that you no longer need. Deleting a security group will also delete all security group rules in the security group. For details, see :ref:`Deleting a Security Group `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054058.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001626734162.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982974.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001865582721.png diff --git a/umn/source/access_control/security_group/changing_the_security_group_of_an_ecs.rst b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/changing_the_security_group_of_an_ecs.rst similarity index 51% rename from umn/source/access_control/security_group/changing_the_security_group_of_an_ecs.rst rename to umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/changing_the_security_group_of_an_ecs.rst index 4467f82..3552b46 100644 --- a/umn/source/access_control/security_group/changing_the_security_group_of_an_ecs.rst +++ b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/changing_the_security_group_of_an_ecs.rst @@ -17,28 +17,29 @@ Procedure #. Click |image1| in the upper left corner and select your region and project. -#. Under **Computing**, click **Elastic Cloud Server**. +#. Click |image2| and choose **Computing** > **Elastic Cloud Server**. -#. In the ECS list, locate the row that contains the target ECS. Click **More** in the **Operation** column and select **Manage Network** > **Change Security Group**. +#. In the ECS list, choose **More** > **Manage Network** > **Change Security Group** in the **Operation** column. The **Change Security Group** dialog box is displayed. - .. figure:: /_static/images/en-us_image_0162733894.png - :alt: **Figure 1** Change Security Group + .. figure:: /_static/images/en-us_image_0000001865662753.png + :alt: **Figure 1** Changing a security group - **Figure 1** Change Security Group + **Figure 1** Changing a security group #. Select the target NIC and security groups. - You can select multiple security groups. In such a case, the rules of all the selected security groups will be aggregated to apply on the ECS. + You can select multiple security groups. In such a case, the access rules of all the selected security groups apply to the ECS. To create a security group, click **Create Security Group**. .. note:: - Using multiple security groups may deteriorate ECS network performance. You are suggested to select no more than five security groups. + Using multiple security groups may deteriorate ECS network performance. We recommend that you associate no more than five security groups with each ECS. #. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0093507575.png +.. |image1| image:: /_static/images/en-us_image_0000001818823030.png +.. |image2| image:: /_static/images/en-us_image_0000001865662757.jpg diff --git a/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/index.rst b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/index.rst new file mode 100644 index 0000000..9f2cbb0 --- /dev/null +++ b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/index.rst @@ -0,0 +1,18 @@ +:original_name: vpc_SecurityGroup_0014.html + +.. _vpc_SecurityGroup_0014: + +Managing Instances Associated with a Security Group +=================================================== + +- :ref:`Adding an Instance to or Removing an Instance from a Security Group ` +- :ref:`Viewing the Security Group of an ECS ` +- :ref:`Changing the Security Group of an ECS ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + adding_an_instance_to_or_removing_an_instance_from_a_security_group + viewing_the_security_group_of_an_ecs + changing_the_security_group_of_an_ecs diff --git a/umn/source/access_control/security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst similarity index 73% rename from umn/source/access_control/security_group/viewing_the_security_group_of_an_ecs.rst rename to umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst index 2abb587..f27cd52 100644 --- a/umn/source/access_control/security_group/viewing_the_security_group_of_an_ecs.rst +++ b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst @@ -29,5 +29,11 @@ Procedure You can view the security groups associated with the ECS and the inbound and outbound rules. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675413821.png + + .. figure:: /_static/images/en-us_image_0000001911842313.png + :alt: **Figure 1** View the security group of an ECS + + **Figure 1** View the security group of an ECS + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982866.png diff --git a/umn/source/access_control/security_group/adding_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst similarity index 68% rename from umn/source/access_control/security_group/adding_a_security_group_rule.rst rename to umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst index 8c251fc..9a88e67 100644 --- a/umn/source/access_control/security_group/adding_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst @@ -64,44 +64,43 @@ Procedure You can click **+** to add more inbound rules. - .. figure:: /_static/images/en-us_image_0284920908.png + .. figure:: /_static/images/en-us_image_0000001865662817.png :alt: **Figure 1** Add Inbound Rule **Figure 1** Add Inbound Rule .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -116,46 +115,45 @@ Procedure You can click **+** to add more outbound rules. - .. figure:: /_static/images/en-us_image_0284993717.png + .. figure:: /_static/images/en-us_image_0000001865582629.png :alt: **Figure 2** Add Outbound Rule **Figure 2** Add Outbound Rule .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. The outbound rule list is displayed. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626734166.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823082.png diff --git a/umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst b/umn/source/access_control/security_group/managing_security_group_rules/allowing_common_ports_with_a_few_clicks.rst similarity index 97% rename from umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst rename to umn/source/access_control/security_group/managing_security_group_rules/allowing_common_ports_with_a_few_clicks.rst index 729c0da..4739b20 100644 --- a/umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/allowing_common_ports_with_a_few_clicks.rst @@ -67,5 +67,5 @@ Procedure After the operation is complete, you can view the added rules in the security group rule list. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001646961692.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823186.png diff --git a/umn/source/access_control/security_group/deleting_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst similarity index 72% rename from umn/source/access_control/security_group/deleting_a_security_group_rule.rst rename to umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst index 251fdfd..7da34a1 100644 --- a/umn/source/access_control/security_group/deleting_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst @@ -13,10 +13,7 @@ If your security group rule is no longer required, you can delete it. Notes and Constraints --------------------- -Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows: - -- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. -- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. +Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Procedure --------- @@ -48,5 +45,5 @@ Procedure 8. Click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675413825.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582633.png diff --git a/umn/source/access_control/security_group/fast-adding_security_group_rules.rst b/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst similarity index 72% rename from umn/source/access_control/security_group/fast-adding_security_group_rules.rst rename to umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst index a35e38c..9b754de 100644 --- a/umn/source/access_control/security_group/fast-adding_security_group_rules.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst @@ -36,41 +36,40 @@ Procedure 7. Configure required parameters. - .. figure:: /_static/images/en-us_image_0211552164.png + .. figure:: /_static/images/en-us_image_0000001818823074.png :alt: **Figure 1** Fast-Add Inbound Rule **Figure 1** Fast-Add Inbound Rule .. table:: **Table 1** Inbound rule parameter description - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================+=======================+ - | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | - | | | | - | | - Remote login and ping | | - | | - Web services | | - | | - Databases | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | - IP address group: ipGroup-test | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | (Optional) Supplementary information about the security group rule. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==============================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 8. Click **OK**. @@ -83,43 +82,42 @@ Procedure 10. Configure required parameters. - .. figure:: /_static/images/en-us_image_0211560998.png + .. figure:: /_static/images/en-us_image_0000001865582617.png :alt: **Figure 2** Fast-Add Outbound Rule **Figure 2** Fast-Add Outbound Rule .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================+=======================+ - | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | - | | | | - | | - Remote login and ping | | - | | - Web services | | - | | - Databases | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | - IP address group: ipGroup-test | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | (Optional) Supplementary information about the security group rule. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=================================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 11. Click **OK**. The outbound rule list is displayed and you can view your added rule. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675373905.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982858.png diff --git a/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst similarity index 75% rename from umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst rename to umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst index 2630185..640c9d5 100644 --- a/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst @@ -19,6 +19,8 @@ Notes and Constraints - The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail. - Duplicate rules are not allowed, you can delete the rule and try again. +- If you want to import rules of the security group in one region to another under one account, only rules with both **Source** and **Destination** set to **IP address** can be applied. +- If you want to import rules of the security group in one account to the security group in another account, only rules with both **Source** and **Destination** set to **IP address** can be applied. Procedure --------- @@ -51,44 +53,43 @@ Procedure .. table:: **Table 1** Template parameters - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | | - | | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+====================================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | | + | | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254013.png -.. |image3| image:: /_static/images/en-us_image_0142360062.png -.. |image4| image:: /_static/images/en-us_image_0142360094.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582585.png +.. |image3| image:: /_static/images/en-us_image_0000001818823050.png +.. |image4| image:: /_static/images/en-us_image_0000001818982838.png diff --git a/umn/source/access_control/security_group/managing_security_group_rules/index.rst b/umn/source/access_control/security_group/managing_security_group_rules/index.rst new file mode 100644 index 0000000..c1e4f49 --- /dev/null +++ b/umn/source/access_control/security_group/managing_security_group_rules/index.rst @@ -0,0 +1,26 @@ +:original_name: vpc_SecurityGroup_0013.html + +.. _vpc_SecurityGroup_0013: + +Managing Security Group Rules +============================= + +- :ref:`Adding a Security Group Rule ` +- :ref:`Fast-Adding Security Group Rules ` +- :ref:`Allowing Common Ports with A Few Clicks ` +- :ref:`Modifying a Security Group Rule ` +- :ref:`Replicating a Security Group Rule ` +- :ref:`Importing and Exporting Security Group Rules ` +- :ref:`Deleting a Security Group Rule ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + adding_a_security_group_rule + fast-adding_security_group_rules + allowing_common_ports_with_a_few_clicks + modifying_a_security_group_rule + replicating_a_security_group_rule + importing_and_exporting_security_group_rules + deleting_a_security_group_rule diff --git a/umn/source/access_control/security_group/modifying_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/modifying_a_security_group_rule.rst similarity index 89% rename from umn/source/access_control/security_group/modifying_a_security_group_rule.rst rename to umn/source/access_control/security_group/managing_security_group_rules/modifying_a_security_group_rule.rst index ffc6be5..f8a1c07 100644 --- a/umn/source/access_control/security_group/modifying_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/modifying_a_security_group_rule.rst @@ -37,5 +37,5 @@ Procedure #. Modify the security group rule information as prompted and click **Confirm**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675613937.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983190.png diff --git a/umn/source/access_control/security_group/replicating_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/replicating_a_security_group_rule.rst similarity index 88% rename from umn/source/access_control/security_group/replicating_a_security_group_rule.rst rename to umn/source/access_control/security_group/managing_security_group_rules/replicating_a_security_group_rule.rst index 4559c3a..0ff6344 100644 --- a/umn/source/access_control/security_group/replicating_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/replicating_a_security_group_rule.rst @@ -35,5 +35,5 @@ Procedure #. Modify the security group rule information as prompted and click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626894090.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865583245.png diff --git a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst index b22032a..94be088 100644 --- a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst +++ b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst @@ -8,17 +8,28 @@ Security Groups and Security Group Rules Security Groups --------------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can configure access rules that will apply to all cloud resources added to this security group. If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules `. -Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules. +Security Group Basics +--------------------- -Security groups use connection tracking to track traffic to and from instances that they contain and security group rules are applied based on the connection status of the traffic to determine whether to allow or deny traffic. +- Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules. -- If you add, modify, or delete a security group rule, or add or remove an instance to or from a security group, the inbound connection tracking of all instances in the security group will be automatically cleared. The inbound or outbound traffic of the instance will be considered as new connections, which need to match the inbound or outbound security group rules to ensure that the rules take effect immediately and the security of incoming traffic. +- Security groups use connection tracking to track traffic to and from instances. If an inbound rule is modified, the modified rule immediately takes effect for the existing traffic. Changes to outbound security group rules do not affect existing persistent connections and take effect only for new connections. -- If there is no inbound or outbound traffic of an instance for a long time, the traffic will be considered as new connections after the connection tracking times out, and the connections need to match the outbound and inbound rules. The timeout period of connection tracking varies according to the protocol. The timeout period of a TCP connection in the established state is 600s, and the timeout period of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s. For protocols other than TCP, UDP, and ICMP, only the IP address and protocol number are tracked. + If you add, modify, or delete a security group rule, or add or remove an instance to or from a security group, the inbound connections of all instances in the security group will be automatically cleared. + + - The existing inbound persistent connections will be disconnected. All the new connections will match the new rules. + - The existing outbound persistent connections will not be disconnected, and the original rule will still be applied. All the new connections will match the new rules. + +.. important:: + + After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will be applied when the timeout period (30s) expires. + + - The timeout period of connection tracking varies by protocol. The timeout period of a TCP connection in the established state is 600s, and that of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s. + - The timeout period of TCP connections varies by connection status. The timeout period of a TCP connection in the established state is 600s, and that of a TCP connection in the FIN-WAIT state is 30s. Security Group Rules -------------------- @@ -29,46 +40,42 @@ A security group has inbound and outbound rules to control traffic that's allowe .. table:: **Table 1** Security group rule information - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Description | - +===================================+=====================================================================================================================================================================================================================================+ - | Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | - | | | - | | - Inbound rules control incoming traffic over specific ports to instances in the security group. | - | | - Outbound rules control outgoing traffic over specific ports from instances in the security group. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: | - | | | - | | - IP address: | - | | | - | | - Example IPv4 address: 192.168.10.10/32 | - | | - Example IPv6 address: 2002:50::44/128 | - | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | - | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | - | | | - | | - Security group: You can select another security group in the same region under the current account as the source. | - | | | - | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. | - | | | - | | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: | - | | | - | | - IP address: | - | | | - | | - Example IPv4 address: 192.168.10.10/32 | - | | - Example IPv6 address: 2002:50::44/128 | - | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | - | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | - | | | - | | - Security group: You can select another security group in the same region under the current account as the destination. | - | | | - | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. | - | | | - | | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Description | + +===================================+========================================================================================================================================================================================================================+ + | Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | + | | | + | | - Inbound rules control incoming traffic over specific ports to instances in the security group. | + | | - Outbound rules control outgoing traffic over specific ports from instances in the security group. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: | + | | | + | | - IP address: | + | | | + | | - Example IPv4 address: 192.168.10.10/32 | + | | - Example IPv6 address: 2002:50::44/128 | + | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | + | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | + | | | + | | - Security group: You can select another security group in the same region under the current account as the source. | + | | | + | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: | + | | | + | | - IP address: | + | | | + | | - Example IPv4 address: 192.168.10.10/32 | + | | - Example IPv6 address: 2002:50::44/128 | + | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | + | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | + | | | + | | - Security group: You can select another security group in the same region under the current account as the destination. | + | | | + | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Like whitelists, security group rules work as follows: @@ -119,6 +126,31 @@ Like whitelists, security group rules work as follows: You can use :ref:`VPC peering connections ` to connect VPCs in different regions. +Security Group Configuration Process +------------------------------------ + + +.. figure:: /_static/images/en-us_image_0000001865662813.png + :alt: **Figure 1** Security group configuration process + + **Figure 1** Security group configuration process + +.. table:: **Table 3** Security group configuration process description + + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | No. | Step | Description | Reference | + +=================+======================================+======================================================================================================================================================================================================================================================================+=================================================================================================+ + | 1 | Create a security group. | When creating a security group, you can select a template, such **General-purpose web server** or **All ports open**. A template contains preset security group rules. For details, see :ref:`Security group templates `. | :ref:`Creating a Security Group ` | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | 2 | Configure security group rules. | After a security group is created, if its rules cannot meet your service requirements, you can add new rules to the security group or modify original rules. | :ref:`Adding a Security Group Rule ` | + | | | | | + | | | | :ref:`Fast-Adding Security Group Rules ` | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | 3 | Add instances to the security group. | When you create an instance, the system automatically adds the instance to a security group for protection. | :ref:`Adding an Instance to or Removing an Instance from a Security Group ` | + | | | | | + | | | If one security group cannot meet your requirements, you can add an instance to multiple security groups. | | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + Security Group Constraints -------------------------- diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 1c35211..76eea13 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -5,677 +5,739 @@ Change History ============== -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Released On | Description | -+===================================+====================================================================================================================================================================================================================================================================================================================================+ -| 2023-12-19 | This release incorporates the following changes: | -| | | -| | Added screenshots in :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? `. | -| | | -| | Modified the table in :ref:`Why Can't I Delete My VPCs and Subnets? `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-12-18 | This release incorporates the following changes: | -| | | -| | Added IPv6-related content. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-12-12 | This release incorporates the following changes: | -| | | -| | Added descriptions about security group and IP address group as source or destination in :ref:`Adding a Security Group Rule `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-11-30 | This release incorporates the following changes: | -| | | -| | Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-11-14 | This release incorporates the following changes: | -| | | -| | Added the following content: | -| | | -| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-10-10 | This release incorporates the following changes: | -| | | -| | - Added the figure for configuring route tables in :ref:`Route Table `. | -| | - Modified :ref:`Step 4: Add a Security Group Rule `. | -| | | -| | - Changed the location of parameter **Type**. | -| | - Added protocol **GRE**. | -| | | -| | - Modified :ref:`Step 5: Add a Security Group Rule ` and :ref:`Adding a Security Group Rule `. | -| | | -| | - Added description that each ECS must be associated with at least one security group. | -| | - Modified description about port. | -| | - Changed the location of parameter **Type**. | -| | - Added protocol **GRE**. | -| | | -| | - Added the function of adding multiple tags for search in :ref:`Managing VPC Tags `. | -| | - Added figures and modified steps in :ref:`Viewing and Deleting Resources in a Subnet `. | -| | - Modified :ref:`Security Groups and Security Group Rules `. | -| | | -| | - Added protocol **GRE** and deleted content about **Action**. | -| | - Modified description about security group sg-AB. | -| | - Added description about security group configuration. | -| | - Added support for IPv6. | -| | | -| | - Changed the section name in :ref:`Default Security Group and Its Rules `. | -| | - Optimized description in :ref:`Creating a Security Group `. | -| | - Modified the figure and added parameter **Type** in :ref:`Fast-Adding Security Group Rules `. | -| | - Modified notes and constraints in :ref:`Importing and Exporting Security Group Rules `. | -| | - Added description about the maximum number of security groups that can be created in :ref:`Creating a Firewall `. | -| | - Modified figures and parameter settings in :ref:`Adding a Firewall Rule `. | -| | - Added the route table quota in notes and constraints in :ref:`Creating a Custom Route Table `. | -| | - Added constraints on the maximum number of routes that can be added to a route table in :ref:`Adding a Custom Route `. | -| | - Modified :ref:`Creating a VPC Peering Connection with Another VPC in Your Account `. | -| | | -| | - Added description that you need to add routes to the route tables of the local and peer VPCs after creating a VPC peering connection. | -| | - Added parameter **Description** for creating a VPC peering connection. | -| | | -| | - Added parameter **Description** for creating a VPC peering connection in :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. | -| | | -| | - Added description about the maximum number of flow log records that can be recorded in :ref:`VPC Flow Log Overview `. | -| | - Modified the section name and scenarios in :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) `. | -| | - Modified the verification procedure in :ref:`Creating a User and Granting VPC Permissions `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-09-08 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | - Optimized description in :ref:`Step 4: Add a Security Group Rule `. | -| | - Optimized the procedure for verifying IAM permissions in :ref:`Creating a User and Granting VPC Permissions `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-07-18 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Added description about enabling shared SNAT using an API in :ref:`Shared SNAT `. | -| | | -| | Security group | -| | | -| | Firewall | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-06-12 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Added description about viewing monitoring metrics in :ref:`Viewing Metrics `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-05-26 | This release incorporates the following changes: | -| | | -| | Added the following content: | -| | | -| | Added information about cloning a security group in :ref:`Cloning a Security Group `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-05-17 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Modified the procedure for viewing monitoring metrics in :ref:`Viewing Metrics `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-04-28 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Modified the links of sections "Binding an EIP" and "Unbinding an EIP" in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-04-20 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | - Added description that BMS user-defined network is available only in eu-de. | -| | - Added the step for viewing NIC details to :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-02-15 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Modified links in :ref:`What Is Virtual Private Cloud? ` and :ref:`Can I Bind an EIP to Multiple ECSs? `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2023-01-10 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Modified steps in :ref:`Subnet ` and :ref:`Elastic IP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-12-12 | This release incorporates the following changes: | -| | | -| | Updated the following content: | -| | | -| | Added description that EIPs of the Dedicated Load Balancer (5_gray) type cannot be created in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Can I Bind an EIP to Multiple ECSs? `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-11-15 | This release incorporates the following changes: | -| | | -| | Added support for binding and unbinding EIPs of the Dedicated Load Balancer (5_gray) type using APIs in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-10-20 | Modified the following content: | -| | | -| | Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-09-07 | Added the following content: | -| | | -| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-06-25 | Added the following content: | -| | | -| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2022-02-15 | Added the following content: | -| | | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Adding EIPs to a Shared Bandwidth `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-08-25 | Modified the following content: | -| | | -| | Deleted content about IP address groups. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-06-18 | Modified the following content: | -| | | -| | Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-05-10 | Added the following content: | -| | | -| | Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-05-08 | Added the following content: | -| | | -| | - Added description about the default reverse domain name of an EIP in :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added description about modifying a dedicated bandwidth or shared bandwidth in :ref:`Modifying an EIP Bandwidth `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2021-03-16 | Added the following FAQ: | -| | | -| | - :ref:`What Bandwidth Types Are Available? ` | -| | - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-12-16 | This release incorporates the following changes: | -| | | -| | - Deleted the restriction on the number of ECS NICs for SNAT in :ref:`Are There Any Restrictions on Using a Route Table? ` | -| | - Added the procedure for binding a virtual IP address to an ECS in :ref:`Binding a Virtual IP Address to an EIP or ECS `. | -| | - Added description about enabling ports 465 and 587 for Mail BGP EIPs in :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Modified or added content in **Notes and Constraints**. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-07-28 | Modified the following content: | -| | | -| | Changed the maximum number of tags that can be added to 20 in :ref:`Managing VPC Tags ` and :ref:`Managing Subnet Tags `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-05-30 | Added the following content: | -| | | -| | Added basic information to :ref:`Security Groups and Security Group Rules ` and :ref:`Firewall Overview `. | -| | | -| | Modified the following content: | -| | | -| | - Added rules in :ref:`Firewall Configuration Examples `. | -| | - Modified :ref:`Does a Security Group Rule or a Firewall Rule Immediately Take Effect for Existing Connections After It Is Modified? ` | -| | - Modified :ref:`Why Can't I Delete My VPCs and Subnets? ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-25 | Added the following content: | -| | | -| | - Added :ref:`Shared Bandwidth `. | -| | | -| | Modified the following content: | -| | | -| | - Modified steps in :ref:`Elastic IP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-02-12 | Added the following content: | -| | | -| | Added description that VPC flow logs support S2 ECSs in :ref:`VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-01-08 | Added the following content: | -| | | -| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | -| | - Added :ref:`Region and AZ `. | -| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | -| | | -| | Modified the following content: | -| | | -| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | -| | | -| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | -| | - Optimized figure examples in this document. | -| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | -| | - Optimized descriptions in :ref:`Firewall Overview `. | -| | - Changed the position of :ref:`Access Control `. | -| | - Optimized :ref:`What Is a Quota? ` | -| | | -| | Deleted the following content: | -| | | -| | - Deleted section "Deleting a VPN". | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2020-03-06 | Modified the following content: | -| | | -| | - Modified the steps in :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Elastic IP `, and :ref:`Shared Bandwidth `. | -| | - Updated screenshots in :ref:`Modifying a Shared Bandwidth `. | -| | - Updated screenshots and parameter description in :ref:`Creating a Subnet for the VPC `. | -| | - Modified steps in :ref:`Assigning a Virtual IP Address `, :ref:`Binding a Virtual IP Address to an EIP or ECS `, and :ref:`Releasing a Virtual IP Address `. | -| | - Updated screenshots in :ref:`VPC Peering Connection `. | -| | - Modified description in :ref:`How Many Routes Can a Route Table Contain? ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-12-13 | Added the following content: | -| | | -| | - Added restrictions on ports and port ranges in :ref:`Security Groups and Security Group Rules `. | -| | - Added description about IP address groups in :ref:`Importing and Exporting Security Group Rules `. | -| | - Added impacts caused by IP address group modification or deletion in "Managing an IP Address Group". | -| | | -| | Modified the following content: | -| | | -| | - Modified description and value examples of the port and source in :ref:`Step 4: Add a Security Group Rule ` and :ref:`Adding a Security Group Rule `. | -| | - Optimized note description in :ref:`Importing and Exporting Security Group Rules `. | -| | - Changed firewall to firewalls in :ref:`Creating a Firewall `. | -| | - Optimized description about the scenario in :ref:`Changing the Sequence of a Firewall Rule `. | -| | - Optimized description about the scenario in :ref:`Creating an Alarm Rule `. | -| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | -| | - Optimized figure examples in this document. | -| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | -| | - Optimized descriptions in :ref:`Firewall Overview `. | -| | - Changed the position of :ref:`Access Control `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted section "Deleting a VPN". | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-11-29 | Added the following content: | -| | | -| | - Added section "IP Address Group". | -| | - Added port format and IP address group when configuring security group rules in :ref:`Adding a Security Group Rule `. | -| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | -| | - Added :ref:`Region and AZ `. | -| | | -| | Modified the following content: | -| | | -| | Optimized :ref:`What Is a Quota? ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-11-05 | Modified the following content: | -| | | -| | Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-08-30 | Added the following content: | -| | | -| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | -| | - Added description that EIP type cannot be changed in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-08-23 | Modified the following content: | -| | | -| | Optimized description about **NTP Server Address** in :ref:`Modifying a Subnet `. | -| | | -| | Added the following content: | -| | | -| | Added descriptions about route types in :ref:`Route Table `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-08-16 | Added the following content: | -| | | -| | Added :ref:`Exporting Route Table Information `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-08-09 | Added the following content: | -| | | -| | - Added parameters **Type** and **Bandwidth Type** to :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added description about how to replicate multiple routes in :ref:`Replicating a Route `. | -| | - Added the description about **Next Hop Type** in :ref:`Adding a Custom Route `. | -| | | -| | Modified the following content: | -| | | -| | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet `. | -| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes `. | -| | - Modified descriptions about system routes and custom routes in :ref:`Route Tables and Routes `. | -| | - Modified description about usage restrictions in :ref:`Route Tables and Routes `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted parameter **Enterprise Project** from the document. | -| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-08-02 | Added the following content based on the RM-584 requirements: | -| | | -| | - Added subnet parameter description in :ref:`Modifying a Subnet `. | -| | | -| | Modified the following content based on the RM-584 requirements: | -| | | -| | - Added prerequisites in :ref:`Releasing a Virtual IP Address `. | -| | - Optimized description about scenarios and prerequisites in :ref:`Deleting a Subnet `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-07-22 | Added the following content: | -| | | -| | Added :ref:`Enabling or Disabling VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-06-04 | Optimized the description in the following sections: | -| | | -| | - :ref:`What Is an EIP? ` | -| | - :ref:`Step 2: Create a Subnet for the VPC ` | -| | - :ref:`Creating a Subnet for the VPC ` | -| | - :ref:`Route Table ` | -| | - :ref:`Virtual IP Address ` | -| | - :ref:`Virtual IP Address Overview ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-05-31 | Modified the following sections related to subnets and route tables based on the RM-584 requirements: | -| | | -| | - :ref:`Route Table ` | -| | - :ref:`Modifying a VPC ` | -| | - :ref:`Creating a Subnet for the VPC ` | -| | - :ref:`Modifying a Subnet ` | -| | - :ref:`Managing Subnet Tags ` | -| | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | -| | - :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` | -| | - :ref:`Viewing Routes Configured for a VPC Peering Connection ` | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-05-29 | Added the following content: | -| | | -| | - Added a note in :ref:`Deleting a VPC Flow Log `. | -| | - Added a note about changing the NTP server address in :ref:`Modifying a Subnet `. | -| | | -| | Modified the following content: | -| | | -| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-05-24 | Modified the following content: | -| | | -| | - Deleted description about DHCP in :ref:`What Is Virtual Private Cloud? `. | -| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | -| | - Optimized :ref:`Elastic IP `. | -| | - Updated the description and screenshot in :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` and :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` based on the latest management console page. | -| | - Updated sections :ref:`VPC Flow Log Overview ` and :ref:`Creating a VPC Flow Log `. | -| | | -| | Added the following content: | -| | | -| | - Added description about **Advanced Settings** and updated screenshots in :ref:`Creating a VPC ` and :ref:`Creating a Subnet for the VPC `. | -| | - Added "Obtaining the Peer VPC ID" in :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. | -| | - Added two precautions in :ref:`Virtual IP Address Overview `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-04-28 | Modified the following content: | -| | | -| | - Modified the incorrect word spelling in :ref:`Viewing a VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-04-25 | Added the following content: | -| | | -| | - Added a note in :ref:`Creating a VPC Flow Log `. | -| | - Added the description about no VPC flow log records in :ref:`Viewing a VPC Flow Log `. | -| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | -| | | -| | Modified the following content: | -| | | -| | - Modified description information about **Enterprise Project**. | -| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | -| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | -| | - Modified the description about how to switch to the **Shared Bandwidths** page in :ref:`Shared Bandwidth `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted "What Is a Security Group?", "Which Protocols Does a Security Group Support?", "What Are the Functions of the Default Security Group Rule?", and "How Can I Configure Security Group Rules?" in :ref:`FAQ `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-04-17 | Accepted in OTC-4.0/Agile-04.2019. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-04-12 | Modified the following content: | -| | | -| | - Modified the description for **DNS Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | -| | | -| | Added the following content: | -| | | -| | - Added the note about **Resource** in :ref:`Creating a VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-04-10 | Modified the following content: | -| | | -| | - Added the description about **log-status** in :ref:`Viewing a VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-03-30 | Added the following content: | -| | | -| | - Added the **Enterprise Project** parameter in :ref:`Creating a VPC `, :ref:`Creating a Security Group `, and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added :ref:`Shared Bandwidth `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | -| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | -| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | -| | | -| | Modified the following content: | -| | | -| | - Updated console screenshots. | -| | - Optimized the description in section "Security Group Configuration Examples". | -| | - Added the support for S2 ECSs in :ref:`VPC Flow Log Overview `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-03-18 | Modified the following content: | -| | | -| | - Modified the example description in :ref:`Viewing a VPC Flow Log `. | -| | - Modified steps in :ref:`Creating a VPC Flow Log `. | -| | | -| | Added the following content: | -| | | -| | - Added use restrictions in :ref:`VPC Flow Log Overview `. | -| | - Updated the console screenshots in :ref:`Deleting a VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-03-01 | Added the following content: | -| | | -| | - Added :ref:`Document Usage Instructions `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-27 | Added the following content: | -| | | -| | - Added screenshots and examples in :ref:`Viewing a VPC Flow Log `. | -| | | -| | Modified the following content: | -| | | -| | - Modified description about the scenario in :ref:`Deleting a VPC Flow Log `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-25 | Added the following content: | -| | | -| | - Added :ref:`VPC Flow Log `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | -| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | -| | | -| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | -| | | -| | Modified the following content: | -| | | -| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | -| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | -| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-23 | Added the following content: | -| | | -| | - Added the description about batch subnet creation in :ref:`VPC and Subnet `. | -| | - Added precautions about disabling a firewall in :ref:`Enabling or Disabling a Firewall `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-22 | Added the following content: | -| | | -| | Added the **Assign EIP** screenshot in :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-15 | Added the following content: | -| | | -| | - Added the Anti-DDoS service restriction in :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` | -| | | -| | Added :ref:`Modifying a Security Group `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-02-11 | Deleted the following content: | -| | | -| | - Deleted the console screenshot from :ref:`Assigning an EIP and Binding It to an ECS `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-31 | Accepted in OTC-4.0. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2019-01-30 | Modified the following content: | -| | | -| | - Modified the table listing the parameters for creating a VPC in :ref:`VPC and Subnet `. | -| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | -| | - Added the link to the default security group rule introduction in :ref:`Adding a Security Group Rule `. | -| | - Modified the format of the exported file to Excel in :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | -| | - Changed the number of characters allowed for the **Description** field to **255** in :ref:`Creating a Firewall `. | -| | - Modified steps in :ref:`Managing EIP Tags `. | -| | - Added the **Monitoring Period** column to the table listing metrics in :ref:`Supported Metrics `. | -| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in :ref:`What Is the Bandwidth Size Range? ` | -| | - Modified the table listing subnet parameters in :ref:`Modifying a Subnet `. | -| | - Updated the security group description in :ref:`Security Group `. | -| | - Updated the VPC peering connection description in :ref:`VPC Peering Connection `. | -| | - Updated firewall description in :ref:`Firewall `. | -| | - Updated console screenshots in :ref:`Adding a Firewall Rule `. | -| | - Updated console screenshots in :ref:`Modifying a Firewall Rule `. | -| | | -| | Added the following content: | -| | | -| | - Added :ref:`Security Group Configuration Examples `. | -| | - Added :ref:`Modifying an EIP Bandwidth `. | -| | - Added description about disassociating and releasing multiple EIPs at a time in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | -| | | -| | Deleted the following content: | -| | | -| | - Deleted description about the **Reject** action from :ref:`Adding a Firewall Rule `. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-12-30 | Modified the following content: | -| | | -| | - Modified description about how to switch to the security group and firewall pages based on the changes made on the management console. | -| | | -| | Added the following content: | -| | | -| | - Added section **Firewall** **Overview**. | -| | - Added section **Firewall** **Configuration Examples**. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-11-30 | Added the following content: | -| | | -| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | -| | | -| | Modified the following content: | -| | | -| | - Updated the document based on changes made to the firewall console pages. | -| | | -| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | -| | - Changed parameter **Any** to **All**. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-09-06 | Modified the following content: | -| | | -| | - Modified the content and changed some screenshots in the document based on the latest management console. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-08-30 | This release incorporates the following change: | -| | | -| | - Added section "Adding Instances to and Removing Them from a Security Group". | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-07-30 | This release incorporates the following changes: | -| | | -| | - Modified sections related to security groups: | -| | | -| | - Added section "Replicating a Security Group Rule". | -| | - Added section "Modifying a Security Group Rule". | -| | - Modified section "Deleting a Security Group Rule" and added description about how to delete multiple security group rules at a time. | -| | - Added section "Importing and Exporting Security Group Rules". | -| | | -| | - Modified the VPN sections: | -| | | -| | - Modified the step for switching to the VPN console. | -| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | -| | - Deleted section "VPN Best Practice". | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-30 | This release incorporates the following changes: | -| | | -| | - Optimized sections under "Service Overview." | -| | - Optimized sections under "Security Group". | -| | | -| | - Optimized section "Security Group Overview". | -| | | -| | - Optimized section "Default Security Groups and Security Group Rules". | -| | - Optimized section "Creating a Security Group". | -| | - Optimized section "Adding a Security Group Rule". | -| | - Optimized section "Fast-Adding Security Group Rules". | -| | - Added security group configuration examples. | -| | - Added section "Viewing the Security Group of an ECS". | -| | - Added section "Changing the Security Group of an ECS". | -| | | -| | - Categorized FAQs. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-06-11 | This release incorporates the following changes: | -| | | -| | - Added section "Monitoring". | -| | - Modified tag description. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-05-23 | Accepted in OTC 3.1. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-04-28 | This release incorporates the following changes: | -| | | -| | - Added description about VPN tagging. | -| | - Added the IPv6 address description. | -| | - Added section "Exporting VPC Information". | -| | - Modified the bandwidth range. | -| | - Modified the VPN modification screenshots. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-03-30 | This release incorporates the following changes: | -| | | -| | Deleted the IPv6 address description. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-02-28 | This release incorporates the following changes: | -| | | -| | Added the description that the security group description can contain a maximum of 128 characters. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2018-01-30 | This release incorporates the following changes: | -| | | -| | - Added description about the function of unbinding and releasing EIPs in batches. | -| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | -| | - Added the description that the security group description can contain a maximum of 64 characters. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-11-30 | This release incorporates the following changes: | -| | | -| | - Updated screenshots and steps based on the latest management console. | -| | - Added description to indicate that subnets can be created without specifying the AZ. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-10-30 | This release incorporates the following changes: | -| | | -| | - Added description about the fast security group rule adding function. | -| | - Added ECS security group configuration examples. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-09-30 | This release incorporates the following changes: | -| | | -| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | -| | - Modified description in sections "Adding a Security Group Rule" and "Deleting a Security Group Rule" based on changes made to the network console. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-08-30 | This release incorporates the following changes: | -| | | -| | - Added section "Managing Subnet Tags". | -| | - Added description about the VPC, subnet, and EIP tags. | -| | - Added section "Security Group Overview". | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-07-30 | This release incorporates the following changes: | -| | | -| | - Added description about how to enable shared SNAT on the management console. | -| | - Added section "Managing VPC Tags". | -| | - Added section "Managing EIP Tags". | -| | - Changed the number of routes allowed in a route table by default to **100**. | -| | - Updated procedures in sections "VPC and Subnet" and "Custom Route" based on changes made to the network console. | -| | - Added description about the multi-project feature. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-06-30 | This release incorporates the following change: | -| | | -| | - Added description about the virtual IP address feature. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-05-30 | This release incorporates the following change: | -| | | -| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC?** | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-04-28 | This release incorporates the following change: | -| | | -| | - Added description about how to add DNS server addresses during subnet information modification. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-03-30 | This release incorporates the following change: | -| | | -| | - Added description about the firewall function. | -| | - Added description about the shared SNAT function. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-28 | This release incorporates the following change: | -| | | -| | - Deleted description about the button for disabling the DHCP function. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-02-24 | This release incorporates the following change: | -| | | -| | - Added description about the VPC peering function. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2017-01-12 | This release incorporates the following change: | -| | | -| | - Added description about the custom route table function. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-10-19 | This release incorporates the following change: | -| | | -| | - Updated the Help Center URL of the VPN service. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-07-15 | This release incorporates the following changes: | -| | | -| | - Modified the VPN authentication algorithm. | -| | - Optimized the traffic metering function. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 2016-03-14 | This issue is the first official release. | -+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Released On | Description | ++===================================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ +| 2024-05-06 | This release incorporates the following changes: | +| | | +| | Removed step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access ` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-04-25 | This release incorporates the following changes: | +| | | +| | - Modified the procedure for deleting routes for a VPC peering connection between VPCs in different accounts in :ref:`Deleting Routes Configured for a VPC Peering Connection `. | +| | - Modified the figure for creating a route table in :ref:`Creating a Custom Route Table `. | +| | - Modified the figure for adding a custom route in :ref:`Adding a Custom Route `. | +| | - Added descriptions about **Destination Type** in :ref:`Adding a Custom Route ` and :ref:`Modifying a Route `. | +| | - Added descriptions about security group templates in the table "Security group configuration process description" in :ref:`Security Groups and Security Group Rules `. | +| | - Modified descriptions about the security groups in the parameter descriptions in :ref:`Adding a Security Group Rule ` and :ref:`Importing and Exporting Security Group Rules `. | +| | - Added step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access ` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. | +| | - Added figures for creating and viewing resources. | +| | - Deleted the content related to the IP address groups. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-04-22 | This release incorporates the following changes: | +| | | +| | - Added description about security group templates and related operations in :ref:`Creating a Security Group `. | +| | - Modified the description of adding routes for the VPC peering connection in :ref:`Creating a VPC Peering Connection with Another VPC in Your Account `, :ref:`Creating a VPC Peering Connection with a VPC in Another Account `, :ref:`Modifying Routes Configured for a VPC Peering Connection `, :ref:`Viewing Routes Configured for a VPC Peering Connection `, and :ref:`Deleting Routes Configured for a VPC Peering Connection `. | +| | - Added constraints on importing security group rules in :ref:`Importing and Exporting Security Group Rules `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-04-18 | This release incorporates the following changes: | +| | | +| | Modified the maximum number of custom routes that can be added to a route table in :ref:`How Many Routes Can I Add to a Route Table? `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-04-16 | This release incorporates the following changes: | +| | | +| | - Modified the procedure for changing the CIDR block of a VPC in :ref:`Modifying a VPC `. | +| | - Updated the Table 1 application scenarios of IPv4/IPv6 dual stack in :ref:`IPv4 and IPv6 Dual-Stack Network `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-03-27 | This release incorporates the following changes: | +| | | +| | - Changed **VPCReadOnlyAccess** and **VPCFullAccess** into **VPC ReadOnlyAccess** and **VPC FullAccess**. | +| | - Modified the subnet description in :ref:`Subnet `. | +| | - Deleted parameter **Fast-add rule** in :ref:`Creating a Security Group `. | +| | - Added the description indicating that if the secondary IPv4 CIDR block function is available in a region, the CIDR block of a VPC in this region cannot be modified through the console in :ref:`Modifying a VPC ` and :ref:`Adding a Secondary IPv4 CIDR Block to a VPC `. | +| | - Added the procedure for exporting the list of shared bandwidths in :ref:`Exporting Shared Bandwidths `. | +| | - Modified the operation procedure and figures in :ref:`Adding EIPs to a Shared Bandwidth ` and :ref:`Removing EIPs from a Shared Bandwidth `. | +| | - Modified the procedure for exporting the resource list in :ref:`Exporting VPC List `, :ref:`Exporting Subnet List `, :ref:`Importing and Exporting Security Group Rules `, :ref:`Exporting EIP Information `, and :ref:`Exporting Route Table Information `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-02-29 | This release incorporates the following changes: | +| | | +| | - Deleted parameter **Destination Address** in :ref:`Creating a Custom Route Table `, :ref:`Adding a Custom Route `, and :ref:`Modifying a Route `. | +| | - Deleted the descriptions about IP address groups in :ref:`Adding a Firewall Rule ` and :ref:`Modifying a Firewall Rule `. | +| | - Modified the subnet description in :ref:`Subnet `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-02-18 | This release incorporates the following changes: | +| | | +| | Added :ref:`What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-02-02 | This release incorporates the following changes: | +| | | +| | Modified figures in :ref:`Creating a Custom Route Table ` and :ref:`Adding a Custom Route `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-01-16 | This release incorporates the following changes: | +| | | +| | Modified the figure for creating a subnet in :ref:`Creating a Subnet for the VPC `, :ref:`Step 2: Create a Subnet for the VPC `, and :ref:`Step 2: Create a Subnet for the VPC `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2024-01-02 | This release incorporates the following changes: | +| | | +| | Modified the parameter descriptions in sections :ref:`Adding a Security Group Rule ` and :ref:`Adding a Firewall Rule `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-12-19 | This release incorporates the following changes: | +| | | +| | - Added screenshots in :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? ` | +| | - Modified the table in :ref:`Why Can't I Delete My VPCs and Subnets? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-12-18 | This release incorporates the following changes: | +| | | +| | Added IPv6-related content. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-12-12 | This release incorporates the following changes: | +| | | +| | Added descriptions about security group and IP address group as source or destination in :ref:`Adding a Security Group Rule `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-11-30 | This release incorporates the following changes: | +| | | +| | Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-11-14 | This release incorporates the following changes: | +| | | +| | Added the following content: | +| | | +| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-10-10 | This release incorporates the following changes: | +| | | +| | - Added the figure for configuring route tables in :ref:`Route Table `. | +| | - Modified :ref:`Step 4: Add a Security Group Rule `. | +| | | +| | - Changed the location of parameter **Type**. | +| | - Added protocol **GRE**. | +| | | +| | - Modified :ref:`Step 5: Add a Security Group Rule ` and :ref:`Adding a Security Group Rule `. | +| | | +| | - Added description that each ECS must be associated with at least one security group. | +| | - Modified description about port. | +| | - Changed the location of parameter **Type**. | +| | - Added protocol **GRE**. | +| | | +| | - Added the function of adding multiple tags for search in :ref:`Managing VPC Tags `. | +| | - Added figures and modified steps in :ref:`Viewing and Deleting Resources in a Subnet `. | +| | - Modified :ref:`Security Groups and Security Group Rules `. | +| | | +| | - Added protocol **GRE** and deleted content about **Action**. | +| | - Modified description about security group sg-AB. | +| | - Added description about security group configuration. | +| | - Added support for IPv6. | +| | | +| | - Changed the section name in :ref:`Default Security Group and Its Rules `. | +| | - Optimized description in :ref:`Creating a Security Group `. | +| | - Modified the figure and added parameter **Type** in :ref:`Fast-Adding Security Group Rules `. | +| | - Modified notes and constraints in :ref:`Importing and Exporting Security Group Rules `. | +| | - Added description about the maximum number of security groups that can be created in :ref:`Creating a Firewall `. | +| | - Modified figures and parameter settings in :ref:`Adding a Firewall Rule `. | +| | - Added the route table quota in notes and constraints in :ref:`Creating a Custom Route Table `. | +| | - Added constraints on the maximum number of routes that can be added to a route table in :ref:`Adding a Custom Route `. | +| | - Modified :ref:`Creating a VPC Peering Connection with Another VPC in Your Account `. | +| | | +| | - Added description that you need to add routes to the route tables of the local and peer VPCs after creating a VPC peering connection. | +| | - Added parameter **Description** for creating a VPC peering connection. | +| | | +| | - Added parameter **Description** for creating a VPC peering connection in :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. | +| | | +| | - Added description about the maximum number of flow log records that can be recorded in :ref:`VPC Flow Log Overview `. | +| | - Modified the section name and scenarios in :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) `. | +| | - Modified the verification procedure in :ref:`Creating a User and Granting VPC Permissions `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-09-08 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | - Optimized description in :ref:`Step 4: Add a Security Group Rule `. | +| | - Optimized the procedure for verifying IAM permissions in :ref:`Creating a User and Granting VPC Permissions `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-07-18 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Added description about enabling shared SNAT using an API in :ref:`Shared SNAT `. | +| | | +| | Security group | +| | | +| | Firewall | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-06-12 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Added description about viewing monitoring metrics in :ref:`Viewing Metrics `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-05-26 | This release incorporates the following changes: | +| | | +| | Added the following content: | +| | | +| | Added information about cloning a security group in :ref:`Cloning a Security Group `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-05-17 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified the procedure for viewing monitoring metrics in :ref:`Viewing Metrics `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-04-28 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified the links of sections "Binding an EIP" and "Unbinding an EIP" in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-04-20 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | - Added description that BMS user-defined network is available only in eu-de. | +| | - Added the step for viewing NIC details to :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-02-15 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified links in :ref:`What Is Virtual Private Cloud? ` and :ref:`Can I Bind an EIP to Multiple ECSs? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-01-10 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified steps in :ref:`Subnet ` and :ref:`Elastic IP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-12-12 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Added description that EIPs of the Dedicated Load Balancer (5_gray) type cannot be created in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Can I Bind an EIP to Multiple ECSs? `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-11-15 | This release incorporates the following changes: | +| | | +| | Added support for binding and unbinding EIPs of the Dedicated Load Balancer (5_gray) type using APIs in :ref:`Step 3: Assign an EIP and Bind It to an ECS `, :ref:`Assigning an EIP and Binding It to an ECS `, and :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-10-20 | Modified the following content: | +| | | +| | Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-09-07 | Added the following content: | +| | | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about binding EIPs of the dedicated load balancer **(5_gray)** type to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-06-25 | Added the following content: | +| | | +| | - Modified constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Modified constraints on EIP binding to load balancers in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2022-02-15 | Added the following content: | +| | | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about the default reverse domain name of an EIP in \ :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS ` and :ref:`Adding EIPs to a Shared Bandwidth `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-08-25 | Modified the following content: | +| | | +| | Deleted content about IP address groups. