sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2024-03-05 03:35:02 +00:00
parent 0bc1e75222
commit 8bb68bbd32
23 changed files with 456 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001429281925.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1004 B

BIN
umn/source/_static/images/en-us_image_0000001429973081.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1004 B

BIN
umn/source/_static/images/en-us_image_0000001540725521.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
umn/source/_static/images/en-us_image_0000001626574374.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 B

BIN
umn/source/_static/images/en-us_image_0000001627054074.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 B

BIN
umn/source/_static/images/en-us_image_0000001856562181.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
umn/source/_static/images/en-us_image_0000001856641285.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
umn/source/_static/images/en-us_image_0214585306.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

4
umn/source/access_control/differences_between_security_groups_and_firewalls.rst
View File

@ -5,7 +5,7 @@
Differences Between Security Groups and Firewalls
=================================================
You can configure firewall and security group rules to