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-06-18 | Modified the following content: | +| | | +| | Updated screenshots and deleted the **Bandwidth Type** parameter in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-05-10 | Added the following content: | +| | | +| | Added constraints on EIPs dedicated for dedicated load balancers in :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-05-08 | Added the following content: | +| | | +| | - Added description about the default reverse domain name of an EIP in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about modifying a dedicated bandwidth or shared bandwidth in :ref:`Modifying an EIP Bandwidth `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2021-03-16 | Added the following FAQ: | +| | | +| | - :ref:`What Bandwidth Types Are Available? ` | +| | - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-12-16 | This release incorporates the following changes: | +| | | +| | - Deleted the restriction on the number of ECS NICs for SNAT in :ref:`Are There Any Restrictions on Using a Route Table? ` | +| | - Added the procedure for binding a virtual IP address to an ECS in :ref:`Binding a Virtual IP Address to an EIP or ECS `. | +| | - Added description about enabling ports 465 and 587 for Mail BGP EIPs in :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Modified or added content in **Notes and Constraints**. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-07-28 | Modified the following content: | +| | | +| | Changed the maximum number of tags that can be added to 20 in :ref:`Managing VPC Tags ` and :ref:`Managing Subnet Tags `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-05-30 | Added the following content: | +| | | +| | Added basic information to :ref:`Security Groups and Security Group Rules ` and :ref:`Firewall Overview `. | +| | | +| | Modified the following content: | +| | | +| | - Added rules in :ref:`Firewall Configuration Examples `. | +| | - Modified :ref:`Does a Modified Security Group Rule or a Firewall Rule Take Effect Immediately for Existing Connections? ` | +| | - Modified :ref:`Why Can't I Delete My VPCs and Subnets? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-25 | Added the following content: | +| | | +| | - Added :ref:`Shared Bandwidth `. | +| | | +| | Modified the following content: | +| | | +| | - Modified steps in :ref:`Elastic IP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-02-12 | Added the following content: | +| | | +| | Added description that VPC flow logs support S2 ECSs in :ref:`VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-01-08 | Added the following content: | +| | | +| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | +| | - Added :ref:`Region and AZ `. | +| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | +| | | +| | Modified the following content: | +| | | +| | - Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | +| | | +| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | +| | - Optimized figure examples in this document. | +| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | +| | - Optimized descriptions in :ref:`Firewall Overview `. | +| | - Changed the position of :ref:`Access Control `. | +| | - Optimized :ref:`What Is a Quota? ` | +| | | +| | Deleted the following content: | +| | | +| | - Deleted section "Deleting a VPN". | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2020-03-06 | Modified the following content: | +| | | +| | - Modified the steps in :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Elastic IP `, and :ref:`Shared Bandwidth `. | +| | - Updated screenshots in :ref:`Modifying a Shared Bandwidth `. | +| | - Updated screenshots and parameter description in :ref:`Creating a Subnet for the VPC `. | +| | - Modified steps in :ref:`Assigning a Virtual IP Address `, :ref:`Binding a Virtual IP Address to an EIP or ECS `, and :ref:`Releasing a Virtual IP Address `. | +| | - Updated screenshots in :ref:`VPC Peering Connection `. | +| | - Modified description in :ref:`How Many Routes Can I Add to a Route Table? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-12-13 | Added the following content: | +| | | +| | - Added restrictions on ports and port ranges in :ref:`Security Groups and Security Group Rules `. | +| | - Added description about IP address groups in :ref:`Importing and Exporting Security Group Rules `. | +| | - Added impacts caused by IP address group modification or deletion in "Managing an IP Address Group". | +| | | +| | Modified the following content: | +| | | +| | - Modified description and value examples of the port and source in :ref:`Step 4: Add a Security Group Rule ` and :ref:`Adding a Security Group Rule `. | +| | - Optimized note description in :ref:`Importing and Exporting Security Group Rules `. | +| | - Changed firewall to firewalls in :ref:`Creating a Firewall `. | +| | - Optimized description about the scenario in :ref:`Changing the Sequence of a Firewall Rule `. | +| | - Optimized description about the scenario in :ref:`Creating an Alarm Rule `. | +| | - Updated screenshots in :ref:`Adding a Security Group Rule ` and :ref:`Fast-Adding Security Group Rules `. | +| | - Optimized figure examples in this document. | +| | - Optimized descriptions in :ref:`Firewall Configuration Examples `. | +| | - Optimized descriptions in :ref:`Firewall Overview `. | +| | - Changed the position of :ref:`Access Control `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted section "Deleting a VPN". | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-11-29 | Added the following content: | +| | | +| | - Added section "IP Address Group". | +| | - Added port format and IP address group when configuring security group rules in :ref:`Adding a Security Group Rule `. | +| | - Added function and namespace description and optimized information in tables in :ref:`Supported Metrics `. | +| | - Added :ref:`Region and AZ `. | +| | | +| | Modified the following content: | +| | | +| | Optimized :ref:`What Is a Quota? ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-11-05 | Modified the following content: | +| | | +| | Added **Subnet** and **VPC** as the type of resources whose traffic is to be logged in :ref:`VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-30 | Added the following content: | +| | | +| | - Added the example of allowing external access to a specified port in :ref:`Security Group Configuration Examples `. | +| | - Added description that EIP type cannot be changed in :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-23 | Modified the following content: | +| | | +| | Optimized description about **NTP Server Address** in :ref:`Modifying a Subnet `. | +| | | +| | Added the following content: | +| | | +| | Added descriptions about route types in :ref:`Route Table `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-16 | Added the following content: | +| | | +| | Added :ref:`Exporting Route Table Information `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-09 | Added the following content: | +| | | +| | - Added parameters **Type** and **Bandwidth Type** to :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added description about how to replicate multiple routes in :ref:`Replicating a Route `. | +| | - Added the description about **Next Hop Type** in :ref:`Adding a Custom Route `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet `. | +| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes `. | +| | - Modified descriptions about system routes and custom routes in :ref:`Route Tables and Routes `. | +| | - Modified description about usage restrictions in :ref:`Route Tables and Routes `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted parameter **Enterprise Project** from the document. | +| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-08-02 | Added the following content based on the RM-584 requirements: | +| | | +| | - Added subnet parameter description in :ref:`Modifying a Subnet `. | +| | | +| | Modified the following content based on the RM-584 requirements: | +| | | +| | - Added prerequisites in :ref:`Releasing a Virtual IP Address `. | +| | - Optimized description about scenarios and prerequisites in :ref:`Deleting a Subnet `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-07-22 | Added the following content: | +| | | +| | Added :ref:`Enabling or Disabling VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-06-04 | Optimized the description in the following sections: | +| | | +| | - :ref:`What Is an EIP? ` | +| | - :ref:`Step 2: Create a Subnet for the VPC ` | +| | - :ref:`Creating a Subnet for the VPC ` | +| | - :ref:`Route Table ` | +| | - :ref:`Virtual IP Address ` | +| | - :ref:`Virtual IP Address Overview ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-31 | Modified the following sections related to subnets and route tables based on the RM-584 requirements: | +| | | +| | - :ref:`Route Table ` | +| | - :ref:`Modifying a VPC ` | +| | - :ref:`Creating a Subnet for the VPC ` | +| | - :ref:`Modifying a Subnet ` | +| | - :ref:`Managing Subnet Tags ` | +| | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | +| | - :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` | +| | - :ref:`Viewing Routes Configured for a VPC Peering Connection ` | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-29 | Added the following content: | +| | | +| | - Added a note in :ref:`Deleting a VPC Flow Log `. | +| | - Added a note about changing the NTP server address in :ref:`Modifying a Subnet `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-05-24 | Modified the following content: | +| | | +| | - Deleted description about DHCP in :ref:`What Is Virtual Private Cloud? `. | +| | - Modified description about **NTP Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | +| | - Optimized :ref:`Elastic IP `. | +| | - Updated the description and screenshot in :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` and :ref:`Creating a VPC Peering Connection with a VPC in Another Account ` based on the latest management console page. | +| | - Updated sections :ref:`VPC Flow Log Overview ` and :ref:`Creating a VPC Flow Log `. | +| | | +| | Added the following content: | +| | | +| | - Added description about **Advanced Settings** and updated screenshots in :ref:`Creating a VPC ` and :ref:`Creating a Subnet for the VPC `. | +| | - Added "Obtaining the Peer VPC ID" in :ref:`Creating a VPC Peering Connection with a VPC in Another Account `. | +| | - Added two precautions in :ref:`Virtual IP Address Overview `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-28 | Modified the following content: | +| | | +| | - Modified the incorrect word spelling in :ref:`Viewing a VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-25 | Added the following content: | +| | | +| | - Added a note in :ref:`Creating a VPC Flow Log `. | +| | - Added the description about no VPC flow log records in :ref:`Viewing a VPC Flow Log `. | +| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | +| | | +| | Modified the following content: | +| | | +| | - Modified description information about **Enterprise Project**. | +| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | +| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | +| | - Modified the description about how to switch to the **Shared Bandwidths** page in :ref:`Shared Bandwidth `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted "What Is a Security Group?", "Which Protocols Does a Security Group Support?", "What Are the Functions of the Default Security Group Rule?", and "How Can I Configure Security Group Rules?" in :ref:`FAQ `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-17 | Accepted in OTC-4.0/Agile-04.2019. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-12 | Modified the following content: | +| | | +| | - Modified the description for **DNS Server Address** in :ref:`Creating a VPC `, :ref:`Creating a Subnet for the VPC `, and :ref:`Modifying a Subnet `. | +| | | +| | Added the following content: | +| | | +| | - Added the note about **Resource** in :ref:`Creating a VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-04-10 | Modified the following content: | +| | | +| | - Added the description about **log-status** in :ref:`Viewing a VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-30 | Added the following content: | +| | | +| | - Added the **Enterprise Project** parameter in :ref:`Creating a VPC `, :ref:`Creating a Security Group `, and :ref:`Assigning an EIP and Binding It to an ECS `. | +| | - Added :ref:`Shared Bandwidth `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | +| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | +| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | +| | | +| | Modified the following content: | +| | | +| | - Updated console screenshots. | +| | - Optimized the description in section "Security Group Configuration Examples". | +| | - Added the support for S2 ECSs in :ref:`VPC Flow Log Overview `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-18 | Modified the following content: | +| | | +| | - Modified the example description in :ref:`Viewing a VPC Flow Log `. | +| | - Modified steps in :ref:`Creating a VPC Flow Log `. | +| | | +| | Added the following content: | +| | | +| | - Added use restrictions in :ref:`VPC Flow Log Overview `. | +| | - Updated the console screenshots in :ref:`Deleting a VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-03-01 | Added the following content: | +| | | +| | - Added :ref:`Document Usage Instructions `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-27 | Added the following content: | +| | | +| | - Added screenshots and examples in :ref:`Viewing a VPC Flow Log `. | +| | | +| | Modified the following content: | +| | | +| | - Modified description about the scenario in :ref:`Deleting a VPC Flow Log `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-25 | Added the following content: | +| | | +| | - Added :ref:`VPC Flow Log `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted the concepts of VPN, IPsec VPN, remote gateway, remote subnet, region, and project in :ref:`Basic Concepts `. | +| | - Deleted the FAQs related to VPN in :ref:`FAQ `. | +| | | +| | - Deleted the content related to "Configuring a VPC for ECSs That Access the Internet Through a VPN" in :ref:`Getting Started `. | +| | | +| | Modified the following content: | +| | | +| | - Optimized :ref:`Service Overview ` and added the product advantage description to :ref:`What Is Virtual Private Cloud? ` | +| | - Added :ref:`Security Group Configuration Examples `. The security group configuration examples are integrated into one section and the original independent sections are deleted. | +| | - Modified the description about how to switch to the **EIPs** page in :ref:`Elastic IP `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-23 | Added the following content: | +| | | +| | - Added the description about batch subnet creation in :ref:`VPC and Subnet `. | +| | - Added precautions about disabling a firewall in :ref:`Enabling or Disabling a Firewall `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-22 | Added the following content: | +| | | +| | Added the **Assign EIP** screenshot in :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-15 | Added the following content: | +| | | +| | - Added the Anti-DDoS service restriction in :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` | +| | | +| | Added :ref:`Modifying a Security Group `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-02-11 | Deleted the following content: | +| | | +| | - Deleted the console screenshot from :ref:`Assigning an EIP and Binding It to an ECS `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-31 | Accepted in OTC-4.0. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2019-01-30 | Modified the following content: | +| | | +| | - Modified the table listing the parameters for creating a VPC in :ref:`VPC and Subnet `. | +| | - Modified the table listing the parameters for modifying a security group rule in :ref:`Adding a Security Group Rule `. | +| | - Added the link to the default security group rule introduction in :ref:`Adding a Security Group Rule `. | +| | - Modified the format of the exported file to Excel in :ref:`Exporting VPC List ` and :ref:`Importing and Exporting Security Group Rules `. | +| | - Changed the number of characters allowed for the **Description** field to **255** in :ref:`Creating a Firewall `. | +| | - Modified steps in :ref:`Managing EIP Tags `. | +| | - Added the **Monitoring Period** column to the table listing metrics in :ref:`Supported Metrics `. | +| | - Changed the maximum bandwidth size allowed to 1000 Mbit/s in :ref:`What Is the Bandwidth Size Range? ` | +| | - Modified the table listing subnet parameters in :ref:`Modifying a Subnet `. | +| | - Updated the security group description in :ref:`Security Group `. | +| | - Updated the VPC peering connection description in :ref:`VPC Peering Connection `. | +| | - Updated firewall description in :ref:`Firewall `. | +| | - Updated console screenshots in :ref:`Adding a Firewall Rule `. | +| | - Updated console screenshots in :ref:`Modifying a Firewall Rule `. | +| | | +| | Added the following content: | +| | | +| | - Added :ref:`Security Group Configuration Examples `. | +| | - Added :ref:`Modifying an EIP Bandwidth `. | +| | - Added description about disassociating and releasing multiple EIPs at a time in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | +| | | +| | Deleted the following content: | +| | | +| | - Deleted description about the **Reject** action from :ref:`Adding a Firewall Rule `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-12-30 | Modified the following content: | +| | | +| | - Modified description about how to switch to the security group and firewall pages based on the changes made on the management console. | +| | | +| | Added the following content: | +| | | +| | - Added section **Firewall** **Overview**. | +| | - Added section **Firewall** **Configuration Examples**. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-11-30 | Added the following content: | +| | | +| | - Added parameter **NTP Server Address** to the description about how to create a subnet. | +| | | +| | Modified the following content: | +| | | +| | - Updated the document based on changes made to the firewall console pages. | +| | | +| | - Added description about how to delete multiple firewall rules at a time and how to disassociate multiple subnets from a firewall at a time. | +| | - Changed parameter **Any** to **All**. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-18 | Accepted in OTC-3.2/AGile-09.2018. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-09-06 | Modified the following content: | +| | | +| | - Modified the content and changed some screenshots in the document based on the latest management console. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-08-30 | This release incorporates the following change: | +| | | +| | - Added section "Adding Instances to and Removing Them from a Security Group". | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-07-30 | This release incorporates the following changes: | +| | | +| | - Modified sections related to security groups: | +| | | +| | - Added section "Replicating a Security Group Rule". | +| | - Added section "Modifying a Security Group Rule". | +| | - Modified section "Deleting a Security Group Rule" and added description about how to delete multiple security group rules at a time. | +| | - Added section "Importing and Exporting Security Group Rules". | +| | | +| | - Modified the VPN sections: | +| | | +| | - Modified the step for switching to the VPN console. | +| | - Deleted sections related to VPNs. An independent VPN user guide will be provided. | +| | - Deleted section "VPN Best Practice". | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-30 | This release incorporates the following changes: | +| | | +| | - Optimized sections under "Service Overview." | +| | - Optimized sections under "Security Group". | +| | | +| | - Optimized section "Security Group Overview". | +| | | +| | - Optimized section "Default Security Groups and Security Group Rules". | +| | - Optimized section "Creating a Security Group". | +| | - Optimized section "Adding a Security Group Rule". | +| | - Optimized section "Fast-Adding Security Group Rules". | +| | - Added security group configuration examples. | +| | - Added section "Viewing the Security Group of an ECS". | +| | - Added section "Changing the Security Group of an ECS". | +| | | +| | - Categorized FAQs. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-06-11 | This release incorporates the following changes: | +| | | +| | - Added section "Monitoring". | +| | - Modified tag description. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-05-23 | Accepted in OTC 3.1. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-04-28 | This release incorporates the following changes: | +| | | +| | - Added description about VPN tagging. | +| | - Added the IPv6 address description. | +| | - Added section "Exporting VPC Information". | +| | - Modified the bandwidth range. | +| | - Modified the VPN modification screenshots. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-03-30 | This release incorporates the following changes: | +| | | +| | Deleted the IPv6 address description. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-02-28 | This release incorporates the following changes: | +| | | +| | Added the description that the security group description can contain a maximum of 128 characters. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2018-01-30 | This release incorporates the following changes: | +| | | +| | - Added description about the function of unbinding and releasing EIPs in batches. | +| | - Added description about the function that the negotiation mode of the IKE policy in the VPN can be configured. | +| | - Added the description that the security group description can contain a maximum of 64 characters. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-11-30 | This release incorporates the following changes: | +| | | +| | - Updated screenshots and steps based on the latest management console. | +| | - Added description to indicate that subnets can be created without specifying the AZ. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-10-30 | This release incorporates the following changes: | +| | | +| | - Added description about the fast security group rule adding function. | +| | - Added ECS security group configuration examples. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-09-30 | This release incorporates the following changes: | +| | | +| | - Added description to indicate that the peer project ID needs to be configured when a tenant creates a VPC peering connection with the VPC of another tenant. | +| | - Modified description in sections "Adding a Security Group Rule" and "Deleting a Security Group Rule" based on changes made to the network console. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-08-30 | This release incorporates the following changes: | +| | | +| | - Added section "Managing Subnet Tags". | +| | - Added description about the VPC, subnet, and EIP tags. | +| | - Added section "Security Group Overview". | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-07-30 | This release incorporates the following changes: | +| | | +| | - Added description about how to enable shared SNAT on the management console. | +| | - Added section "Managing VPC Tags". | +| | - Added section "Managing EIP Tags". | +| | - Changed the number of routes allowed in a route table by default to **100**. | +| | - Updated procedures in sections "VPC and Subnet" and "Custom Route" based on changes made to the network console. | +| | - Added description about the multi-project feature. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-06-30 | This release incorporates the following change: | +| | | +| | - Added description about the virtual IP address feature. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-05-30 | This release incorporates the following change: | +| | | +| | - Added FAQ **How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC?** | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-04-28 | This release incorporates the following change: | +| | | +| | - Added description about how to add DNS server addresses during subnet information modification. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-03-30 | This release incorporates the following change: | +| | | +| | - Added description about the firewall function. | +| | - Added description about the shared SNAT function. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-28 | This release incorporates the following change: | +| | | +| | - Deleted description about the button for disabling the DHCP function. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-02-24 | This release incorporates the following change: | +| | | +| | - Added description about the VPC peering function. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2017-01-12 | This release incorporates the following change: | +| | | +| | - Added description about the custom route table function. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-10-19 | This release incorporates the following change: | +| | | +| | - Updated the Help Center URL of the VPN service. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-07-15 | This release incorporates the following changes: | +| | | +| | - Modified the VPN authentication algorithm. | +| | - Optimized the traffic metering function. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2016-03-14 | This issue is the first official release. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index 1ff3f9e..0015206 100644 --- a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -38,7 +38,7 @@ Assigning an EIP #. Set the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001117669274.png + .. figure:: /_static/images/en-us_image_0000001818823034.png :alt: **Figure 1** Assign EIP **Figure 1** Assign EIP @@ -81,27 +81,27 @@ Assigning an EIP .. table:: **Table 2** EIP tag requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirement | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | Ipv4_key1 | - | | - Must be unique for each EIP. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 3005eip | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirement | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | Ipv4_key1 | + | | - The key value must be unique for the same EIP. | | + | | - Can contain up to 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain up to 43 characters. | 3005eip | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ #. Click **Create Now**. @@ -115,14 +115,14 @@ Binding an EIP #. Select the instance that you want to bind the EIP to. - .. figure:: /_static/images/en-us_image_0000001166028070.png + .. figure:: /_static/images/en-us_image_0000001865662761.png :alt: **Figure 2** Bind EIP **Figure 2** Bind EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the internet can access the ECS that has an EIP bound in a VPC. For details, see `How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? `__ Follow-Up Procedure ------------------- @@ -131,9 +131,9 @@ After an ECS with an EIP bound is created, the system generates a domain name in You can use any of the following commands to obtain the domain name of an EIP: -- ping -a *EIP* +- ping -an *EIP* - nslookup [-qt=ptr] *EIP* - dig -x *EIP* -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/elastic_ip/exporting_eip_information.rst b/umn/source/elastic_ip/exporting_eip_information.rst index 0c4d6a1..4507b17 100644 --- a/umn/source/elastic_ip/exporting_eip_information.rst +++ b/umn/source/elastic_ip/exporting_eip_information.rst @@ -17,12 +17,11 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. -#. On the displayed page, click |image3| in the upper right corner of the EIP list. +#. On the EIP list page, select one or more EIPs and click **Export** in the upper left corner. - The system will automatically export all EIPs in the current region of your account to an Excel file and download the file to a local directory. + The system will automatically export all EIPs to an Excel file and download the file to a local directory. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png -.. |image3| image:: /_static/images/en-us_image_0233469196.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001649841616.png diff --git a/umn/source/elastic_ip/managing_eip_tags.rst b/umn/source/elastic_ip/managing_eip_tags.rst index e62d3a3..9d2e527 100644 --- a/umn/source/elastic_ip/managing_eip_tags.rst +++ b/umn/source/elastic_ip/managing_eip_tags.rst @@ -16,27 +16,27 @@ A tag consists of a key and value pair. :ref:`Table 1 **Elastic IP**. +#. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. -#. Click the search box above the EIP list. +#. In the search box above the EIP list, click anywhere in the box to set filters. -#. Select the tag key and value of the EIP. + Click the tag key and then the value as required. The system filters resources based on the tag you select. - You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for EIPs, the system will display only the EIPs that contain all of the tags you specified. + Click anywhere in the search box to add the next tag key and value. -#. Click **OK**. - - The system displays the EIPs you are looking for based on the entered tag keys and values. + You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for EIPs, the system will display only the EIPs that match all of the tags you specified. **Adding, deleting, editing, and viewing tags on the Tags tab of an EIP** #. Log in to the management console. #. Click |image3| in the upper left corner and select the desired region and project. -#. Click |image4| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image4| in the upper left corner, and choose **Network** > **Elastic IP**. #. On the displayed page, locate the EIP whose tags you want to manage, and click the EIP name. #. On the page showing EIP details, click the **Tags** tab and perform desired operations on tags. @@ -85,7 +83,7 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst b/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst index 25bd660..89c6bca 100644 --- a/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst +++ b/umn/source/elastic_ip/modifying_an_eip_bandwidth.rst @@ -21,7 +21,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. #. Locate the row that contains the target EIP in the EIP list, click **More** in the **Operation** column, and select **Modify Bandwidth**. @@ -31,5 +31,5 @@ Procedure #. Click **Submit**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst b/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst index 2db8bb8..9603ddd 100644 --- a/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst +++ b/umn/source/elastic_ip/unbinding_an_eip_from_an_ecs_and_releasing_the_eip.rst @@ -31,7 +31,7 @@ Procedure #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. #. On the displayed page, locate the row that contains the EIP, and click **Unbind**. #. Click **Yes** in the displayed dialog box. @@ -39,7 +39,7 @@ Procedure #. Log in to the management console. #. Click |image3| in the upper left corner and select the desired region and project. -#. Click |image4| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image4| in the upper left corner, and choose **Network** > **Elastic IP**. #. On the displayed page, locate the row that contains the target EIP, click **More** and then **Release** in the **Operation** column. #. Click **Yes** in the displayed dialog box. @@ -47,7 +47,7 @@ Procedure #. Log in to the management console. #. Click |image5| in the upper left corner and select the desired region and project. -#. Click |image6| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image6| in the upper left corner, and choose **Network** > **Elastic IP**. #. On the displayed page, select the EIPs to be unbound. #. Click the **Unbind** button located above the EIP list. #. Click **Yes** in the displayed dialog box. @@ -56,16 +56,16 @@ Procedure #. Log in to the management console. #. Click |image7| in the upper left corner and select the desired region and project. -#. Click |image8| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image8| in the upper left corner, and choose **Network** > **Elastic IP**. #. On the displayed page, select the EIPs to be released. #. Click the **Release** button located above the EIP list. #. Click **Yes** in the displayed dialog box. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001454059512.png -.. |image5| image:: /_static/images/en-us_image_0141273034.png -.. |image6| image:: /_static/images/en-us_image_0000001454059512.png -.. |image7| image:: /_static/images/en-us_image_0141273034.png -.. |image8| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001818982822.png +.. |image5| image:: /_static/images/en-us_image_0000001818982734.png +.. |image6| image:: /_static/images/en-us_image_0000001818982822.png +.. |image7| image:: /_static/images/en-us_image_0000001818982734.png +.. |image8| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/faq/bandwidth/index.rst b/umn/source/faq/bandwidth/index.rst index b35debe..beaf7b9 100644 --- a/umn/source/faq/bandwidth/index.rst +++ b/umn/source/faq/bandwidth/index.rst @@ -7,7 +7,7 @@ Bandwidth - :ref:`What Is the Bandwidth Size Range? ` - :ref:`What Bandwidth Types Are Available? ` -- :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` +- :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? ` .. toctree:: :maxdepth: 1 @@ -15,4 +15,4 @@ Bandwidth what_is_the_bandwidth_size_range what_bandwidth_types_are_available - what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around + what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth diff --git a/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst similarity index 64% rename from umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst rename to umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst index 0808781..e050014 100644 --- a/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around.rst +++ b/umn/source/faq/bandwidth/what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth.rst @@ -2,12 +2,12 @@ .. _faq_bandwidth_0003: -What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? -================================================================================================================================================================== +What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? +============================================================================== -A dedicated bandwidth can only be used by one EIP. An EIP can only be used by one cloud resource, such as an ECS, a NAT gateway, or a load balancer. +A dedicated bandwidth can only be used by one EIP that is bound to one cloud resource, such as an ECS, a NAT gateway, or a load balancer. -A shared bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your workloads. +A shared bandwidth can be shared by multiple EIPs. Adding an EIP to or removing an EIP from a shared bandwidth does not affect your services. A dedicated bandwidth cannot be changed to a shared bandwidth or the other way around. You can purchase a shared bandwidth for your EIPs. diff --git a/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst b/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst index 08d0a33..6419576 100644 --- a/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst +++ b/umn/source/faq/bandwidth/what_is_the_bandwidth_size_range.rst @@ -5,4 +5,4 @@ What Is the Bandwidth Size Range? ================================= -The bandwidth range is from 5 Mbit/s to 1000 Mbit/s. +The bandwidth range is from 5Mbit/s to 1000Mbit/s. diff --git a/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst b/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst index 31d064f..aee70fa 100644 --- a/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst +++ b/umn/source/faq/connectivity/how_does_an_ipv6_client_on_the_internet_access_the_ecs_that_has_an_eip_bound_in_a_vpc.rst @@ -13,7 +13,7 @@ After users who use IPv6 clients bind an IPv6 EIP to an ECS, the data flow is sh .. _vpc_faq_0076__fig1038524023539: -.. figure:: /_static/images/en-us_image_0118499144.png +.. figure:: /_static/images/en-us_image_0000001865662749.png :alt: **Figure 1** IPv6 data flow **Figure 1** IPv6 data flow diff --git a/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst b/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst index 10a3a59..852eaff 100644 --- a/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst +++ b/umn/source/faq/connectivity/why_are_internet_or_internal_domain_names_in_the_cloud_inaccessible_through_domain_names_when_my_ecs_has_multiple_nics.rst @@ -5,7 +5,7 @@ Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs? ======================================================================================================================= -When an ECS has more than one NIC, if different DNS server addresses are configured for the subnets used by the NICs, the ECS cannot access the Internet or domain names in the cloud. +When an ECS has more than one NIC, if different DNS server addresses are configured for the subnets used by the NICs, the ECS cannot access public websites or internal domain names in the cloud. You can resolve this issue by configuring the same DNS server address for the subnets used by the same ECS. You can perform the following steps to modify DNS server addresses of subnets in a VPC: diff --git a/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst b/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst index 41f8b40..0a9e35c 100644 --- a/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst +++ b/umn/source/faq/eips/can_i_bind_an_eip_to_multiple_ecss.rst @@ -7,4 +7,4 @@ Can I Bind an EIP to Multiple ECSs? Each EIP can be bound to only one ECS at a time. -Multiple ECSs cannot share the same EIP. An ECS and its bound EIP must be in the same region. If you want multiple ECSs in the same VPC to share an EIP, you have to use a NAT gateway. For more information, see `NAT Gateway User Guide `__. +Multiple ECSs cannot share the same EIP. An ECS and its EIP must be in the same region. To enable ECSs across AZs in a VPC to share an EIP, you can use a NAT gateway by referring to `NAT Gateway User Guide `__. diff --git a/umn/source/faq/eips/index.rst b/umn/source/faq/eips/index.rst index 939ebfa..6b55408 100644 --- a/umn/source/faq/eips/index.rst +++ b/umn/source/faq/eips/index.rst @@ -10,6 +10,7 @@ EIPs - :ref:`How Do I Access an ECS with an EIP Bound from the Internet? ` - :ref:`Can I Bind an EIP to a Cloud Resource in Another Region? ` - :ref:`Can I Change the Region of My EIP? ` +- :ref:`What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? ` .. toctree:: :maxdepth: 1 @@ -20,3 +21,4 @@ EIPs how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet can_i_bind_an_eip_to_a_cloud_resource_in_another_region can_i_change_the_region_of_my_eip + what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips diff --git a/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst b/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst new file mode 100644 index 0000000..d47b340 --- /dev/null +++ b/umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst @@ -0,0 +1,26 @@ +:original_name: en-us_topic_0000001818822858.html + +.. _en-us_topic_0000001818822858: + +What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? +=================================================================== + +:ref:`Table 1 ` lists the differences between **5_bgp**, **5_mailbgp**, and **5_gray** EIPs. + +.. _en-us_topic_0000001818822858__en-us_topic_0000001797977244_en-us_topic_0205159731_table1031220574471: + +.. table:: **Table 1** Differences between **5_bgp**, **5_mailbgp**, and **5_gray** EIPs + + +----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Dimension | 5_bgp EIP | 5_gray EIP | 5_mailbgp EIP | + +======================+=======================================================================================================+=====================================================================================================================================================+=======================================================================================================+ + | Application scenario | Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | 5_gray EIPs are no longer supported. | **5_mailbgp** EIPs are used together with port 25, 465, or 587 for email services. | + | | | | | + | | **5_bgp** EIPs can be bound to cloud resources except dedicated load balancers. | | | + +----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Differences | - Cannot be used for email services. | - Not suggested to be bound to dedicated or shared load balancers by default. | - Cannot be bound to dedicated load balancers. | + | | - Can be bound to dedicated and shared load balancers. | - Cannot be used for email services. | - Can be used for email services. | + +----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ + | Constraints | The selected EIP type cannot be changed after the EIP is assigned. | - In **eu-de**, existing **5_gray** EIPs cannot be bound to dedicated or shared load balancers. You can use **5_bgp** EIPs instead. | If you need an EIP of this type, contact the account administrator to grant the required permissions. | + | | | - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. | | + +----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/faq/eips/what_is_an_eip.rst b/umn/source/faq/eips/what_is_an_eip.rst index 2951d37..5a9470d 100644 --- a/umn/source/faq/eips/what_is_an_eip.rst +++ b/umn/source/faq/eips/what_is_an_eip.rst @@ -10,7 +10,7 @@ The Elastic IP (EIP) service enables your cloud resources to communicate with th Each EIP can be used by only one cloud resource at a time. -.. figure:: /_static/images/en-us_image_0209583952.png +.. figure:: /_static/images/en-us_image_0000001818823042.png :alt: **Figure 1** Accessing the Internet using an EIP **Figure 1** Accessing the Internet using an EIP diff --git a/umn/source/faq/general_questions/what_is_a_quota.rst b/umn/source/faq/general_questions/what_is_a_quota.rst index def4c97..df5d337 100644 --- a/umn/source/faq/general_questions/what_is_a_quota.rst +++ b/umn/source/faq/general_questions/what_is_a_quota.rst @@ -22,30 +22,30 @@ How Do I View My Quotas? #. In the upper right corner of the page, click |image2|. - The **Service Quota** page is displayed. + The **Quotas** page is displayed. -#. View the used and total quota of each type of resources on the displayed page. +#. On the **Quotas** page, view the used and total quotas of each type of resources. - If a quota cannot meet service requirements, apply for a higher quota. + If a quota cannot meet your needs, apply for a higher quota by performing the following operations. -How Do I Apply for a Higher Quota? ----------------------------------- +How Do I Increase My Quota? +--------------------------- -The system does not support online quota adjustment. If you need to adjust a quota, call the hotline or send an email to the customer service mailbox. Customer service personnel will timely process your request for quota adjustment and inform you of the real-time progress by making a call or sending an email. +The system does not support online quota adjustment. To adjust a quota, call the hotline or send an email to the customer service mailbox. Customer service personnel will timely process your request for quota adjustment and inform you of the real-time progress by making a call or sending an email. Before dialing the hotline number or sending an email, make sure that the following information has been obtained: -- Domain name, project name, and project ID, which can be obtained by performing the following operations: +- Domain name, project name, and project ID - Log in to the management console using the cloud account, click the username in the upper right corner, select **My Credentials** from the drop-down list, and obtain the domain name, project name, and project ID on the **My Credentials** page. + To obtain the preceding information, log in to the management console, click the username in the upper-right corner, and choose **My Credentials** from the drop-down list. - Quota information, which includes: - - Service name + - Service Name - Quota type - Required quota `Learn how to obtain the service hotline and email address. `__ -.. |image1| image:: /_static/images/en-us_image_0275513364.png -.. |image2| image:: /_static/images/en-us_image_0152727234.png +.. |image1| image:: /_static/images/en-us_image_0000001865663101.png +.. |image2| image:: /_static/images/en-us_image_0000001818823370.png diff --git a/umn/source/faq/routing/how_many_routes_can_a_route_table_contain.rst b/umn/source/faq/routing/how_many_routes_can_a_route_table_contain.rst deleted file mode 100644 index f5fa5de..0000000 --- a/umn/source/faq/routing/how_many_routes_can_a_route_table_contain.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0063.html - -.. _vpc_faq_0063: - -How Many Routes Can a Route Table Contain? -========================================== - -Currently, a route table can contain 100 routes. diff --git a/umn/source/faq/routing/how_many_routes_can_i_add_to_a_route_table.rst b/umn/source/faq/routing/how_many_routes_can_i_add_to_a_route_table.rst new file mode 100644 index 0000000..ebfc9d3 --- /dev/null +++ b/umn/source/faq/routing/how_many_routes_can_i_add_to_a_route_table.rst @@ -0,0 +1,8 @@ +:original_name: vpc_faq_0063.html + +.. _vpc_faq_0063: + +How Many Routes Can I Add to a Route Table? +=========================================== + +A maximum of 200 routes can be added to each route table. diff --git a/umn/source/faq/routing/index.rst b/umn/source/faq/routing/index.rst index c4ded72..f4bc2ce 100644 --- a/umn/source/faq/routing/index.rst +++ b/umn/source/faq/routing/index.rst @@ -5,7 +5,7 @@ Routing ======= -- :ref:`How Many Routes Can a Route Table Contain? ` +- :ref:`How Many Routes Can I Add to a Route Table? ` - :ref:`Are There Any Restrictions on Using a Route Table? ` - :ref:`Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC? ` - :ref:`Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC? ` @@ -14,7 +14,7 @@ Routing :maxdepth: 1 :hidden: - how_many_routes_can_a_route_table_contain + how_many_routes_can_i_add_to_a_route_table are_there_any_restrictions_on_using_a_route_table do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc diff --git a/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst b/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst new file mode 100644 index 0000000..2ebe9bc --- /dev/null +++ b/umn/source/faq/security/does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections.rst @@ -0,0 +1,24 @@ +:original_name: vpc_faq_0074.html + +.. _vpc_faq_0074: + +Does a Modified Security Group Rule or a Firewall Rule Take Effect Immediately for Existing Connections? +======================================================================================================== + +- Security groups use connection tracking to track traffic to and from instances. If an inbound rule is modified, the modified rule immediately takes effect for the existing traffic. Changes to outbound security group rules do not affect existing persistent connections and take effect only for new connections. + + If you add, modify, or delete a security group rule, or add or remove an instance to or from a security group, the inbound connections of all instances in the security group will be automatically cleared. + + - The existing inbound persistent connections will be disconnected. All the new connections will match the new rules. + - The existing outbound persistent connections will not be disconnected, and the original rule will still be applied. All the new connections will match the new rules. + +- Firewalls use connection tracking to track traffic to and from instances. Changes to inbound and outbound rules do not take effect immediately for the existing traffic. + + If you add, modify, or delete a firewall rule, or associate or disassociate a subnet with or from a firewall, all the inbound and outbound persistent connections will not be disconnected. New rules will only be applied for the new connections. + +.. important:: + + After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will apply when the timeout period (30s) expires. + + - The timeout period of connection tracking varies by protocol. The timeout period of a TCP connection in the established state is 600s, and that of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s. + - The timeout period of TCP connections varies by connection status. The timeout period of a TCP connection in the established state is 600s, and that of a TCP connection in the FIN-WAIT state is 30s. diff --git a/umn/source/faq/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst b/umn/source/faq/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst deleted file mode 100644 index 347adf9..0000000 --- a/umn/source/faq/security/does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified.rst +++ /dev/null @@ -1,9 +0,0 @@ -:original_name: vpc_faq_0074.html - -.. _vpc_faq_0074: - -Does a Security Group Rule or a Firewall Rule Immediately Take Effect for Existing Connections After It Is Modified? -==================================================================================================================== - -- Security groups are stateful. Responses to outbound traffic are allowed to go in to the instance regardless of inbound security group rules, and vice versa. Security groups use connection tracking to track traffic to and from instances. If a security group rule is added, deleted, or modified, or an instance in the security group is created or deleted, the connection tracking for all instances in the security group will be automatically cleared. In this case, the inbound or outbound traffic of the instance will be considered to be new connections, which need to match the inbound or outbound security group rules to ensure that the rules take effect immediately and ensure the security of incoming traffic. -- A modified firewall rule will not immediately take effect for its existing connections. It takes about 120 seconds for the new rule to take effect, and traffic will be interrupted during this period. To ensure that the traffic is immediately interrupted after the rule is changed, it is recommended that you configure security group rules. diff --git a/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst b/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst index 48dd160..7ada68a 100644 --- a/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst +++ b/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst @@ -18,7 +18,7 @@ You can configure port 69 and configure data channel ports used by TFTP for the The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100. -.. figure:: /_static/images/en-us_image_0000001796404809.png +.. figure:: /_static/images/en-us_image_0000001818823770.png :alt: **Figure 1** Security group rules **Figure 1** Security group rules diff --git a/umn/source/faq/security/index.rst b/umn/source/faq/security/index.rst index 7aaef8a..cbe924f 100644 --- a/umn/source/faq/security/index.rst +++ b/umn/source/faq/security/index.rst @@ -8,8 +8,8 @@ Security - :ref:`Why Can't I Delete a Security Group? ` - :ref:`Can I Change the Security Group of an ECS? ` - :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? ` -- :ref:`Does a Security Group Rule or a Firewall Rule Immediately Take Effect for Existing Connections After It Is Modified? ` -- :ref:`Which Security Group Rule Has Priority When Multiple Security Group Rules Conflict? ` +- :ref:`Does a Modified Security Group Rule or a Firewall Rule Take Effect Immediately for Existing Connections? ` +- :ref:`Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict? ` .. toctree:: :maxdepth: 1 @@ -18,5 +18,5 @@ Security why_cant_i_delete_a_security_group can_i_change_the_security_group_of_an_ecs how_do_i_configure_a_security_group_for_multi-channel_protocols - does_a_security_group_rule_or_a_firewall_rule_immediately_take_effect_for_existing_connections_after_it_is_modified - which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict + does_a_modified_security_group_rule_or_a_firewall_rule_take_effect_immediately_for_existing_connections + which_security_group_rule_has_a_high_priority_when_multiple_security_group_rules_conflict diff --git a/umn/source/faq/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst b/umn/source/faq/security/which_security_group_rule_has_a_high_priority_when_multiple_security_group_rules_conflict.rst similarity index 68% rename from umn/source/faq/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst rename to umn/source/faq/security/which_security_group_rule_has_a_high_priority_when_multiple_security_group_rules_conflict.rst index 0a37bad..e5dad49 100644 --- a/umn/source/faq/security/which_security_group_rule_has_priority_when_multiple_security_group_rules_conflict.rst +++ b/umn/source/faq/security/which_security_group_rule_has_a_high_priority_when_multiple_security_group_rules_conflict.rst @@ -2,7 +2,7 @@ .. _vpc_faq_0077: -Which Security Group Rule Has Priority When Multiple Security Group Rules Conflict? -=================================================================================== +Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict? +========================================================================================== Security group rules use the whitelist mechanism. If multiple security group rules conflict, the rules are aggregated to take effect. diff --git a/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst b/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst index 1f323f6..8ce4980 100644 --- a/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst +++ b/umn/source/faq/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst @@ -7,16 +7,16 @@ Can a VPC Peering Connection Connect VPCs in Different Regions? A VPC peering connection only can connect VPCs in the same region. -:ref:`Figure 1 ` shows an application scenario of VPC peering connections. +:ref:`Figure 1 ` shows an application scenario of VPC peering connections. - There are two VPCs (VPC-A and VPC-B) in region A that are not connected. - Service servers (ECS-A01 and ECS-A02) are in VPC-A, and database servers (RDS-B01 and RDS-B02) are in VPC-B. The service servers and database servers cannot communicate with each other. - You need to create a VPC peering connection (peering-AB) between VPC-A and VPC-B so the service servers and database servers can communicate with each other. -.. _faq_connection_0001__en-us_topic_0046655036_fig4721642193711: +.. _faq_connection_0001__en-us_topic_0118498905_fig4721642193711: -.. figure:: /_static/images/en-us_image_0000001512591549.png +.. figure:: /_static/images/en-us_image_0000001818983018.png :alt: **Figure 1** VPC peering connection network diagram **Figure 1** VPC peering connection network diagram diff --git a/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst index 3f105ce..e12d8e1 100644 --- a/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst +++ b/umn/source/faq/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst @@ -35,7 +35,7 @@ The issues here are described in order of how likely they are to occur. | | | | | | - The security group rules of the ECSs that need to communicate deny inbound traffic from each other. | | | | - The firewall of the ECS NIC blocks traffic. | | - | | - The network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. | | + | | - The firewall rules of the subnets connected by the VPC peering connection deny inbound traffic. | | | | - Check the policy-based routing configuration of an ECS with multiple NICs. | | +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ | 4 | ECS network failure | Refer to :ref:`ECS Network Failure `. | @@ -68,14 +68,14 @@ If the CIDR blocks of VPCs connected by a VPC peering connection overlap, the co .. _vpc_faq_0069__fig465519155457: -.. figure:: /_static/images/en-us_image_0000001254335981.png +.. figure:: /_static/images/en-us_image_0000001818982898.png :alt: **Figure 1** Networking diagram (IPv4) **Figure 1** Networking diagram (IPv4) .. _vpc_faq_0069__fig098452131910: -.. figure:: /_static/images/en-us_image_0000001209777270.png +.. figure:: /_static/images/en-us_image_0000001818983474.png :alt: **Figure 2** Networking diagram (IPv4) **Figure 2** Networking diagram (IPv4) @@ -84,7 +84,7 @@ If CIDR blocks of VPCs overlap and some of their subnets overlap, you can create .. _vpc_faq_0069__fig920231311415: -.. figure:: /_static/images/en-us_image_0000001209321492.png +.. figure:: /_static/images/en-us_image_0000001818823702.png :alt: **Figure 3** Networking diagram (IPv4) **Figure 3** Networking diagram (IPv4) @@ -106,7 +106,7 @@ If CIDR blocks of VPCs overlap and some of their subnets overlap, you can create Incorrect Route Configuration for Local and Peer VPCs ----------------------------------------------------- -Check the routes in the route tables of the local and peer VPCs by referring to :ref:`Viewing Routes Configured for a VPC Peering Connection `. :ref:`Table 4 ` lists the items that you need to check. +:ref:`Viewing Routes Configured for a VPC Peering Connection `. :ref:`Table 4 ` lists the items that you need to check. .. _vpc_faq_0069__table513212558272: @@ -119,7 +119,7 @@ Check the routes in the route tables of the local and peer VPCs by referring to | | | | | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Check the destinations of routes added to the route tables of the local and peer VPCs. | If the route destination is incorrect, change it by referring to :ref:`Modifying Routes Configured for a VPC Peering Connection `. | + | Check the destinations of routes added to the route tables of the local and peer VPCs. | If the route destination is incorrect, modify it by referring to :ref:`Modifying Routes Configured for a VPC Peering Connection `. | | | | | - In the route table of the local VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the peer VPC. | | | - In the route table of the peer VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the local VPC. | | @@ -134,18 +134,18 @@ Check the routes in the route tables of the local and peer VPCs by referring to Incorrect Network Configuration ------------------------------- -#. Check whether security group rules of the ECSs that need to communicate allow inbound traffic from each other by referring to :ref:`Viewing the Security Group of an ECS `. +#. Check whether the security group rules of the ECSs that need to communicate with each other are correctly configured. For details, see :ref:`Viewing the Security Group of an ECS `. - If the ECSs are associated with the same security group, you do not need to check their rules. - - If the ECSs are associated with different security groups, add an inbound rule to allow access from each other by referring to :ref:`Security Group Configuration Examples `. + - If the ECSs are in different security groups, you need to add inbound rules to allow access from the peer security group. For details, see :ref:`Security Group Configuration Examples `. #. Check whether the firewall of the ECS NIC blocks traffic. If the firewall blocks traffic, configure the firewall to allow inbound traffic. -#. Check whether network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. +#. Check whether firewall rules of the subnets connected by the VPC peering connection deny inbound traffic. - If the network ACL rules deny inbound traffic, configure the rules to allow the traffic. + If the firewall rules deny inbound traffic, configure the rules to allow the traffic. #. If an ECS has more than one NIC, check whether correct policy-based routing has been configured for the ECS and packets with different source IP addresses match their own routes from each NIC. @@ -172,14 +172,11 @@ ECS Network Failure ------------------- #. Log in to the ECS. - #. Check whether the ECS NIC has an IP address assigned. - Linux ECS: Use the **ifconfig** or **ip address** command to view the IP address of the NIC. - Windows ECS: In the search box, enter **cmd** and press **Enter**. In the displayed command prompt, run the **ipconfig** command. - If the ECS NIC has no IP address assigned, see - #. Check whether the subnet gateway of the ECS can be pinged. a. In the ECS list, click the ECS name. diff --git a/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst b/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst index ce92b9f..3ac800d 100644 --- a/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst +++ b/umn/source/faq/vpcs_and_subnets/what_is_virtual_private_cloud.rst @@ -5,12 +5,12 @@ What Is Virtual Private Cloud? ============================== -The Virtual Private Cloud (VPC) service enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. +Virtual Private Cloud (VPC) enables you to provision logically isolated virtual networks for Elastic Cloud Servers (ECSs), improving cloud resource security and simplifying network deployment. You can configure and manage the virtual networks as required. -Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. +Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also customize the ECS access rules within a security group and between security groups to enhance ECS security. -.. figure:: /_static/images/en-us_image_0209606948.png +.. figure:: /_static/images/en-us_image_0000001865663209.png :alt: **Figure 1** VPC components **Figure 1** VPC components diff --git a/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst index 8781a9e..81fe064 100644 --- a/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst +++ b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst @@ -107,7 +107,7 @@ Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You | | NOTICE: | | | | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | + | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs in this region and then delete this last VPC. | | | | | | | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` | +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index 1f20d28..1d37017 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -5,138 +5,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs ============================================================== -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - -#. Click **Create VPC**. - -#. On the **Create VPC** page, set parameters as prompted. - - A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. - - .. table:: **Table 1** VPC parameter descriptions - - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +=====================================+========================+=============================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Select the region nearest to you to ensure the lowest latency possible. | eu-de | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | - | | | | | - | | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If you do not specify this parameter, no additional NTP server IP addresses will be added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - - .. _en-us_topic_0017816228__en-us_topic_0013935842_table248245914136: - - .. table:: **Table 2** VPC tag key and value requirements - - +-----------------------+------------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+========================================================================+=======================+ - | Key | - Cannot be left blank. | vpc_key1 | - | | - Must be unique for each VPC and can be the same for different VPCs. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+------------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | vpc-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+------------------------------------------------------------------------+-----------------------+ - - .. _en-us_topic_0017816228__en-us_topic_0013935842_table6536185812515: - - .. table:: **Table 3** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **Create Now**. - - :ref:`Overview ` - :ref:`Step 1: Create a VPC ` - :ref:`Step 2: Create a Subnet for the VPC ` @@ -144,9 +12,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs - :ref:`Step 4: Create a Security Group ` - :ref:`Step 5: Add a Security Group Rule ` -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001520717193.png - .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst index e6c2375..95aa148 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/overview.rst @@ -9,7 +9,7 @@ If your ECSs need to access the Internet (for example, the ECSs functioning as t .. _vpc_qs_0022__fe457c1ec47c84d6fa3b87210d5b284eb: -.. figure:: /_static/images/en-us_image_0162332046.png +.. figure:: /_static/images/en-us_image_0000001818823006.png :alt: **Figure 1** Configuring the network **Figure 1** Configuring the network diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst index 99efccf..2bedc57 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ @@ -108,7 +114,7 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ | Value | - Can contain a maximum of 43 characters. | vpc-01 | | | - Can contain only the following character types: | | @@ -116,36 +122,36 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ .. _vpc_qs_0009__en-us_topic_0013935842_table6536185812515: .. table:: **Table 3** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ #. Click **Create Now**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001520717193.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663089.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst index 96ec641..43755ff 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst @@ -32,7 +32,7 @@ Procedure 6. Set the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001197228903.png + .. figure:: /_static/images/en-us_image_0000001818823514.png :alt: **Figure 1** Create Subnet **Figure 1** Create Subnet @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | @@ -68,38 +70,38 @@ Procedure +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | | | | | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0010__en-us_topic_0013748726_table42131827173915: + .. _vpc_qs_0010__en-us_topic_0013748726_table6536185812515: .. table:: **Table 2** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ 7. Click **OK**. @@ -116,5 +118,5 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254021.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983298.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst index b78cd70..741979c 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst @@ -38,7 +38,7 @@ Assigning an EIP #. Set the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001117669274.png + .. figure:: /_static/images/en-us_image_0000001818823034.png :alt: **Figure 1** Assign EIP **Figure 1** Assign EIP @@ -81,27 +81,27 @@ Assigning an EIP .. table:: **Table 2** EIP tag requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirement | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | Ipv4_key1 | - | | - Must be unique for each EIP. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 3005eip | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirement | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | Ipv4_key1 | + | | - The key value must be unique for the same EIP. | | + | | - Can contain up to 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain up to 43 characters. | 3005eip | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ #. Click **Create Now**. @@ -115,14 +115,14 @@ Binding an EIP #. Select the instance that you want to bind the EIP to. - .. figure:: /_static/images/en-us_image_0000001166028070.png + .. figure:: /_static/images/en-us_image_0000001865662761.png :alt: **Figure 2** Bind EIP **Figure 2** Bind EIP #. Click **OK**. -An IPv6 client on the Internet can access the ECS that has an EIP bound in a VPC. For details, see :ref:`How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? ` +An IPv6 client on the internet can access the ECS that has an EIP bound in a VPC. For details, see `How Does an IPv6 Client on the Internet Access the ECS That Has an EIP Bound in a VPC? `__ Follow-Up Procedure ------------------- @@ -131,9 +131,9 @@ After an ECS with an EIP bound is created, the system generates a domain name in You can use any of the following commands to obtain the domain name of an EIP: -- ping -a *EIP* +- ping -an *EIP* - nslookup [-qt=ptr] *EIP* - dig -x *EIP* -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst index f7cd93e..290395e 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst @@ -14,6 +14,61 @@ If your instances have different Internet access requirements, you can allocate Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group. +Security Group Templates +------------------------ + +The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. :ref:`Table 1 ` describes the security group templates. + +.. _vpc_qs_0012__en-us_topic_0013748715_table117828131111: + +.. table:: **Table 1** Security group templates + + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Template | Direction | Protocol/Port/Type | Source/Destination | Description | Application Scenario | + +============================+===========+==========================+====================+===================================================================================================================================+============================================================================================================================================================================================================================+ + | General-purpose web server | Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. | - Remotely log in to ECSs. | + | | | | | | - Use the ping command to test ECS connectivity. | + | | | | | | - ECSs functioning as web servers provide website access services. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | All ports open | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | Opening all ECS ports in a security group poses security risks. | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | 0.0.0.0/0 | Allows all IP addresses to access ECSs in the security group over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Fast-add rule | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | You can select protocols and ports that the inbound rule will apply to. | + | | | | | | | + | | | All (IPv6) | | | If you do not select any protocols and ports, no protocols and ports will be opened. After the security group is created, add required rules by referring to :ref:`Adding a Security Group Rule `. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | Custom port and protocol | 0.0.0.0/0 | Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | ::/0 | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Procedure --------- @@ -36,48 +91,46 @@ Procedure #. Configure the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001197426329.png + .. figure:: /_static/images/en-us_image_0000001865662885.png :alt: **Figure 1** Create Security Group **Figure 1** Create Security Group - .. table:: **Table 1** Parameter description + .. table:: **Table 2** Parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================================================================================+============================+ - | Name | Mandatory | sg-AB | - | | | | - | | Enter the security group name. | | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Enterprise Project | Mandatory | default | - | | | | - | | When creating a security group, you can add the security group to an enabled enterprise project. | | - | | | | - | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Template | Mandatory | General-purpose web server | - | | | | - | | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | | - | | | | - | | - **Custom**: This template allows you to create security groups with custom security group rules. | | - | | - **General-purpose web server** (default value): The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | - | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Description | Optional | N/A | - | | | | - | | Supplementary information about the security group. This parameter is optional. | | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+================================================================================================================================================================================================================================+============================+ + | Name | Mandatory | sg-AB | + | | | | + | | Enter the security group name. | | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | Mandatory | default | + | | | | + | | When creating a security group, you can add the security group to an enabled enterprise project. | | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | Mandatory | General-purpose web server | + | | | | + | | The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. | | + | | | | + | | :ref:`Table 1 ` describes the security group templates. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Optional | N/A | + | | | | + | | Supplementary information about the security group. This parameter is optional. | | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ #. Confirm the inbound and outbound rules of the template and click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054062.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582681.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index 35995f1..80c0e7a 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -58,44 +58,43 @@ Procedure You can click **+** to add more inbound rules. - .. figure:: /_static/images/en-us_image_0284920908.png + .. figure:: /_static/images/en-us_image_0000001865662817.png :alt: **Figure 1** Add Inbound Rule **Figure 1** Add Inbound Rule .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -110,46 +109,45 @@ Procedure You can click **+** to add more outbound rules. - .. figure:: /_static/images/en-us_image_0284993717.png + .. figure:: /_static/images/en-us_image_0000001865582629.png :alt: **Figure 2** Add Outbound Rule **Figure 2** Add Outbound Rule .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. The outbound rule list is displayed. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626734166.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823082.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst index 8bd2e53..645fcb7 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/overview.rst @@ -9,7 +9,7 @@ If your ECSs do not require Internet access or need to access the Internet using .. _vpc_qs_0004__fd87108563a6848bba1a0f0295fef3515: -.. figure:: /_static/images/en-us_image_0162329244.png +.. figure:: /_static/images/en-us_image_0000001818823762.png :alt: **Figure 1** Configuring the network **Figure 1** Configuring the network diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst index 697dc5e..67d42e6 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ @@ -108,7 +114,7 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ | Value | - Can contain a maximum of 43 characters. | vpc-01 | | | - Can contain only the following character types: | | @@ -116,36 +122,36 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ .. _vpc_qs_0005__en-us_topic_0013935842_table6536185812515: .. table:: **Table 3** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ #. Click **Create Now**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001520717193.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663089.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst index 7435a6c..7b38db0 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst @@ -32,7 +32,7 @@ Procedure 6. Set the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001197228903.png + .. figure:: /_static/images/en-us_image_0000001818823514.png :alt: **Figure 1** Create Subnet **Figure 1** Create Subnet @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | @@ -68,38 +70,38 @@ Procedure +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | | | | | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _vpc_qs_0006__en-us_topic_0013748726_table42131827173915: + .. _vpc_qs_0006__en-us_topic_0013748726_table6536185812515: .. table:: **Table 2** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ 7. Click **OK**. @@ -116,5 +118,5 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254021.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983298.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst index 325e7c6..2c6814e 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst @@ -36,48 +36,46 @@ Procedure #. Configure the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001197426329.png + .. figure:: /_static/images/en-us_image_0000001865662885.png :alt: **Figure 1** Create Security Group **Figure 1** Create Security Group .. table:: **Table 1** Parameter description - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================================================================================+============================+ - | Name | Mandatory | sg-AB | - | | | | - | | Enter the security group name. | | - | | | | - | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - | | | | - | | .. note:: | | - | | | | - | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Enterprise Project | Mandatory | default | - | | | | - | | When creating a security group, you can add the security group to an enabled enterprise project. | | - | | | | - | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Template | Mandatory | General-purpose web server | - | | | | - | | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | | - | | | | - | | - **Custom**: This template allows you to create security groups with custom security group rules. | | - | | - **General-purpose web server** (default value): The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | | - | | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ - | Description | Optional | N/A | - | | | | - | | Supplementary information about the security group. This parameter is optional. | | - | | | | - | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Description | Example Value | + +=======================+================================================================================================================================================================================================================================+============================+ + | Name | Mandatory | sg-AB | + | | | | + | | Enter the security group name. | | + | | | | + | | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + | | | | + | | .. note:: | | + | | | | + | | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Enterprise Project | Mandatory | default | + | | | | + | | When creating a security group, you can add the security group to an enabled enterprise project. | | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Template | Mandatory | General-purpose web server | + | | | | + | | The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. | | + | | | | + | | :ref:`Table 1 ` describes the security group templates. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ + | Description | Optional | N/A | + | | | | + | | Supplementary information about the security group. This parameter is optional. | | + | | | | + | | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ #. Confirm the inbound and outbound rules of the template and click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627054062.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582681.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 7061242..605931c 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -58,44 +58,43 @@ Procedure You can click **+** to add more inbound rules. - .. figure:: /_static/images/en-us_image_0284920908.png + .. figure:: /_static/images/en-us_image_0000001865662817.png :alt: **Figure 1** Add Inbound Rule **Figure 1** Add Inbound Rule .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -110,46 +109,45 @@ Procedure You can click **+** to add more outbound rules. - .. figure:: /_static/images/en-us_image_0284993717.png + .. figure:: /_static/images/en-us_image_0000001865582629.png :alt: **Figure 2** Add Outbound Rule **Figure 2** Add Outbound Rule .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. The outbound rule list is displayed. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626734166.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823082.png diff --git a/umn/source/glossary.rst b/umn/source/glossary.rst index 9133640..2f075c6 100644 --- a/umn/source/glossary.rst +++ b/umn/source/glossary.rst @@ -2,7 +2,7 @@ .. _vpc_faq_0106: -Glossary -======== +**Glossary** +============ -For details about the terms involved in this document, see `Glossary `__. +For details about the glossaries in this document, see `Glossary `__. diff --git a/umn/source/monitoring/creating_an_alarm_rule.rst b/umn/source/monitoring/creating_an_alarm_rule.rst index 5c86995..cfe6898 100644 --- a/umn/source/monitoring/creating_an_alarm_rule.rst +++ b/umn/source/monitoring/creating_an_alarm_rule.rst @@ -23,13 +23,19 @@ Procedure 5. On the **Alarm Rules** page, click **Create Alarm Rule** and set required parameters, or modify an existing alarm rule. + + .. figure:: /_static/images/en-us_image_0000001865898552.png + :alt: **Figure 1** Create an alarm rule + + **Figure 1** Create an alarm rule + 6. After the parameters are set, click **Create**. After the alarm rule is created, the system automatically notifies you if an alarm is triggered for the VPC service. .. note:: - For more information about alarm rules, see the *Cloud Eye User Guide*. + For more information about alarm rules, see `Cloud Eye User Guide `__. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675258889.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663473.png diff --git a/umn/source/monitoring/viewing_metrics.rst b/umn/source/monitoring/viewing_metrics.rst index e99b41c..ded9a8b 100644 --- a/umn/source/monitoring/viewing_metrics.rst +++ b/umn/source/monitoring/viewing_metrics.rst @@ -18,7 +18,7 @@ Procedure (**Elastic IP and Bandwidth** Console) #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. #. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. -#. On the **EIPs** page, search for the EIP, click **More** in the **Operation** column, and click **View Metric** to view the monitoring metric details. +#. On the **EIPs** page, locate the target EIP and click **View Metric** in the **Monitoring** column to view the monitoring metrics. #. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. #. On the **Shared Bandwidths** page, locate the shared bandwidth, click **More** in the **Operation** column, and click **View Metric** to view the monitoring metric details. @@ -32,7 +32,7 @@ Procedure (**Cloud Eye** Console) 4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. 5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001572300492.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001675418673.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663457.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001865663461.png diff --git a/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst index 25e9972..dca39b4 100644 --- a/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst +++ b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst @@ -18,7 +18,7 @@ If your cloud account meets your permissions requirements, you can skip this sec Prerequisites ------------- -Learn about the permissions (see :ref:`Permissions `) supported by VPC and choose policies or roles according to your requirements. +Before granting permissions to user groups, learn about permissions (:ref:`Permissions `) for VPC. To grant permissions for other services, learn about all `permissions `__ supported by IAM. @@ -27,7 +27,7 @@ Process Flow .. _permission_0003__fig1447123814172: -.. figure:: /_static/images/en-us_image_0171311823.png +.. figure:: /_static/images/en-us_image_0000001818823522.png :alt: **Figure 1** Process for granting VPC permissions **Figure 1** Process for granting VPC permissions @@ -40,5 +40,5 @@ Process Flow In the authorized region, perform the following operations: - - Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPCReadOnlyAccess** policy is in effect. - - Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPCReadOnlyAccess** policy is in effect. + - Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPC ReadOnlyAccess** policy is in effect. + - Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPC ReadOnlyAccess** policy is in effect. diff --git a/umn/source/route_tables/configuring_an_snat_server.rst b/umn/source/route_tables/configuring_an_snat_server.rst index 622ef19..a88d6d3 100644 --- a/umn/source/route_tables/configuring_an_snat_server.rst +++ b/umn/source/route_tables/configuring_an_snat_server.rst @@ -93,7 +93,7 @@ Procedure **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** - .. figure:: /_static/images/en-us_image_0214585308.png + .. figure:: /_static/images/en-us_image_0000001818983066.png :alt: **Figure 1** Configuring SNAT **Figure 1** Configuring SNAT @@ -122,7 +122,7 @@ Procedure .. _vpc_route_0004__en-us_topic_0212076959_fig8358771201535: - .. figure:: /_static/images/en-us_image_0214585309.png + .. figure:: /_static/images/en-us_image_0000001818823278.png :alt: **Figure 2** Verifying configuration **Figure 2** Verifying configuration @@ -133,5 +133,5 @@ Procedure After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001490118666.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582817.png diff --git a/umn/source/route_tables/index.rst b/umn/source/route_tables/index.rst index 68c4a94..5c95bff 100644 --- a/umn/source/route_tables/index.rst +++ b/umn/source/route_tables/index.rst @@ -6,17 +6,8 @@ Route Tables ============ - :ref:`Route Tables and Routes ` -- :ref:`Creating a Custom Route Table ` -- :ref:`Associating a Route Table with a Subnet ` -- :ref:`Changing the Route Table Associated with a Subnet ` -- :ref:`Viewing the Route Table Associated with a Subnet ` -- :ref:`Viewing Route Table Information ` -- :ref:`Exporting Route Table Information ` -- :ref:`Deleting a Route Table ` -- :ref:`Adding a Custom Route ` -- :ref:`Modifying a Route ` -- :ref:`Replicating a Route ` -- :ref:`Deleting a Route ` +- :ref:`Managing Route Tables ` +- :ref:`Managing Routes ` - :ref:`Configuring an SNAT Server ` .. toctree:: @@ -24,15 +15,6 @@ Route Tables :hidden: route_tables_and_routes - creating_a_custom_route_table - associating_a_route_table_with_a_subnet - changing_the_route_table_associated_with_a_subnet - viewing_the_route_table_associated_with_a_subnet - viewing_route_table_information - exporting_route_table_information - deleting_a_route_table - adding_a_custom_route - modifying_a_route - replicating_a_route - deleting_a_route + managing_route_tables/index + managing_routes/index configuring_an_snat_server diff --git a/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst b/umn/source/route_tables/managing_route_tables/associating_a_route_table_with_a_subnet.rst similarity index 88% rename from umn/source/route_tables/associating_a_route_table_with_a_subnet.rst rename to umn/source/route_tables/managing_route_tables/associating_a_route_table_with_a_subnet.rst index 7731dc7..577202a 100644 --- a/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst +++ b/umn/source/route_tables/managing_route_tables/associating_a_route_table_with_a_subnet.rst @@ -40,12 +40,12 @@ Procedure 6. Select the subnet to be associated. - .. figure:: /_static/images/en-us_image_0000001540846821.png + .. figure:: /_static/images/en-us_image_0000001865662969.png :alt: **Figure 1** Associate Subnet **Figure 1** Associate Subnet 7. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626735570.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983026.png diff --git a/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/managing_route_tables/changing_the_route_table_associated_with_a_subnet.rst similarity index 89% rename from umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst rename to umn/source/route_tables/managing_route_tables/changing_the_route_table_associated_with_a_subnet.rst index dbe8d59..bb9c056 100644 --- a/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst +++ b/umn/source/route_tables/managing_route_tables/changing_the_route_table_associated_with_a_subnet.rst @@ -31,5 +31,5 @@ Procedure After the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626575750.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823210.png diff --git a/umn/source/route_tables/creating_a_custom_route_table.rst b/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst similarity index 96% rename from umn/source/route_tables/creating_a_custom_route_table.rst rename to umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst index ff8a46f..d1d571a 100644 --- a/umn/source/route_tables/creating_a_custom_route_table.rst +++ b/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst @@ -31,7 +31,7 @@ Procedure 5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0214585306.png + .. figure:: /_static/images/en-us_image_0000001865582789.png :alt: **Figure 1** Create Route Table **Figure 1** Create Route Table @@ -66,5 +66,5 @@ Procedure b. Click **Associate Subnet** and select the target subnets to be associated. c. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627055454.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823254.png diff --git a/umn/source/route_tables/deleting_a_route_table.rst b/umn/source/route_tables/managing_route_tables/deleting_a_route_table.rst similarity index 89% rename from umn/source/route_tables/deleting_a_route_table.rst rename to umn/source/route_tables/managing_route_tables/deleting_a_route_table.rst index fde7885..81b8c28 100644 --- a/umn/source/route_tables/deleting_a_route_table.rst +++ b/umn/source/route_tables/managing_route_tables/deleting_a_route_table.rst @@ -36,5 +36,5 @@ Procedure 6. Click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675615337.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983042.png diff --git a/umn/source/route_tables/exporting_route_table_information.rst b/umn/source/route_tables/managing_route_tables/exporting_route_table_information.rst similarity index 63% rename from umn/source/route_tables/exporting_route_table_information.rst rename to umn/source/route_tables/managing_route_tables/exporting_route_table_information.rst index bb686e4..7ab2d11 100644 --- a/umn/source/route_tables/exporting_route_table_information.rst +++ b/umn/source/route_tables/managing_route_tables/exporting_route_table_information.rst @@ -23,10 +23,9 @@ Procedure 4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -5. On the displayed page, click |image3| in the upper right of the route table list. +5. In the route table list, select one or more route tables you want to export and click **Export** in the upper left corner. - The system will automatically export information about all route tables under your account in the current region as an Excel file to a local directory. + The system will automatically export information about all of your route tables as an Excel file to a local directory. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626895486.png -.. |image3| image:: /_static/images/en-us_image_0214585307.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582809.png diff --git a/umn/source/route_tables/managing_route_tables/index.rst b/umn/source/route_tables/managing_route_tables/index.rst new file mode 100644 index 0000000..1ebeba1 --- /dev/null +++ b/umn/source/route_tables/managing_route_tables/index.rst @@ -0,0 +1,26 @@ +:original_name: vpc_route01_0016.html + +.. _vpc_route01_0016: + +Managing Route Tables +===================== + +- :ref:`Creating a Custom Route Table ` +- :ref:`Associating a Route Table with a Subnet ` +- :ref:`Changing the Route Table Associated with a Subnet ` +- :ref:`Viewing the Route Table Associated with a Subnet ` +- :ref:`Viewing Route Table Information ` +- :ref:`Exporting Route Table Information ` +- :ref:`Deleting a Route Table ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_custom_route_table + associating_a_route_table_with_a_subnet + changing_the_route_table_associated_with_a_subnet + viewing_the_route_table_associated_with_a_subnet + viewing_route_table_information + exporting_route_table_information + deleting_a_route_table diff --git a/umn/source/route_tables/viewing_route_table_information.rst b/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst similarity index 65% rename from umn/source/route_tables/viewing_route_table_information.rst rename to umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst index 5642fed..94a6de1 100644 --- a/umn/source/route_tables/viewing_route_table_information.rst +++ b/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst @@ -32,7 +32,20 @@ Procedure The route table details page is displayed. a. On the **Summary** tab page, view the basic information and routes of the route table. + + + .. figure:: /_static/images/en-us_image_0000001866063864.png + :alt: **Figure 1** View the basic information and routes of the route table + + **Figure 1** View the basic information and routes of the route table + b. On the **Associated Subnets** tab page, view the subnets associated with the route table. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675415213.png + + .. figure:: /_static/images/en-us_image_0000001911853289.png + :alt: **Figure 2** View the subnets associated with the route table + + **Figure 2** View the subnets associated with the route table + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582825.png diff --git a/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst similarity index 64% rename from umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst rename to umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst index d10d0bf..bc69042 100644 --- a/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst +++ b/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst @@ -31,9 +31,21 @@ Procedure 6. In the right of the subnet details page, view the route table associated with the subnet. + + .. figure:: /_static/images/en-us_image_0000001911849797.png + :alt: **Figure 1** View the route table associated with a subnet + + **Figure 1** View the route table associated with a subnet + 7. Click the name of the route table. The route table details page is displayed. You can further view the route information. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675375297.png + + .. figure:: /_static/images/en-us_image_0000001911771617.png + :alt: **Figure 2** View the basic information and routes of the route table + + **Figure 2** View the basic information and routes of the route table + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582701.png diff --git a/umn/source/route_tables/adding_a_custom_route.rst b/umn/source/route_tables/managing_routes/adding_a_custom_route.rst similarity index 81% rename from umn/source/route_tables/adding_a_custom_route.rst rename to umn/source/route_tables/managing_routes/adding_a_custom_route.rst index 394b31a..b666c1d 100644 --- a/umn/source/route_tables/adding_a_custom_route.rst +++ b/umn/source/route_tables/managing_routes/adding_a_custom_route.rst @@ -35,7 +35,7 @@ Procedure You can click **+** to add more routes. - .. figure:: /_static/images/en-us_image_0000001540725521.png + .. figure:: /_static/images/en-us_image_0000001865582793.png :alt: **Figure 1** Add Route **Figure 1** Add Route @@ -45,6 +45,12 @@ Procedure +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | Parameter | Description | Example Value | +=======================+======================================================================================================================================================================+========================+ + | Destination Type | Mandatory | IP address | + | | | | + | | The destination can be: | | + | | | | + | | - IP address: single IP address or IP address range | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | Destination | Mandatory | IPv4: 192.168.0.0/16 | | | | | | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | @@ -70,5 +76,5 @@ Procedure 7. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675255405.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865662989.png diff --git a/umn/source/route_tables/deleting_a_route.rst b/umn/source/route_tables/managing_routes/deleting_a_route.rst similarity index 91% rename from umn/source/route_tables/deleting_a_route.rst rename to umn/source/route_tables/managing_routes/deleting_a_route.rst index 95d2d57..3a93828 100644 --- a/umn/source/route_tables/deleting_a_route.rst +++ b/umn/source/route_tables/managing_routes/deleting_a_route.rst @@ -45,5 +45,5 @@ Procedure 7. Confirm the information and click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675375405.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823286.png diff --git a/umn/source/route_tables/managing_routes/index.rst b/umn/source/route_tables/managing_routes/index.rst new file mode 100644 index 0000000..a023fed --- /dev/null +++ b/umn/source/route_tables/managing_routes/index.rst @@ -0,0 +1,20 @@ +:original_name: vpc_route01_0017.html + +.. _vpc_route01_0017: + +Managing Routes +=============== + +- :ref:`Adding a Custom Route ` +- :ref:`Modifying a Route ` +- :ref:`Replicating a Route ` +- :ref:`Deleting a Route ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + adding_a_custom_route + modifying_a_route + replicating_a_route + deleting_a_route diff --git a/umn/source/route_tables/modifying_a_route.rst b/umn/source/route_tables/managing_routes/modifying_a_route.rst similarity index 69% rename from umn/source/route_tables/modifying_a_route.rst rename to umn/source/route_tables/managing_routes/modifying_a_route.rst index 6d3aa4a..c0b34f1 100644 --- a/umn/source/route_tables/modifying_a_route.rst +++ b/umn/source/route_tables/managing_routes/modifying_a_route.rst @@ -37,33 +37,39 @@ Procedure .. table:: **Table 1** Parameter descriptions - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Parameter | Description | Example Value | - +=======================+======================================================================================================================================================================+========================+ - | Destination | Mandatory | IPv4: 192.168.0.0/16 | - | | | | - | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | - | | | | - | | The destination of each route in a route table must be unique. The destination cannot overlap with any subnet in the VPC. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop Type | Mandatory | VPC peering connection | - | | | | - | | Set the type of the next hop. | | - | | | | - | | .. note:: | | - | | | | - | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Next Hop | Mandatory | peer-AB | - | | | | - | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | Description | Optional | ``-`` | - | | | | - | | Enter the description of the route in the text box as required. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Item | Description | Example Value | + +=======================+======================================================================================================================================================================+=======================+ + | Destination Type | Mandatory | IP address | + | | | | + | | The destination can be: | | + | | | | + | | - **IP address**: Select this option if you want to enter an IP address or IP address range. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Mandatory | IPv4: 192.168.0.0/16 | + | | | | + | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | + | | | | + | | The destination of each route must be unique. The destination cannot overlap with any subnet CIDR block in the VPC. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Next Hop Type | Mandatory | VPC peering | + | | | | + | | Set the type of the next hop. | | + | | | | + | | .. note:: | | + | | | | + | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Next Hop | Mandatory | peer-AB | + | | | | + | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Optional | ``-`` | + | | | | + | | Enter the description of the route in the text box as required. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 8. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627055450.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823338.png diff --git a/umn/source/route_tables/replicating_a_route.rst b/umn/source/route_tables/managing_routes/replicating_a_route.rst similarity index 91% rename from umn/source/route_tables/replicating_a_route.rst rename to umn/source/route_tables/managing_routes/replicating_a_route.rst index 9537378..0434d91 100644 --- a/umn/source/route_tables/replicating_a_route.rst +++ b/umn/source/route_tables/managing_routes/replicating_a_route.rst @@ -13,11 +13,11 @@ This section describes how to replicate routes among all route tables of a VPC. Notes and Constraints --------------------- -:ref:`Table 1 ` shows whether routes of different types can be replicated to default or custom route tables. +:ref:`Table 1 ` shows whether routes of different types can be replicated to default or custom route tables. For example, if the next hop type of a route is a server, this route can be replicated to both default or custom route tables. If the next hop type of a route is a Direct Connect gateway, the route cannot be replicated to the default route table, but can be replicated to a custom route table. -.. _vpc_route01_0013__route_0001_table1727714140542: +.. _vpc_route01_0013__en-us_topic_0121831807_table1727714140542: .. table:: **Table 1** Route replication @@ -68,5 +68,5 @@ Procedure 7. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626735566.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823270.png diff --git a/umn/source/route_tables/route_tables_and_routes.rst b/umn/source/route_tables/route_tables_and_routes.rst index c7255a9..a797aae 100644 --- a/umn/source/route_tables/route_tables_and_routes.rst +++ b/umn/source/route_tables/route_tables_and_routes.rst @@ -11,7 +11,7 @@ Route Tables A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but you can associate multiple subnets with the same route table. -.. figure:: /_static/images/en-us_image_0000001650535960.png +.. figure:: /_static/images/en-us_image_0000001865662949.png :alt: **Figure 1** Route tables **Figure 1** Route tables @@ -49,11 +49,11 @@ You can add routes to default and custom route tables and configure the destinat - Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. - You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. You cannot add two routes with the same destination to a VPC route table even if their next hop types are different. The route priority depends on the destination. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. - .. _vpc_route01_0001__en-us_topic_0038263963_route_0001_table1727714140542: + .. _vpc_route01_0001__en-us_topic_0118498988_en-us_topic_0121831807_table1727714140542: .. table:: **Table 1** Next hop type @@ -66,8 +66,7 @@ You can add routes to default and custom route tables and configure the destinat | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | | | | - Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Default route table | - | | | - Custom route table | + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ @@ -96,7 +95,7 @@ Custom Route Table Configuration Process .. _vpc_route01_0001__en-us_topic_0212076956_fig16862186152219: -.. figure:: /_static/images/en-us_image_0214585341.png +.. figure:: /_static/images/en-us_image_0000001818823214.png :alt: **Figure 2** Route table configuration process **Figure 2** Route table configuration process diff --git a/umn/source/service_overview/basic_concepts/elastic_ip.rst b/umn/source/service_overview/basic_concepts/elastic_ip.rst index a7635e0..ca1722e 100644 --- a/umn/source/service_overview/basic_concepts/elastic_ip.rst +++ b/umn/source/service_overview/basic_concepts/elastic_ip.rst @@ -10,7 +10,7 @@ The Elastic IP (EIP) service enables your cloud resources to communicate with th Each EIP can be used by only one cloud resource at a time. -.. figure:: /_static/images/en-us_image_0209583952.png +.. figure:: /_static/images/en-us_image_0000001818823042.png :alt: **Figure 1** Accessing the Internet using an EIP **Figure 1** Accessing the Internet using an EIP diff --git a/umn/source/service_overview/basic_concepts/firewall.rst b/umn/source/service_overview/basic_concepts/firewall.rst index 7580aca..487970c 100644 --- a/umn/source/service_overview/basic_concepts/firewall.rst +++ b/umn/source/service_overview/basic_concepts/firewall.rst @@ -6,3 +6,11 @@ Firewall ======== A firewall is an optional layer of security for your subnets. After you associate one or more subnets with a firewall, you can control traffic in and out of the subnets. + + +.. figure:: /_static/images/en-us_image_0000001818982946.png + :alt: **Figure 1** Security groups and firewalls + + **Figure 1** Security groups and firewalls + +Similar to security groups, firewalls control access to subnets and add an additional layer of defense to your subnets. Security groups only have the "allow" rules, but firewalls have both "allow" and "deny" rules. You can use firewalls together with security groups to implement comprehensive and fine-grained access control. diff --git a/umn/source/service_overview/basic_concepts/index.rst b/umn/source/service_overview/basic_concepts/index.rst index 48b47af..429a336 100644 --- a/umn/source/service_overview/basic_concepts/index.rst +++ b/umn/source/service_overview/basic_concepts/index.rst @@ -14,7 +14,6 @@ Basic Concepts - :ref:`VPC Peering Connection ` - :ref:`Firewall ` - :ref:`Virtual IP Address ` -- :ref:`Region and AZ ` .. toctree:: :maxdepth: 1 @@ -29,4 +28,3 @@ Basic Concepts vpc_peering_connection firewall virtual_ip_address - region_and_az diff --git a/umn/source/service_overview/basic_concepts/route_table.rst b/umn/source/service_overview/basic_concepts/route_table.rst index 99cd92a..b04e658 100644 --- a/umn/source/service_overview/basic_concepts/route_table.rst +++ b/umn/source/service_overview/basic_concepts/route_table.rst @@ -11,7 +11,7 @@ Route Tables A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but you can associate multiple subnets with the same route table. -.. figure:: /_static/images/en-us_image_0000001650535960.png +.. figure:: /_static/images/en-us_image_0000001865662949.png :alt: **Figure 1** Route tables **Figure 1** Route tables @@ -28,7 +28,7 @@ A route table contains a set of routes that are used to determine where network Route ----- -You can add routes to default and custom route tables and configure the destination, next hop type, and next hop in the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes. +You can add routes to default and custom route tables and configure the destination type destination, next hop type, and next hop in the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes. - System routes: These routes are automatically added by the system and cannot be modified or deleted. @@ -49,11 +49,11 @@ You can add routes to default and custom route tables and configure the destinat - Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. - You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. You cannot add two routes with the same destination to a VPC route table even if their next hop types are different. The route priority depends on the destination. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. - .. _en-us_topic_0038263963__route_0001_table1727714140542: + .. _en-us_topic_0038263963__en-us_topic_0121831807_table1727714140542: .. table:: **Table 1** Next hop type @@ -66,8 +66,7 @@ You can add routes to default and custom route tables and configure the destinat | Extension NIC | Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC. | - Default route table | | | | - Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ - | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Default route table | - | | | - Custom route table | + | BMS user-defined network | Traffic intended for the destination is forwarded to a BMS user-defined network. Currently, this parameter is available only in eu-de. | - Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | VPN connection | Traffic intended for the destination is forwarded to a VPN gateway. | Custom route table | +--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ @@ -87,4 +86,4 @@ You can add routes to default and custom route tables and configure the destinat If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered. - For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN connection or Direct Connect gateway, you need to specify the remote subnet, that is, the destination of a route. In this case, the system delivers this system route. Do not modify the route destination on the **Route Tables** page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly. + For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN connection or Direct Connect gateway, you need to specify the remote subnet, that is, the destination of a route. In this case, the system delivers a system route. Do not modify the route destination on the **Route Tables** page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly. diff --git a/umn/source/service_overview/basic_concepts/security_group.rst b/umn/source/service_overview/basic_concepts/security_group.rst index 6955fd8..8a23e5c 100644 --- a/umn/source/service_overview/basic_concepts/security_group.rst +++ b/umn/source/service_overview/basic_concepts/security_group.rst @@ -5,7 +5,7 @@ Security Group ============== -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can configure access rules that will apply to all cloud resources added to this security group. Like whitelists, security group rules work as follows: @@ -23,9 +23,9 @@ Like whitelists, security group rules work as follows: ::/0 represents all IPv6 addresses. -:ref:`Table 1 ` uses custom security group sg-AB as an example to describe its inbound and outbound rules in detail. +:ref:`Table 1 ` uses custom security group sg-AB as an example to describe its inbound and outbound rules in detail. -.. _vpc_concepts_0005__en-us_topic_0073379079_table102261597217: +.. _vpc_concepts_0005__en-us_topic_0118534002_table102261597217: .. table:: **Table 1** Rules in security group sg-AB diff --git a/umn/source/service_overview/basic_concepts/shared_snat.rst b/umn/source/service_overview/basic_concepts/shared_snat.rst index 483ed29..7e5f4d3 100644 --- a/umn/source/service_overview/basic_concepts/shared_snat.rst +++ b/umn/source/service_overview/basic_concepts/shared_snat.rst @@ -11,25 +11,12 @@ The VPC service provides free SNAT function, which allows ECSs to use a limited .. _vpc_concepts_0010__f04fc5d5739d142e5b38d73f3746f6cad: -.. figure:: /_static/images/en-us_image_0118499140.png +.. figure:: /_static/images/en-us_image_0000001818983170.png :alt: **Figure 1** SNAT function **Figure 1** SNAT function - To enable shared SNAT using the API, refer to `Updating a Router `__ and set **enable_snat** to **true**. -- To enable shared SNAT on the management console: - - #. Log in to the management console. - - #. Click |image1| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - - #. On the **Virtual Private Cloud** page, locate the VPC for which shared SNAT is to be enabled, and click **Modify**. - - #. In the displayed dialog box, enable **Shared SNAT**. - - #. Click **OK**. After being configured for a VPC, shared SNAT takes effect for the whole VPC. If EIPs are bound to ECSs in a VPC for which shared SNAT is configured, Internet traffic is preferentially forwarded using the EIPs. If you want to prevent an ECS from connecting to the Internet, you can configure an outbound rule for the security group associated with the ECS. @@ -42,7 +29,7 @@ To prevent an ECS from connecting to the Internet but allow the ECS to access 19 After this rule is deleted, ECSs associated with this security group are not allowed to access any network, including the internal networks in the VPC of the ECSs. - .. figure:: /_static/images/en-us_image_0152667656.png + .. figure:: /_static/images/en-us_image_0000001865663121.png :alt: **Figure 2** Deleting the default outbound rule from the security group **Figure 2** Deleting the default outbound rule from the security group @@ -52,7 +39,7 @@ To prevent an ECS from connecting to the Internet but allow the ECS to access 19 The following shows the added outbound rule that allows the ECS to access the 192.168.10.0/24 CIDR block. - .. figure:: /_static/images/en-us_image_0152668782.png + .. figure:: /_static/images/en-us_image_0000001818823386.png :alt: **Figure 3** Adding an outbound rule for the security group **Figure 3** Adding an outbound rule for the security group @@ -63,5 +50,3 @@ To prevent an ECS from connecting to the Internet but allow the ECS to access 19 - A custom route enables ECSs to access the Internet through an SNAT server that has an EIP bound. The ECSs' access requests are routed to the SNAT server based on the route table. - Shared SNAT takes effect for the whole VPC by default, while a custom route takes effect for the VPC or subnet for which routes have been configured. - A custom route has a higher priority than a shared SNAT. - -.. |image1| image:: /_static/images/en-us_image_0000001675619157.png diff --git a/umn/source/service_overview/basic_concepts/subnet.rst b/umn/source/service_overview/basic_concepts/subnet.rst index d34d26a..46e2521 100644 --- a/umn/source/service_overview/basic_concepts/subnet.rst +++ b/umn/source/service_overview/basic_concepts/subnet.rst @@ -7,11 +7,11 @@ Subnet A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets. -- By default, all instances in different subnets of the same VPC can communicate with each other and the subnets can be located in different AZs. For example, VPC-A has subnet A01 in AZ A and subnet A02 in AZ B. Subnet A01 and subnet B01 can communicate with each other by default. +- By default, all instances in different subnets of the same VPC can communicate with each other. If you have a VPC with two subnets in it, they can communicate with each other by default. - After a subnet is created, its CIDR block cannot be modified. Subnets in the same VPC cannot overlap. - A subnet mask can be between the netmask of its VPC CIDR block and /29 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can between 16 to 29. + A subnet mask can be between the netmask of its VPC CIDR block and /29 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can be between 16 and 29. For example, if the CIDR block of VPC-A is 10.0.0.0/16, you can specify 10.0.0.0/24 for subnet A01, 10.0.1.0/24 for subnet A02, and 10.0.3.0/24 for subnet A03. diff --git a/umn/source/service_overview/basic_concepts/virtual_ip_address.rst b/umn/source/service_overview/basic_concepts/virtual_ip_address.rst index 3df9627..e78834d 100644 --- a/umn/source/service_overview/basic_concepts/virtual_ip_address.rst +++ b/umn/source/service_overview/basic_concepts/virtual_ip_address.rst @@ -5,9 +5,9 @@ Virtual IP Address ================== -A virtual IP address can be shared among multiple ECSs. An ECS can have both private and virtual IP addresses, and you can access the ECS through either IP address. A virtual IP address has the same network access capabilities as a private IP address, including layer 2 and layer 3 communication in VPCs, access between VPCs using VPC peering connections, as well as access through EIPs, VPN connections, and Direct Connect connections. +You can use either IP address to enable layer 2 and layer 3 communications in a VPC, access a different VPC using peering connections, and access cloud servers through EIPs, Direct Connect connections, and VPN connections. -You can bind ECSs deployed in active/standby mode with the same virtual IP address, and then bind an EIP to the virtual IP address. Virtual IP addresses can work together with Keepalived to ensure high availability and disaster recovery. If the active ECS is faulty, the standby ECS automatically takes over services from the active one. +You can bind a virtual IP address to ECSs deployed in the active/standby pair, and then bind an EIP to the virtual IP address. Virtual IP addresses can work together with Keepalived to ensure high availability and disaster recovery. If the active ECS is faulty, the standby ECS automatically takes over services from the active one. Networking ---------- @@ -16,7 +16,7 @@ Virtual IP addresses are used for high availability and can work together with K - **Networking mode 1**: HA - If you want to improve service availability and avoid single points of failure, you can deploy ECSs in the active/standby mode or deploy one active ECS and multiple standby ECSs. In this arrangement, the ECSs all use the same virtual IP address. If the active ECS becomes faulty, a standby ECS takes over services from the active ECS and services continue uninterrupted. + To improve service availability and eliminate single points of failure, you can deploy ECSs in the active/standby pair or deploy one active ECS and multiple standby ECSs. And then, you can bind the same virtual IP address to these ECSs. If the active ECS becomes faulty, a standby ECS takes over services from the active ECS and services continue uninterrupted. .. figure:: /_static/images/en-us_image_0209608153.png @@ -24,8 +24,8 @@ Virtual IP addresses are used for high availability and can work together with K **Figure 1** Networking diagram of the HA mode - - In this configuration, a single virtual IP address is bound to two ECSs in the same subnet. - - Keepalived is then used to configure the two ECSs to work in the active/standby mode. Follow industry standards for configuring Keepalived. The details are not included here. + - As shown in the above figure, bind a virtual IP address to two ECSs in the same subnet. + - Configure Keepalived for the two ECSs to work in the active/standby pair. Follow industry standards for configuring Keepalived. The details are not included here. - **Networking mode 2**: HA load balancing cluster @@ -38,7 +38,7 @@ Virtual IP addresses are used for high availability and can work together with K **Figure 2** HA load balancing cluster - Bind a single virtual IP address to two ECSs. - - Configure the two ECSs as LVS nodes working as direct routers and use Keepalived to configure the nodes in the active/standby mode. The two ECSs will evenly forward requests to different backend servers. + - Configure the two ECSs as LVS nodes working as direct routers and use Keepalived to configure the nodes in the active/standby pair. The two ECSs will evenly forward requests to different backend servers. - Configure two more ECSs as backend servers. - Disable the source/destination check for the two backend servers. @@ -53,4 +53,4 @@ Application Scenarios - Using a VPN, Direct Connect, or VPC peering connection to access a virtual IP address - To ensure high availability and access to the Internet, use a VPN for security and Direct Connect for a stable connection. The VPC peering connection is needed so that the VPCs in the same region can communicate with each other. + To ensure high availability and access to the Internet, use a VPN for security and Direct Connect for a stable connection. A VPC peering connection is needed so that two VPCs in the same region can communicate with each other. diff --git a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst index 6abc9dc..035926a 100644 --- a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst +++ b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst @@ -18,7 +18,7 @@ A VPC peering connection is a networking connection that connects two VPCs for t .. _vpc_concepts_0011__en-us_topic_0046655036_fig4721642193711: -.. figure:: /_static/images/en-us_image_0000001512591549.png +.. figure:: /_static/images/en-us_image_0000001818983018.png :alt: **Figure 1** VPC peering connection network diagram **Figure 1** VPC peering connection network diagram diff --git a/umn/source/service_overview/document_usage_instructions.rst b/umn/source/service_overview/document_usage_instructions.rst index dbf573e..8993d76 100644 --- a/umn/source/service_overview/document_usage_instructions.rst +++ b/umn/source/service_overview/document_usage_instructions.rst @@ -10,4 +10,4 @@ Instructions for using this document are as follows: - To facilitate your operations, the management console may provide more than one way for you to perform a task or an operation. This document describes only the main way. - You can click |image1| next to some parameter values to quickly edit the values. This document does not describe this function. -.. |image1| image:: /_static/images/en-us_image_0157880395.png +.. |image1| image:: /_static/images/en-us_image_0000001818823038.png diff --git a/umn/source/service_overview/index.rst b/umn/source/service_overview/index.rst index 13643f5..f3d439a 100644 --- a/umn/source/service_overview/index.rst +++ b/umn/source/service_overview/index.rst @@ -12,6 +12,7 @@ Service Overview - :ref:`VPC and Other Services ` - :ref:`Permissions ` - :ref:`Basic Concepts ` +- :ref:`Region and AZ ` - :ref:`Document Usage Instructions ` .. toctree:: @@ -25,4 +26,5 @@ Service Overview vpc_and_other_services permissions basic_concepts/index + region_and_az document_usage_instructions diff --git a/umn/source/service_overview/permissions.rst b/umn/source/service_overview/permissions.rst index 905be36..632ddad 100644 --- a/umn/source/service_overview/permissions.rst +++ b/umn/source/service_overview/permissions.rst @@ -18,7 +18,7 @@ VPC Permissions New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned. -VPC is a project-level service deployed for specific regions. When you set **Scope** to **Region-specific projects** and select the specified projects in the specified regions , the users only have permissions for VPCs in the selected projects. If you set **Scope** to **All resources**, users have permissions for VPCs in all region-specific projects. When accessing VPCs, the users need to switch to the authorized region. +VPC is a project-level service deployed for specific regions. When you set **Scope** to **Region-specific projects** and select the specified projects in the specified regions, the users only have permissions for VPCs in the selected projects. If you set **Scope** to **All resources**, users have permissions for VPCs in all region-specific projects. When accessing VPCs, the users need to switch to the authorized region. You can grant permissions by using roles and policies. diff --git a/umn/source/service_overview/product_advantages.rst b/umn/source/service_overview/product_advantages.rst index 9cd020d..8c87f86 100644 --- a/umn/source/service_overview/product_advantages.rst +++ b/umn/source/service_overview/product_advantages.rst @@ -16,7 +16,7 @@ Secure and Reliable VPCs are logically isolated through tunneling technologies. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect ECSs. They add additional layers of security to your VPCs, so your network is secure. -.. figure:: /_static/images/en-us_image_0209577986.png +.. figure:: /_static/images/en-us_image_0000001818983218.png :alt: **Figure 1** Secure and Reliable **Figure 1** Secure and Reliable @@ -44,15 +44,15 @@ Advantage Comparison .. table:: **Table 1** Comparison between a VPC and a traditional IDC - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Item | VPC | Traditional IDC | - +=======================+=================================================================================================================================================================================================================+===============================================================================================================================================================================================================================================+ - | Deployment cycle | - You do not need to perform complex engineering deployment, including engineering planning and cabling. | You need to set up networks and perform tests. The entire process takes a long time and requires professional technical support. | - | | - You can determine your networks, subnets, and routes on based on service requirements. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Total cost | provides flexible billing modes for network services. You can select whichever one best fits your business needs. There are no upfront costs and network O&M costs, reducing the total cost of ownership (TCO). | You need to invest heavily in equipment rooms, power supply, construction, and hardware materials. You also need professional O&M teams to ensure network security. Asset management costs increase with any change in business requirements. | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Flexibility | provides a variety of network services for you to choose from. If you need more network resources (for instance, if you need more bandwidth), you can expand resources on the fly. | You have to strictly comply with the network plan to complete the service deployment. If there are changes in your service requirements, it is difficult to dynamically adjust the network. | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Security | VPCs are logically isolated from each other. You can use security features such as network ACLs and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Item | VPC | Traditional IDC | + +=======================+===========================================================================================================================================================================================================================+===============================================================================================================================================================================================================================================+ + | Deployment cycle | - You do not need to perform complex engineering deployment, including engineering planning and cabling. | You need to set up networks and perform tests. The entire process takes a long time and requires professional technical support. | + | | - You can determine your networks, subnets, and routes on the cloud based on service requirements. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Total cost | The cloud provides flexible billing modes for network services. You can select whichever one best fits your business needs. There are no upfront costs and network O&M costs, reducing the total cost of ownership (TCO). | You need to invest heavily in equipment rooms, power supply, construction, and hardware materials. You also need professional O&M teams to ensure network security. Asset management costs increase with any change in business requirements. | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Flexibility | The cloud provides a variety of network services for you to choose from. If you need more network resources (for instance, if you need more bandwidth), you can expand resources on the fly. | You have to strictly comply with the network plan to complete the service deployment. If there are changes in your service requirements, it is difficult to dynamically adjust the network. | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Security | VPCs are logically isolated from each other. You can use security features such as firewalls and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/basic_concepts/region_and_az.rst b/umn/source/service_overview/region_and_az.rst similarity index 100% rename from umn/source/service_overview/basic_concepts/region_and_az.rst rename to umn/source/service_overview/region_and_az.rst diff --git a/umn/source/service_overview/what_is_virtual_private_cloud.rst b/umn/source/service_overview/what_is_virtual_private_cloud.rst index b8a313c..45e55a8 100644 --- a/umn/source/service_overview/what_is_virtual_private_cloud.rst +++ b/umn/source/service_overview/what_is_virtual_private_cloud.rst @@ -13,7 +13,7 @@ The Virtual Private Cloud (VPC) service enables you to provision logically isola Within your own VPC, you can create security groups and VPNs, configure IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also define rules to control communications between ECSs in the same security group or in different security groups. -.. figure:: /_static/images/en-us_image_0209606948.png +.. figure:: /_static/images/en-us_image_0000001865663209.png :alt: **Figure 1** VPC components **Figure 1** VPC components diff --git a/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst index e42c400..5361a29 100644 --- a/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst @@ -23,23 +23,19 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +3. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. -5. In the shared bandwidth list, locate the row that contains the shared bandwidth that you want to add EIPs to. In the **Operation** column, choose **Add EIP**, and select the EIPs to be added. - - .. note:: - - - After an EIP is added to a shared bandwidth, the dedicated bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth. The EIP's dedicated bandwidth will be deleted and will no longer be billed. +5. In the shared bandwidth list, locate the target shared bandwidth that you want to add EIPs to. In the **Operation** column, choose **Add Public IP Address**, and select the EIPs or IPv6 addresses to be added. - .. figure:: /_static/images/en-us_image_0000001211006359.png - :alt: **Figure 1** Add EIP + .. figure:: /_static/images/en-us_image_0000001832479012.png + :alt: **Figure 1** Adding EIPs or IPv6 addresses - **Figure 1** Add EIP + **Figure 1** Adding EIPs or IPv6 addresses 6. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst index 444ee65..7203533 100644 --- a/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst @@ -17,14 +17,14 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +#. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. #. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. #. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001163949251.png + .. figure:: /_static/images/en-us_image_0000001865582577.png :alt: **Figure 1** Assigning Shared Bandwidth **Figure 1** Assigning Shared Bandwidth @@ -47,5 +47,5 @@ Procedure #. Click **Assign Now**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst index 0ddff4a..5a1b7f1 100644 --- a/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst @@ -22,11 +22,11 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +3. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. 5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to delete, click **More** in the **Operation** column, and then click **Delete**. 6. In the displayed dialog box, click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/shared_bandwidth/exporting_shared_bandwidths.rst b/umn/source/shared_bandwidth/exporting_shared_bandwidths.rst new file mode 100644 index 0000000..4b03c0c --- /dev/null +++ b/umn/source/shared_bandwidth/exporting_shared_bandwidths.rst @@ -0,0 +1,21 @@ +:original_name: vpc010010.html + +.. _vpc010010: + +Exporting Shared Bandwidths +=========================== + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. + +4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. + +5. On the shared bandwidth list page, select one or more shared bandwidths and click **Export** in the upper left corner. + + The system will automatically export information about all of your shared bandwidths as an Excel file to a local directory. + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/shared_bandwidth/index.rst b/umn/source/shared_bandwidth/index.rst index 0fd79c8..705c190 100644 --- a/umn/source/shared_bandwidth/index.rst +++ b/umn/source/shared_bandwidth/index.rst @@ -11,6 +11,7 @@ Shared Bandwidth - :ref:`Removing EIPs from a Shared Bandwidth ` - :ref:`Modifying a Shared Bandwidth ` - :ref:`Deleting a Shared Bandwidth ` +- :ref:`Exporting Shared Bandwidths ` .. toctree:: :maxdepth: 1 @@ -22,3 +23,4 @@ Shared Bandwidth removing_eips_from_a_shared_bandwidth modifying_a_shared_bandwidth deleting_a_shared_bandwidth + exporting_shared_bandwidths diff --git a/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst index 4f9d738..d50f660 100644 --- a/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/modifying_a_shared_bandwidth.rst @@ -17,14 +17,14 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +3. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. 5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to modify, click **Modify Bandwidth** in the **Operation** column, and modify the bandwidth settings. - .. figure:: /_static/images/en-us_image_0000001117669524.png + .. figure:: /_static/images/en-us_image_0000001818823830.png :alt: **Figure 1** Modify Bandwidth **Figure 1** Modify Bandwidth @@ -33,5 +33,5 @@ Procedure 7. Click **Submit**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818982822.png diff --git a/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst index 3f473b1..19942da 100644 --- a/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/removing_eips_from_a_shared_bandwidth.rst @@ -17,19 +17,19 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. +3. Click |image2| in the upper left corner, and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. -5. In the shared bandwidth list, locate the row that contains the bandwidth from which EIPs are to be removed, choose **More** > **Remove EIP** in the **Operation** column, and select the EIPs to be removed in the displayed dialog box. +5. In the shared bandwidth list, locate the target bandwidth from which you want to remove EIPs, choose **More** > **Remove Public IP Address** in the **Operation** column, and select the EIPs or IPv6 addresses to be removed in the displayed dialog box. - .. figure:: /_static/images/en-us_image_0000001211445065.png - :alt: **Figure 1** Remove EIP + .. figure:: /_static/images/en-us_image_0000001879005797.png + :alt: **Figure 1** Removing EIPs or IPv6 addresses - **Figure 1** Remove EIP + **Figure 1** Removing EIPs or IPv6 addresses 6. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001649841616.png diff --git a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst index c3ea821..aa30bf3 100644 --- a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -27,6 +27,12 @@ Procedure #. Click the **IP Addresses** tab and click **Assign Virtual IP Address**. + + .. figure:: /_static/images/en-us_image_0000001866046474.png + :alt: **Figure 1** Assign a virtual IP address + + **Figure 1** Assign a virtual IP address + #. Select an IP address type. This parameter is available only in regions supporting IPv6. - IPv4 @@ -43,5 +49,5 @@ Procedure You can then query the assigned virtual IP address in the IP address list. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626897562.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663157.png diff --git a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst index a10a09a..ea899c8 100644 --- a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip.rst @@ -32,5 +32,5 @@ Procedure #. In the virtual IP address list, select the virtual IP address to be bound and click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626578706.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582665.png diff --git a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst index 2a394b3..a37459a 100644 --- a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -15,7 +15,7 @@ If you bind a virtual IP address to ECSs that work in active/standby pairs and b Notes and Constraints --------------------- -- Each virtual IP address can be bound to only one EIP. +- A virtual IP address can only be bound to one EIP. Binding a Virtual IP Address to an EIP or ECS on the Console ------------------------------------------------------------ @@ -61,7 +61,7 @@ Configuring a Virtual IP Address for an ECS Manually configure the virtual IP address bound to an ECS. -This following OSs are used as examples here. For other OSs, see the help documents on their official websites. +The following OSs are used as examples here. For other OSs, see the help documents on their official websites. - Linux: CentOS 7.2 64bit and Ubuntu 22.04 server 64bit - Windows: Windows Server @@ -138,7 +138,7 @@ This following OSs are used as examples here. For other OSs, see the help docume **Linux (Ubuntu 22.04 server 64bit is used as an example.)** -If an ECS runs Ubuntu 22 or Ubuntu 20, perform the following operations: +For Ubuntu 22 or Ubuntu 20 ECSs, perform the following operations: #. Obtain the NIC that the virtual IP address is to be bound: @@ -251,7 +251,7 @@ If an ECS runs Ubuntu 22 or Ubuntu 20, perform the following operations: #. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. - .. figure:: /_static/images/en-us_image_0000001179761510.png + .. figure:: /_static/images/en-us_image_0000001818823142.png :alt: **Figure 1** Configuring private IP address **Figure 1** Configuring private IP address @@ -263,7 +263,7 @@ If an ECS runs Ubuntu 22 or Ubuntu 20, perform the following operations: Add the virtual IP address, for example, 10.0.0.154. - .. figure:: /_static/images/en-us_image_0000001225081545.png + .. figure:: /_static/images/en-us_image_0000001818982934.png :alt: **Figure 2** Configuring virtual IP address **Figure 2** Configuring virtual IP address @@ -276,8 +276,8 @@ If an ECS runs Ubuntu 22 or Ubuntu 20, perform the following operations: In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626738526.png -.. |image3| image:: /_static/images/en-us_image_0000001281210233.png -.. |image4| image:: /_static/images/en-us_image_0000001237328110.png -.. |image5| image:: /_static/images/en-us_image_0000001237013856.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582673.png +.. |image3| image:: /_static/images/en-us_image_0000001818982930.png +.. |image4| image:: /_static/images/en-us_image_0000001865582677.png +.. |image5| image:: /_static/images/en-us_image_0000001818823138.png diff --git a/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst b/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst index 6b1756c..026839d 100644 --- a/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst +++ b/umn/source/virtual_ip_address/disabling_source_and_destination_check_ha_load_balancing_cluster_scenario.rst @@ -21,5 +21,5 @@ Procedure #. Click the IP address to view the NIC details. #. Check that **Source/Destination Check** is disabled. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001681512581.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983486.png diff --git a/umn/source/virtual_ip_address/index.rst b/umn/source/virtual_ip_address/index.rst index 92b626f..107a1bd 100644 --- a/umn/source/virtual_ip_address/index.rst +++ b/umn/source/virtual_ip_address/index.rst @@ -9,14 +9,14 @@ Virtual IP Address - :ref:`Assigning a Virtual IP Address ` - :ref:`Binding a Virtual IP Address to an EIP or ECS ` - :ref:`Binding a Virtual IP Address to an EIP ` -- :ref:`Using a VPN to Access a Virtual IP Address ` -- :ref:`Using a Direct Connect Connection to Access the Virtual IP Address ` -- :ref:`Using a VPC Peering Connection to Access the Virtual IP Address ` -- :ref:`Disabling IP Forwarding on the Standby ECS ` -- :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) ` - :ref:`Unbinding a Virtual IP Address from an Instance ` - :ref:`Unbinding a Virtual IP Address from an EIP ` - :ref:`Releasing a Virtual IP Address ` +- :ref:`Disabling IP Forwarding on the Standby ECS ` +- :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) ` +- :ref:`Using a VPN to Access a Virtual IP Address ` +- :ref:`Using a Direct Connect Connection to Access the Virtual IP Address ` +- :ref:`Using a VPC Peering Connection to Access the Virtual IP Address ` .. toctree:: :maxdepth: 1 @@ -26,11 +26,11 @@ Virtual IP Address assigning_a_virtual_ip_address binding_a_virtual_ip_address_to_an_eip_or_ecs binding_a_virtual_ip_address_to_an_eip - using_a_vpn_to_access_a_virtual_ip_address - using_a_direct_connect_connection_to_access_the_virtual_ip_address - using_a_vpc_peering_connection_to_access_the_virtual_ip_address - disabling_ip_forwarding_on_the_standby_ecs - disabling_source_and_destination_check_ha_load_balancing_cluster_scenario unbinding_a_virtual_ip_address_from_an_instance unbinding_a_virtual_ip_address_from_an_eip releasing_a_virtual_ip_address + disabling_ip_forwarding_on_the_standby_ecs + disabling_source_and_destination_check_ha_load_balancing_cluster_scenario + using_a_vpn_to_access_a_virtual_ip_address + using_a_direct_connect_connection_to_access_the_virtual_ip_address + using_a_vpc_peering_connection_to_access_the_virtual_ip_address diff --git a/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst index 3f65990..8e7a1d0 100644 --- a/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst @@ -22,7 +22,7 @@ If you want to release a virtual IP address that is being used by a resource, re +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | Prompts | Cause Analysis and Solution | +===================================================================================================================================+=====================================================================================================================================+ - | This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being by an EIP or an ECS. | + | This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being used by an EIP or an ECS. | | | | | | Unbind the virtual IP address first. | | | | @@ -55,5 +55,5 @@ Procedure #. Confirm the information and click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675378241.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983414.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst index 7b0881d..9ee811a 100644 --- a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst @@ -39,5 +39,5 @@ Procedure #. Confirm the information and click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675258381.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823302.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst index 44b9790..a59c636 100644 --- a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst @@ -34,7 +34,7 @@ Procedure The virtual IP address list is displayed. - .. figure:: /_static/images/en-us_image_0000001570070841.png + .. figure:: /_static/images/en-us_image_0000001818982758.png :alt: **Figure 1** Virtual IP addresses **Figure 1** Virtual IP addresses @@ -53,5 +53,5 @@ Procedure c. Confirm the information and click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675618277.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865662721.png diff --git a/umn/source/virtual_ip_address/virtual_ip_address_overview.rst b/umn/source/virtual_ip_address/virtual_ip_address_overview.rst index ea261d6..8bd296b 100644 --- a/umn/source/virtual_ip_address/virtual_ip_address_overview.rst +++ b/umn/source/virtual_ip_address/virtual_ip_address_overview.rst @@ -24,7 +24,7 @@ Virtual IP addresses are used for high availability and can work together with K If you want to improve service availability and avoid single points of failure, you can deploy ECSs in the active/standby mode or deploy one active ECS and multiple standby ECSs. In this arrangement, the ECSs all use the same virtual IP address. If the active ECS becomes faulty, a standby ECS takes over services from the active ECS and services continue uninterrupted. - .. figure:: /_static/images/en-us_image_0209608153.png + .. figure:: /_static/images/en-us_image_0000001865663033.png :alt: **Figure 1** Networking diagram of the HA mode **Figure 1** Networking diagram of the HA mode @@ -37,7 +37,7 @@ Virtual IP addresses are used for high availability and can work together with K If you want to build a high-availability load balancing cluster, use Keepalived and configure LVS nodes as direct routers. - .. figure:: /_static/images/en-us_image_0240332622.png + .. figure:: /_static/images/en-us_image_0000001865663537.png :alt: **Figure 2** HA load balancing cluster **Figure 2** HA load balancing cluster diff --git a/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst b/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst index fcd107e..fb581f1 100644 --- a/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst +++ b/umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst @@ -28,7 +28,7 @@ Notes and Constraints To check which ECSs support IPv6: - - On the ECS console, click **Buy ECS**. On the displayed page, view the ECS specifications. + - On the ECS console: Click **Create ECS**. On the displayed page, view the ECS specifications. If there is the **IPv6** parameter with the value of **Yes**, the ECS specifications support IPv6. @@ -41,24 +41,45 @@ If your ECS supports IPv6, you can use the IPv4/IPv6 dual-stack network. :ref:`T .. table:: **Table 1** Application scenarios of IPv4/IPv6 dual stack - +--------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------+---------------------------------------------------------------------------+ - | Application Scenario | Description | Subnet | ECS | - +============================================+=========================================================================================================================================================+====================+===========================================================================+ - | Private communication using IPv6 addresses | Your applications deployed on ECSs need to communicate with other systems (such as databases) through private networks using IPv6 addresses. | - IPv4 CIDR block | - Private IPv4 address: used for private communication | - | | | - IPv6 CIDR block | - IPv6 address: used for private communication. | - +--------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------+---------------------------------------------------------------------------+ - | Public communication using IPv6 addresses | Your applications deployed on ECSs need to provide services accessible from the Internet using IPv6 addresses. | - IPv4 CIDR block | - Private IPv4 address + IPv4 EIP: used for public network communication | - | | | - IPv6 CIDR block | - IPv6 address + shared bandwidth: used for public network communication | - +--------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------+---------------------------------------------------------------------------+ - | | Your applications deployed on ECSs need to both provide services accessible from the Internet and analyze the access request data using IPv6 addresses. | | | - +--------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------+---------------------------------------------------------------------------+ + +----------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Application Scenario | Description | Requirement | IPv4 or IPv6 Subnet | ECS | + +============================+=====================================================================================================================================+=============================================================+=====================+==================================================================================================================================================+ + | Private IPv4 communication | Your applications on ECSs need to communicate with other systems (such as databases) through private networks using IPv4 addresses. | - IPv6 is not enabled for the VPC subnet. | IPv4 CIDR Block | **Private IPv4 address**: used for private IPv4 communication. | + | | | - No EIPs have been bound to the ECSs. | | | + +----------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Public IPv4 communication | Your applications on ECSs need to communicate with other systems (such as databases) through public IPv4 addresses. | - IPv6 is not enabled for the VPC subnet. | IPv4 CIDR Block | - **Private IPv4 address**: used for private IPv4 communication. | + | | | - EIPs have been bound to the ECSs. | | - **Public IPv4 address**: used for public IPv4 communication. | + +----------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Private IPv6 communication | Your applications on ECSs need to communicate with other systems (such as databases) through private IPv6 addresses. | - IPv6 has been enabled for the VPC subnet. | - IPv4 CIDR Block | - **Private IPv4 address + IPv4 EIP**: Bind an IPv4 EIP to the instance to allow public IPv4 communication. | + | | | - The network has been configured for the ECSs as follows: | - IPv6 CIDR block | - **Private IPv4 address**: Do not bind any IPv4 EIP to the instance and use only the private IPv4 address to allow private IPv4 communication. | + | | | | | - **IPv6 address**: Do not configure shared bandwidth for the IPv6 address to allow private IPv6 communication. | + | | | - **VPC and Subnet**: IPv6-enabled subnet and VPC. | | | + | | | - **Shared Bandwidth**: Selected **Do not configure**. | | | + +----------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Public IPv6 communication | An IPv6 network is required for the ECS to access the IPv6 service on the Internet. | - IPv6 has been enabled for the VPC subnet. | - IPv4 CIDR Block | - **Private IPv4 address + IPv4 EIP**: Bind an IPv4 EIP to the instance to allow public IPv4 communication. | + | | | - The network has been configured for the ECSs as follows: | - IPv6 CIDR block | - **Private IPv4 address**: Do not bind any IPv4 EIP to the instance and use only the private IPv4 address to allow private IPv4 communication. | + | | | | | | + | | | - **VPC and Subnet**: IPv6-enabled subnet and VPC. | | - **IPv6 address + shared bandwidth**: Allow both private IPv6 communication and public IPv6 communication. | + | | | - **Shared Bandwidth**: Selected a shared bandwidth. | | | + +----------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Application scenarios of IPv6 EIPs + + +-------------------------------------------+----------------------------------------------------------------------------------------------------------------+-----------------+--------------------------------------------------------------------------------------------------+ + | Application Scenario | Description | Subnet | ECS | + +===========================================+================================================================================================================+=================+==================================================================================================+ + | Public communication using IPv6 addresses | Your applications deployed on ECSs need to provide services accessible from the Internet using IPv6 addresses. | IPv4 CIDR block | - Private IPv4 address | + | | | | - IPv4 EIP (with IPv6 function enabled): used for public communication using IPv4 and IPv6 EIPs | + +-------------------------------------------+----------------------------------------------------------------------------------------------------------------+-----------------+--------------------------------------------------------------------------------------------------+ Basic Operations ---------------- **Creating an IPv6 Subnet** -Create an IPv6 subnet by following the instructions in :ref:`Creating a Subnet for the VPC `. Select **Enable** for **IPv6 CIDR Block**. An IPv6 CIDR block will be automatically assigned to the subnet. IPv6 cannot be disabled after the subnet is created. Currently, customizing IPv6 CIDR block is not supported. +Create an IPv6 subnet by following the instructions in :ref:`Creating a Subnet for the VPC `. Select **Enable** for **IPv6 CIDR Block**. An IPv6 CIDR block will be automatically assigned to the subnet. IPv6 cannot be disabled after the subnet is created. + +To disable this function, call the API by referring to `Updating Subnet Information `__. **Viewing In-Use IPv6 Addresses** @@ -68,9 +89,9 @@ In the subnet list, click the subnet name. On the displayed page, view in-use IP Add a security group rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. -**Adding a Network ACL Rule (IPv6)** +Adding an IPv6 Firewall Rule -Add a network ACL rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. +Add a firewall rule with **Type** set to **IPv6** and **Source** or **Destination** set to an IPv6 address or IPv6 CIDR block. **Adding a Route (IPv6)** diff --git a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst index cb17574..9a5441b 100644 --- a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst @@ -32,7 +32,7 @@ Procedure 6. Set the parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001197228903.png + .. figure:: /_static/images/en-us_image_0000001818823514.png :alt: **Figure 1** Create Subnet **Figure 1** Create Subnet @@ -49,6 +49,8 @@ Procedure | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + | | | | + | | If the VPC has a secondary CIDR block, you can select the primary or the secondary CIDR block that the subnet will belong to based on service requirements. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | | | | | @@ -68,38 +70,38 @@ Procedure +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | | | | - Value: subnet-01 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | | | | | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - .. _en-us_topic_0013748726__table42131827173915: + .. _en-us_topic_0013748726__table6536185812515: .. table:: **Table 2** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ 7. Click **OK**. @@ -116,5 +118,5 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254021.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983298.png diff --git a/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst index 56af1cd..c1c8a6d 100644 --- a/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst +++ b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst @@ -40,7 +40,7 @@ Procedure .. important:: - If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` + If a subnet cannot be deleted, a message will be displayed on the console. Delete the resources that are in the subnet by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626574366.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663521.png diff --git a/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst index edab6d6..85d310a 100644 --- a/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst +++ b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst @@ -25,10 +25,9 @@ Procedure The **Subnets** page is displayed. -#. In the upper right corner of the subnet list, click |image3|. +#. In the subnet list, select one or more subnets you want to export and click **Export** in the upper left corner. - The system will automatically export information about all subnets under your account in the current region as an Excel file to a local directory. + The system will automatically export information about all of your subnets as an Excel file to a local directory. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675613941.png -.. |image3| image:: /_static/images/en-us_image_0000001221842468.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865583297.png diff --git a/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst index b793d0f..f83364f 100644 --- a/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst +++ b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst @@ -18,27 +18,27 @@ A tag consists of a key and value pair. :ref:`Table 1 ` +If you want to view and delete the resources in the subnet, refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675254017.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983610.png diff --git a/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst new file mode 100644 index 0000000..7189aa8 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst @@ -0,0 +1,72 @@ +:original_name: vpc_vpc_0007.html + +.. _vpc_vpc_0007: + +Adding a Secondary IPv4 CIDR Block to a VPC +=========================================== + +Scenarios +--------- + +When you create a VPC, you specify a primary IPv4 CIDR block for the VPC, which cannot be changed. To extend the IP address range of your VPC, you can add a secondary CIDR block to the VPC. Five secondary CIDR blocks can be added. + +.. note:: + + If the :ref:`secondary IPv4 CIDR block ` function is available in a region, the CIDR block of a VPC in this region cannot be modified through the console. You can call an API to modify VPC CIDR block by referring to `Updating VPC Information `__. + +Notes and Constraints +--------------------- + +- You can allocate a subnet from either a primary or a secondary CIDR block of a VPC. A subnet cannot use both the primary and the secondary CIDR blocks. + + Subnets in the same VPC can communicate with each other by default, even if some subnets are allocated from the primary CIDR block and some are from the secondary CIDR block of a VPC. + +- If a subnet in a secondary CIDR block of your VPC is the same as or overlaps with the destination of an existing route in the VPC route table, the existing route does not take effect. + + If you create a subnet in a secondary CIDR block of your VPC, a route (the destination is the subnet CIDR block and the next hop is **Local**) is automatically added to your VPC route table. This route allows communications within the VPC and has a higher priority than any other routes in the VPC route table. For example, if a VPC route table has a route with the VPC peering connection as the next hop and 100.20.0.0/24 as the destination, and a route for the subnet in the secondary CIDR block has a destination of 100.20.0.0/16, 100.20.0.0/16 and 100.20.0.0/24 overlaps and traffic will be forwarded through the route of the subnet. + +- :ref:`Table 1 ` lists the secondary CIDR blocks that are not supported. + + .. _vpc_vpc_0007__table1060431941314: + + .. table:: **Table 1** Restricted secondary CIDR blocks + + +-----------------------------------+-----------------------------------+ + | Type | CIDR Block (Not Supported) | + +===================================+===================================+ + | Reserved private CIDR blocks | - 172.31.0.0/16 | + | | - 192.168.0.0/16 | + | | - In-use primary CIDR blocks | + +-----------------------------------+-----------------------------------+ + | Reserved system CIDR blocks | - 100.64.0.0/10 | + | | - 214.0.0.0/7 | + | | - 198.18.0.0/15 | + | | - 169.254.0.0/16 | + +-----------------------------------+-----------------------------------+ + | Reserved public CIDR blocks | - 0.0.0.0/8 | + | | - 127.0.0.0/8 | + | | - 240.0.0.0/4 | + | | - 255.255.255.255/32 | + +-----------------------------------+-----------------------------------+ + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the VPC list, locate the target VPC and click **Edit CIDR Block** in the **Operation** column. + + The **Edit CIDR Block** dialog box is displayed. + +#. Click **Add Secondary IPv4 CIDR Block**. + +#. Enter the secondary CIDR block and click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001818983054.png +.. |image2| image:: /_static/images/en-us_image_0000001865663001.png diff --git a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst index 4d11f6e..8fd4e5b 100644 --- a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ @@ -108,7 +114,7 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ | Value | - Can contain a maximum of 43 characters. | vpc-01 | | | - Can contain only the following character types: | | @@ -116,36 +122,36 @@ Procedure | | - Uppercase letters | | | | - Lowercase letters | | | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | +-----------------------+------------------------------------------------------------------------+-----------------------+ .. _en-us_topic_0013935842__table6536185812515: .. table:: **Table 3** Subnet tag key and value requirements - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Parameter | Requirements | Example Value | + +=======================+========================================================================+=======================+ + | Key | - Cannot be left blank. | subnet_key1 | + | | - Must be unique for each subnet. | | + | | - Can contain a maximum of 36 characters. | | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only hyphens (-), underscores (_), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ + | Value | - Can contain a maximum of 43 characters. | subnet-01 | + | | - Can contain only the following character types: | | + | | | | + | | - Uppercase letters | | + | | - Lowercase letters | | + | | - Digits | | + | | - Only underscores (_), hyphens (-), and at signs (@) are allowed. | | + +-----------------------+------------------------------------------------------------------------+-----------------------+ #. Click **Create Now**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001520717193.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663089.png diff --git a/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst new file mode 100644 index 0000000..044cb34 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst @@ -0,0 +1,36 @@ +:original_name: vpc_vpc_0008.html + +.. _vpc_vpc_0008: + +Deleting a Secondary IPv4 CIDR Block from a VPC +=============================================== + +Scenarios +--------- + +If a secondary CIDR block of a VPC is no longer required, you can delete it. + +- A secondary IPv4 CIDR block of a VPC can be deleted, but the primary CIDR block cannot be deleted. +- If you want to delete a secondary CIDR block that contains subnets, you need to delete the subnets first. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the VPC list, locate the target VPC and click **Edit CIDR Block** in the **Operation** column. + + The **Edit CIDR Block** dialog box is displayed. + +#. Locate the row that contains the secondary CIDR block to be deleted and click **Delete** in the **Operation** column. + +#. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000001818823194.png +.. |image2| image:: /_static/images/en-us_image_0000001865582729.png diff --git a/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst index 821ac76..911e026 100644 --- a/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst @@ -38,5 +38,5 @@ Procedure If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626734174.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663509.png diff --git a/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst index 5371b5a..27d87ec 100644 --- a/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst +++ b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst @@ -23,10 +23,9 @@ Procedure The **Virtual Private Cloud** page is displayed. -#. In the upper right corner of the VPC list, click |image3|. +#. In the VPC list, select one or more VPCs you want to export and click **Export** in the upper left corner. - The system will automatically export information about all VPCs under your account in the current region as an Excel file to a local directory. + The system will automatically export information about all of your VPCs as an Excel file to a local directory. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626894098.png -.. |image3| image:: /_static/images/en-us_image_0233469654.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823378.png diff --git a/umn/source/vpc_and_subnet/vpc/index.rst b/umn/source/vpc_and_subnet/vpc/index.rst index d5491ac..b6595f8 100644 --- a/umn/source/vpc_and_subnet/vpc/index.rst +++ b/umn/source/vpc_and_subnet/vpc/index.rst @@ -7,6 +7,8 @@ VPC - :ref:`Creating a VPC ` - :ref:`Modifying a VPC ` +- :ref:`Adding a Secondary IPv4 CIDR Block to a VPC ` +- :ref:`Deleting a Secondary IPv4 CIDR Block from a VPC ` - :ref:`Deleting a VPC ` - :ref:`Managing VPC Tags ` - :ref:`Exporting VPC List ` @@ -19,6 +21,8 @@ VPC creating_a_vpc modifying_a_vpc + adding_a_secondary_ipv4_cidr_block_to_a_vpc + deleting_a_secondary_ipv4_cidr_block_from_a_vpc deleting_a_vpc managing_vpc_tags exporting_vpc_list diff --git a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst index 7cc5f02..f0b9118 100644 --- a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst +++ b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst @@ -29,7 +29,7 @@ A tag consists of a key and value pair. :ref:`Table 1 ` - :ref:`Modifying the CIDR Block of a VPC ` + .. note:: + + If the :ref:`secondary IPv4 CIDR block ` function is available in a region, the CIDR block of a VPC in this region cannot be modified through the console. You can call an API to modify VPC CIDR block by referring to `Updating VPC Information `__. + .. _en-us_topic_0030969462__section495418425354: Modifying the Name and Description of a VPC @@ -58,34 +62,14 @@ Modifying the CIDR Block of a VPC The **Edit CIDR Block** dialog box is displayed. -5. Modify the VPC CIDR block as prompted. +5. Click **Add Secondary IPv4 CIDR Block**. - .. important:: +6. Enter the secondary CIDR block and click **OK**. - A VPC CIDR block must be from 10.0.0.0/8-24, 172.16.0.0/12-24, or 192.168.0.0/16-24. - - - If a VPC has no subnets, you can change both its network address and subnet mask. - - - .. figure:: /_static/images/en-us_image_0000001627653972.png - :alt: **Figure 1** Modifying network address and subnet mask - - **Figure 1** Modifying network address and subnet mask - - - If a VPC has subnets, you only can change its subnet mask. - - - .. figure:: /_static/images/en-us_image_0000001627493158.png - :alt: **Figure 2** Modifying subnet mask - - **Figure 2** Modifying subnet mask - -6. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001676063997.png -.. |image3| image:: /_static/images/en-us_image_0000001627174280.png -.. |image4| image:: /_static/images/en-us_image_0000001675813933.png -.. |image5| image:: /_static/images/en-us_image_0000001627334080.png -.. |image6| image:: /_static/images/en-us_image_0141273034.png -.. |image7| image:: /_static/images/en-us_image_0000001627744152.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823402.png +.. |image3| image:: /_static/images/en-us_image_0000001818823394.png +.. |image4| image:: /_static/images/en-us_image_0000001865663133.png +.. |image5| image:: /_static/images/en-us_image_0000001818983186.png +.. |image6| image:: /_static/images/en-us_image_0000001818982734.png +.. |image7| image:: /_static/images/en-us_image_0000001865663129.png diff --git a/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst index 7e22276..bf5e683 100644 --- a/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst +++ b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst @@ -31,6 +31,6 @@ Procedure Click |image3| next to ID to copy the VPC ID. -.. |image1| image:: /_static/images/en-us_image_0000001515644737.png -.. |image2| image:: /_static/images/en-us_image_0000001675613945.png -.. |image3| image:: /_static/images/en-us_image_0000001465124712.png +.. |image1| image:: /_static/images/en-us_image_0000001865582937.png +.. |image2| image:: /_static/images/en-us_image_0000001818983198.png +.. |image3| image:: /_static/images/en-us_image_0000001818983194.png diff --git a/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst index 71c6ee9..7f82e76 100644 --- a/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst +++ b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst @@ -34,5 +34,5 @@ Procedure - Modify or delete a subnet. - Add an ECS to a subnet, bind an EIP to the ECS, and change the security group of the ECS. -.. |image1| image:: /_static/images/en-us_image_0000001221790501.png -.. |image2| image:: /_static/images/en-us_image_0000001675413833.png +.. |image1| image:: /_static/images/en-us_image_0000001865662737.png +.. |image2| image:: /_static/images/en-us_image_0000001818982798.png diff --git a/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst index 0597445..47b12f9 100644 --- a/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst @@ -36,7 +36,7 @@ Procedure 5. In the upper right corner, click **Create VPC Flow Log**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0191544038.png + .. figure:: /_static/images/en-us_image_0000001865582905.png :alt: **Figure 1** Create VPC Flow Log **Figure 1** Create VPC Flow Log @@ -77,5 +77,5 @@ Procedure 6. Click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675616561.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663109.png diff --git a/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst index bff6fff..0754920 100644 --- a/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst @@ -30,12 +30,12 @@ Procedure 5. Locate the row that contains the VPC flow log to be deleted and click **Delete** in the **Operation** column. - .. figure:: /_static/images/en-us_image_0191594527.png + .. figure:: /_static/images/en-us_image_0000001818983242.png :alt: **Figure 1** Deleting a VPC flow log **Figure 1** Deleting a VPC flow log 6. Click **Yes** in the displayed dialog box. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626736794.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582989.png diff --git a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst index 1a80a56..e9bb638 100644 --- a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst @@ -31,5 +31,5 @@ Procedure 5. Locate the VPC flow log to be enabled or disabled, and choose **More** > **Enable** or **More** > **Disable** in the **Operation** column. 6. Click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627056686.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983174.png diff --git a/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst index 067e28c..1408e89 100644 --- a/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst @@ -32,13 +32,13 @@ Procedure 5. Locate the target VPC flow log and click **View Log Record** in the **Operation** column to view information about the flow log record in LTS. - .. figure:: /_static/images/en-us_image_0191577030.png + .. figure:: /_static/images/en-us_image_0000001865663181.png :alt: **Figure 1** Viewing a log record **Figure 1** Viewing a log record - .. figure:: /_static/images/en-us_image_0191588554.png + .. figure:: /_static/images/en-us_image_0000001818823446.png :alt: **Figure 2** Flow log record **Figure 2** Flow log record @@ -120,5 +120,5 @@ Procedure You can enter a keyword on the log topic details page on the LTS console to search for flow log records. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675256657.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582981.png diff --git a/umn/source/vpc_flow_log/vpc_flow_log_overview.rst b/umn/source/vpc_flow_log/vpc_flow_log_overview.rst index 1945087..aea77c5 100644 --- a/umn/source/vpc_flow_log/vpc_flow_log_overview.rst +++ b/umn/source/vpc_flow_log/vpc_flow_log_overview.rst @@ -14,7 +14,7 @@ VPC flow logs must be used together with the Log Tank Service (LTS). Before you .. _flowlog_0002__fig1535115691415: -.. figure:: /_static/images/en-us_image_0162336264.png +.. figure:: /_static/images/en-us_image_0000001818823626.png :alt: **Figure 1** Configuring VPC flow logs **Figure 1** Configuring VPC flow logs diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst index d127300..dbfd0ca 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -18,12 +18,12 @@ Procedure: :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request ` -:ref:`Step 3: Add Routes for the VPC Peering Connection ` +:ref:`Step 3: Add Routes for the VPC Peering Connection ` :ref:`Step 4: Verify Network Connectivity ` -.. figure:: /_static/images/en-us_image_0000001464757610.png +.. figure:: /_static/images/en-us_image_0000001818823598.png :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in different accounts **Figure 1** Networking diagram of a VPC peering connection between VPCs in different accounts @@ -72,7 +72,7 @@ Step 1: Create a VPC Peering Connection For details, see :ref:`Table 1 `. - .. figure:: /_static/images/en-us_image_0167840073.png + .. figure:: /_static/images/en-us_image_0000001818823602.png :alt: **Figure 2** Create VPC Peering Connection **Figure 2** Create VPC Peering Connection @@ -140,21 +140,21 @@ After you create a VPC peering connection with a VPC in another account, you nee The VPC peering connection list is displayed. -#. In the VPC peering connection list, locate the VPC peering connection request to be accepted. +#. In the upper part of the VPC peering connection list, locate the VPC peering connection request to be accepted. - .. figure:: /_static/images/en-us_image_0162391155.png - :alt: **Figure 3** VPC peering connection list + .. figure:: /_static/images/en-us_image_0000001865583153.png + :alt: **Figure 3** Accept Request - **Figure 3** VPC peering connection list + **Figure 3** Accept Request #. Locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. After the status of the VPC peering connection changes to **Accepted**, the VPC peering connection is created. -#. Go to :ref:`Step 3: Add Routes for the VPC Peering Connection `. +#. Go to :ref:`Step 3: Add Routes for the VPC Peering Connection `. -.. _en-us_topic_0046655038__section519111175712: +.. _en-us_topic_0046655038__section2675929184617: Step 3: Add Routes for the VPC Peering Connection ------------------------------------------------- @@ -167,69 +167,95 @@ Both accounts need to add a route to the route table of their VPC. In this examp a. In the VPC peering connection list of the local account, click the name of the target VPC peering connection. - The **Basic Information** tab of the VPC peering connection is displayed. + The page showing the VPC peering connection details is displayed. - b. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + b. In the lower part of the VPC peering connection details page, click **Add Route**. - The **Summary** tab of the default route table for the local VPC is displayed. + The **Add Route** dialog box is displayed. - c. Click **Add Route**. - :ref:`Table 2 ` describes the route parameters. + .. figure:: /_static/images/en-us_image_0000001818983398.png + :alt: **Figure 4** Add Route - .. _en-us_topic_0046655038__en-us_topic_0046655037_table97163496270: + **Figure 4** Add Route + + c. Add routes to the route tables as prompted. + + :ref:`Table 2 ` describes the parameters. + + .. _en-us_topic_0046655038__table124160361764: .. table:: **Table 2** Parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Parameter | Description | Example Value | - +=======================+========================================================================================================================================================+=================================+ - | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+==============================================================================================================================================================================================================================================================================================================+=================================+ + | VPC | The default value is the VPC connected by the VPC peering connection in the current account. You do not need to select a VPC. | VPC-A | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Route Table | Select the route table of the VPC. The route will be added to this route table. | rtb-VPC-A (Default route table) | + | | | | + | | Each VPC comes with a default route table to control the outbound traffic from the subnets in the VPC. In addition to the default route table, you can also create a custom route table and associate it with the subnets in the VPC. Then, the custom route table controls outbound traffic of the subnets. | | + | | | | + | | - If there is only the default route table in the drop-down list, select the default route table. | | + | | - If there are both default and custom route tables in drop-down list, select the route table associated with the subnet connected by the VPC peering connection. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Destination | An IP address or address range in the other VPC connected by the VPC peering connection. The value can be a VPC CIDR block, subnet CIDR block, or ECS IP address. For details about the route configuration example, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The default value is the current VPC peering connection. You do not need to specify this parameter. | peering-AB | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | Route from VPC-A to VPC-B | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ d. Click **OK**. - You can view the route in the route list. + You can view the routes in the route list. #. Add routes to the route table of the peer VPC: a. In the VPC peering connection list of the peer account, click the name of the target VPC peering connection. - The **Basic Information** tab of the VPC peering connection is displayed. + The page showing the VPC peering connection details is displayed. - b. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. + b. In the lower part of the VPC peering connection details page, click **Add Route**. - The **Summary** tab of the default route table for the peer VPC is displayed. + The **Add Route** dialog box is displayed. - c. Click **Add Route**. - :ref:`Table 3 ` describes the route parameters. + .. figure:: /_static/images/en-us_image_0000001818823594.png + :alt: **Figure 5** Add Route - .. _en-us_topic_0046655038__en-us_topic_0046655037_table13697163914393: + **Figure 5** Add Route + + c. Add routes to the route table as prompted. + + :ref:`Table 3 ` describes the parameters. + + .. _en-us_topic_0046655038__table563312179168: .. table:: **Table 3** Parameter description - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================+=================================+ - | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +=======================+==============================================================================================================================================================================================================================================================================================================+=================================+ + | VPC | The default value is the VPC connected by the VPC peering connection in the current account. You do not need to select a VPC. | VPC-B | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Route Table | Select the route table of the VPC. The route will be added to this route table. | rtb-VPC-B (Default route table) | + | | | | + | | Each VPC comes with a default route table to control the outbound traffic from the subnets in the VPC. In addition to the default route table, you can also create a custom route table and associate it with the subnets in the VPC. Then, the custom route table controls outbound traffic of the subnets. | | + | | | | + | | - If there is only the default route table in the drop-down list, select the default route table. | | + | | - If there are both default and custom route tables in drop-down list, select the route table associated with the subnet connected by the VPC peering connection. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Destination | An IP address or address range in the other VPC connected by the VPC peering connection. The value can be a VPC CIDR block, subnet CIDR block, or ECS IP address. For details about the route configuration example, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The default value is the current VPC peering connection. You do not need to specify this parameter. | peering-AB | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | Route from VPC-B to VPC-A. | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ d. Click **OK**. @@ -248,7 +274,7 @@ After you add routes for the VPC peering connection, verify the communication be **ping** *IP address of RDS-B01* - Example command: + Run the following commands: **ping 172.17.0.21** @@ -270,6 +296,6 @@ After you add routes for the VPC peering connection, verify the communication be - In this example, ECS-A01 and RDS-B01 are in the same security group. If the instances in different security groups, you need to add inbound rules to allow access from the peer security group. For details, see :ref:`Enabling ECSs In Different Security Groups to Communicate Through an Internal Network `. - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675415841.png -.. |image3| image:: /_static/images/en-us_image_0000001626736198.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865583133.png +.. |image3| image:: /_static/images/en-us_image_0000001818983374.png diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst index b5edd78..1ff697e 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -16,12 +16,12 @@ Procedure: :ref:`Step 1: Create a VPC Peering Connection ` -:ref:`Step 2: Add Routes for the VPC Peering Connection ` +:ref:`Step 2: Add Routes for the VPC Peering Connection ` :ref:`Step 3: Verify Network Connectivity ` -.. figure:: /_static/images/en-us_image_0000001512876289.png +.. figure:: /_static/images/en-us_image_0000001865663449.png :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in the same account **Figure 1** Networking diagram of a VPC peering connection between VPCs in the same account @@ -65,7 +65,7 @@ Step 1: Create a VPC Peering Connection For details, see :ref:`Table 1 `. - .. figure:: /_static/images/en-us_image_0167839112.png + .. figure:: /_static/images/en-us_image_0000001865663453.png :alt: **Figure 2** Create VPC Peering Connection **Figure 2** Create VPC Peering Connection @@ -115,81 +115,76 @@ Step 1: Create a VPC Peering Connection A dialog box for adding routes is displayed. -8. Click **Add Route** or **Add Later**. +8. In the displayed dialog box, click **Add Now**. On the displayed page about the VPC peering connection details, go to :ref:`Step 2: Add Routes for the VPC Peering Connection ` to add a route. - a. If you click **Add Route**, the **Local Routes** page is displayed. Then, go to :ref:`Step 2: Add Routes for the VPC Peering Connection `. - b. If you click **Add Later**, the VPC peering connection list is displayed. - -.. _en-us_topic_0046655037__section19655123018712: +.. _en-us_topic_0046655037__section1241619362061: Step 2: Add Routes for the VPC Peering Connection ------------------------------------------------- -To enable communications between VPCs connected by a VPC peering connection, you need to add forward and return routes to the route tables of the VPCs. For details, see :ref:`VPC Peering Connection Usage Examples `. +#. In the lower part of the VPC peering connection details page, click **Add Route**. -#. Add routes to the route table of the local VPC: + The **Add Route** dialog box is displayed. - a. On the **Local Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. - The **Summary** tab of the default route table for the local VPC is displayed. + .. figure:: /_static/images/en-us_image_0000001865583269.png + :alt: **Figure 3** Add Route - b. Click **Add Route**. + **Figure 3** Add Route - :ref:`Table 2 ` describes the route parameters. +#. Add routes to the route tables as prompted. - .. _en-us_topic_0046655037__table97163496270: + :ref:`Table 2 ` describes the parameters. - .. table:: **Table 2** Parameter description + .. _en-us_topic_0046655037__table124160361764: - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Parameter | Description | Example Value | - +=======================+========================================================================================================================================================+=================================+ - | Destination | The peer VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + .. table:: **Table 2** Parameter description - c. Click **OK**. + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Parameter | Description | Example Value | + +===============================+==============================================================================================================================================================================================================================================================================================================+=================================+ + | VPC | Select a VPC that is connected by the VPC peering connection. | VPC-A | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Route Table | Select the route table of the VPC. The route will be added to this route table. | rtb-VPC-A (Default route table) | + | | | | + | | Each VPC comes with a default route table to control the outbound traffic from the subnets in the VPC. In addition to the default route table, you can also create a custom route table and associate it with the subnets in the VPC. Then, the custom route table controls outbound traffic of the subnets. | | + | | | | + | | - If there is only the default route table in the drop-down list, select the default route table. | | + | | - If there are both default and custom route tables in drop-down list, select the route table associated with the subnet connected by the VPC peering connection. | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Destination | An IP address or address range in the other VPC connected by the VPC peering connection. The value can be a VPC CIDR block, subnet CIDR block, or ECS IP address. For details about the route configuration example, see :ref:`VPC Peering Connection Usage Examples `. | VPC-B CIDR block: 172.17.0.0/16 | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The default value is the current VPC peering connection. You do not need to specify this parameter. | peering-AB | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | Route from VPC-A to VPC-B | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Add a route for the other VPC | If you select this option, you can also add a route for the other VPC connected by the VPC peering connection. | Selected | + | | | | + | | To enable communications between VPCs connected by a VPC peering connection, you need to add both forward and return routes to the route tables of the VPCs. For details, see :ref:`VPC Peering Connection Usage Examples `. | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | VPC | By default, the system selects the other VPC connected by the VPC peering connection. You do not need to specify this parameter. | VPC-B | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Route Table | Select the route table of the VPC. The route will be added to this route table. | rtb-VPC-B (Default route table) | + | | | | + | | Each VPC comes with a default route table to control the outbound traffic from the subnets in the VPC. In addition to the default route table, you can also create a custom route table and associate it with the subnets in the VPC. Then, the custom route table controls outbound traffic of the subnets. | | + | | | | + | | - If there is only the default route table in the drop-down list, select the default route table. | | + | | - If there are both default and custom route tables in drop-down list, select the route table associated with the subnet connected by the VPC peering connection. | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Destination | An IP address or address range in the other VPC connected by the VPC peering connection. The value can be a VPC CIDR block, subnet CIDR block, or ECS IP address. For details about the route configuration example, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Next Hop | The default value is the current VPC peering connection. You do not need to specify this parameter. | peering-AB | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ + | Description | Supplementary information about the route. This parameter is optional. | Route from VPC-B to VPC-A. | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - You can view the route in the route list. +#. Click **OK**. -2. Add routes to the route table of the peer VPC: - - a. On the **Peer Routes** tab of the VPC peering connection, click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Click **Add Route**. - - :ref:`Table 3 ` describes the route parameters. - - .. _en-us_topic_0046655037__table13697163914393: - - .. table:: **Table 3** Parameter description - - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Parameter | Description | Example Value | - +=======================+=========================================================================================================================================================+=================================+ - | Destination | The local VPC CIDR block, subnet CIDR block, or ECS IP address. For details, see :ref:`VPC Peering Connection Usage Examples `. | VPC-A CIDR block: 172.16.0.0/16 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop Type | The next hop type. Select **VPC peering connection**. | VPC peering connection | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Next Hop | The next hop address. Select the name of the current VPC peering connection. | peering-AB | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------+ - - c. Click **OK**. - - You can view the route in the route list. + You can view the routes in the route list. .. _en-us_topic_0046655037__section026312306414: @@ -226,5 +221,5 @@ After you add routes for the VPC peering connection, verify the communication be - In this example, ECS-A01 and RDS-B01 are in the same security group. If the instances in different security groups, you need to add inbound rules to allow access from the peer security group. For details, see :ref:`Enabling ECSs In Different Security Groups to Communicate Through an Internal Network `. - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627056086.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818983506.png diff --git a/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst index 325e8ac..9dded8a 100644 --- a/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst @@ -38,5 +38,5 @@ Procedure 6. Click **Yes**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675416345.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823798.png diff --git a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst index 1957805..800362c 100644 --- a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst @@ -34,29 +34,11 @@ Deleting Routes of a VPC Peering Connection Between VPCs in the Same Account The page showing the VPC peering connection details is displayed. -#. Delete the route added to the route table of the local VPC: +#. In the route list, locate the route and click **Delete** in the **Operation** column. - a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + A confirmation dialog box is displayed. - The **Summary** tab of the default route table for the local VPC is displayed. - - b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - A confirmation dialog box is displayed. - - c. Click **Yes**. - -#. Delete the route added to the route table of the peer VPC: - - a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - A confirmation dialog box is displayed. - - c. Click **Yes**. +#. Confirm the information and click **OK**. .. _vpc_peering_0006__section47866392497: @@ -83,21 +65,15 @@ Only the account owner of a VPC in a VPC peering connection can delete the route The page showing the VPC peering connection details is displayed. - e. Delete the route added to the route table of the local VPC: + e. In the route list, locate the route and click **Delete** in the **Operation** column. - #. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + A confirmation dialog box is displayed. - The **Summary** tab of the default route table for the local VPC is displayed. - - #. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - A confirmation dialog box is displayed. - - #. Click **Yes**. + f. Confirm the information and click **OK**. #. Log in to the management console using the account of the peer VPC and delete the route of the peer VPC by referring to :ref:`1 `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626896590.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001675616433.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001818823058.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001865582593.png diff --git a/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst index 0af6278..bfff832 100644 --- a/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/modifying_a_vpc_peering_connection.rst @@ -8,7 +8,7 @@ Modifying a VPC Peering Connection Scenarios --------- -This section describes how to modify the name of a VPC peering connection. +This section describes how to modify the basic information about a VPC peering connection, including its name and description. Either owner of a VPC in a peering connection can modify the VPC peering connection in any state. @@ -33,5 +33,5 @@ Procedure 6. Modify the VPC peering connection information and click **OK**. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626576382.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865582893.png diff --git a/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst index 13e1ecb..28f0038 100644 --- a/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst @@ -36,29 +36,13 @@ Modifying Routes of a VPC Peering Connection Between VPCs in the Same Account The page showing the VPC peering connection details is displayed. -#. Modify the route added to the route table of the local VPC: +#. In the route list, click the route table hyperlink of the route. - a. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + The route table details page is displayed. - The **Summary** tab of the default route table for the local VPC is displayed. +#. In the route list, locate the route and click **Modify** in the **Operation** column. - b. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. - - The **Modify Route** dialog box is displayed. - - c. Modify the route and click **OK**. - -#. Modify the route added to the route table of the peer VPC: - - a. Click the **Peer Routes** tab and then click the **Route Tables** hyperlink. - - The **Summary** tab of the default route table for the peer VPC is displayed. - - b. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. - - The **Modify Route** dialog box is displayed. - - c. Modify the route and click **OK**. +#. Modify the route and click **OK**. .. _vpc_peering_0007__section47866392497: @@ -85,21 +69,17 @@ Only the account owner of a VPC can modify the routes added for the connection. The page showing the VPC peering connection details is displayed. - e. Modify the route added to the route table of the local VPC: + e. In the route list, click the route table hyperlink of the route. - #. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + The route table details page is displayed. - The **Summary** tab of the default route table for the local VPC is displayed. + f. In the route list, locate the route and click **Modify** in the **Operation** column. - #. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. - - The **Modify Route** dialog box is displayed. - - #. Modify the route and click **OK**. + g. Modify the route and click **OK**. #. Log in to the management console using the account of the peer VPC and modify the route of the peer VPC by referring to :ref:`1 `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001627056574.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001626736678.png +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865662901.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001818823166.png diff --git a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst index d122d37..5d29f4d 100644 --- a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -36,10 +36,15 @@ Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account The page showing the VPC peering connection details is displayed. -6. View the routes added for the VPC peering connection: +6. In the route list, view the route information. - a. Click the **Local Routes** tab to view the local route added for the VPC peering connection. - b. Click the **Peer Routes** tab to view the peer route added for the VPC peering connection. + You can view the route destination, VPC, next hop, route table, and more. + + + .. figure:: /_static/images/en-us_image_0000001865828728.png + :alt: **Figure 1** View routes of a VPC peering connection between VPCs in the same account + + **Figure 1** View routes of a VPC peering connection between VPCs in the same account .. _vpc_peering_0004__section92403501475: @@ -66,11 +71,25 @@ Only the account owner of a VPC in a VPC peering connection can view the routes The page showing the VPC peering connection details is displayed. - e. Click the **Local Routes** tab to view the local route added for the VPC peering connection. + e. In the route list, view the route information. + + You can view the route destination, VPC, next hop, route table, and more. + + + .. figure:: /_static/images/en-us_image_0000001865833004.png + :alt: **Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts + + **Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts #. Log in to the management console using the account of the peer VPC and view the route of the peer VPC by referring to :ref:`1 `. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001626576858.png -.. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001675256529.png + + .. figure:: /_static/images/en-us_image_0000001865674836.png + :alt: **Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts + + **Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865662765.png +.. |image3| image:: /_static/images/en-us_image_0000001818982734.png +.. |image4| image:: /_static/images/en-us_image_0000001818982826.png diff --git a/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst index fc9f207..e928051 100644 --- a/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst @@ -31,5 +31,11 @@ Procedure On the displayed page, view details about the VPC peering connection. -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001675256029.png + + .. figure:: /_static/images/en-us_image_0000001865884494.png + :alt: **Figure 1** View VPC peering connections + + **Figure 1** View VPC peering connections + +.. |image1| image:: /_static/images/en-us_image_0000001818982734.png +.. |image2| image:: /_static/images/en-us_image_0000001865663213.png diff --git a/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst index dd832e5..dd738fe 100644 --- a/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst +++ b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst @@ -21,7 +21,7 @@ A VPC peering connection is a networking connection that connects two VPCs for t .. _en-us_topic_0046655036__fig4721642193711: -.. figure:: /_static/images/en-us_image_0000001512591549.png +.. figure:: /_static/images/en-us_image_0000001818983018.png :alt: **Figure 1** VPC peering connection network diagram **Figure 1** VPC peering connection network diagram @@ -37,7 +37,7 @@ A VPC peering connection can only connect VPCs in the same region. .. _en-us_topic_0046655036__en-us_topic_0000001154868962_fig10285152624918: - .. figure:: /_static/images/en-us_image_0000001512701025.png + .. figure:: /_static/images/en-us_image_0000001818823678.png :alt: **Figure 2** Process of creating a VPC peering connection between VPCs in the same account **Figure 2** Process of creating a VPC peering connection between VPCs in the same account @@ -50,7 +50,7 @@ A VPC peering connection can only connect VPCs in the same region. .. _en-us_topic_0046655036__fig16137161191713: - .. figure:: /_static/images/en-us_image_0000001462622484.png + .. figure:: /_static/images/en-us_image_0000001865583217.png :alt: **Figure 3** Process of creating a VPC peering connection between VPCs in different accounts **Figure 3** Process of creating a VPC peering connection between VPCs in different accounts diff --git a/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst b/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst index aff425b..ec2280b 100644 --- a/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst +++ b/umn/source/vpc_peering_connection/vpc_peering_connection_usage_examples.rst @@ -37,7 +37,7 @@ Peering Two or More VPCs .. _en-us_topic_0046809840__fig465519155457: - .. figure:: /_static/images/en-us_image_0000001207827554.png + .. figure:: /_static/images/en-us_image_0000001865662841.png :alt: **Figure 1** Networking diagram (IPv4) **Figure 1** Networking diagram (IPv4) @@ -64,7 +64,7 @@ Peering Two or More VPCs .. _en-us_topic_0046809840__fig2032313286441: - .. figure:: /_static/images/en-us_image_0000001207699446.png + .. figure:: /_static/images/en-us_image_0000001818982906.png :alt: **Figure 2** Networking diagram (IPv4) **Figure 2** Networking diagram (IPv4) @@ -106,7 +106,7 @@ Peering One Central VPC with Multiple VPCs .. _en-us_topic_0046809840__fig724664185: -.. figure:: /_static/images/en-us_image_0000001208260576.png +.. figure:: /_static/images/en-us_image_0000001818823110.png :alt: **Figure 3** Networking diagram (IPv4) **Figure 3** Networking diagram (IPv4) @@ -163,7 +163,7 @@ As shown in :ref:`Figure 4 `, VPC-A and .. _en-us_topic_0046809840__fig06955277200: -.. figure:: /_static/images/en-us_image_0000001521533677.png +.. figure:: /_static/images/en-us_image_0000001865662833.png :alt: **Figure 4** Networking diagram (IPv4) **Figure 4** Networking diagram (IPv4) @@ -198,7 +198,7 @@ As shown in :ref:`Figure 5 `, VPC-B and .. _en-us_topic_0046809840__fig568511518481: -.. figure:: /_static/images/en-us_image_0000001209442636.png +.. figure:: /_static/images/en-us_image_0000001818823118.png :alt: **Figure 5** Networking diagram (IPv4) **Figure 5** Networking diagram (IPv4) @@ -237,7 +237,7 @@ If VPCs with the same CIDR block also include subnets that overlap, VPC peering In the rtb-VPC-A route table, the custom route for routing traffic from VPC-A to VPC-B and the local route have overlapping destinations. The local route has a higher priority and traffic will be forwarded within VPC-A and cannot reach VPC-B. -.. figure:: /_static/images/en-us_image_0000001254335981.png +.. figure:: /_static/images/en-us_image_0000001818982898.png :alt: **Figure 6** Networking diagram (IPv4) **Figure 6** Networking diagram (IPv4)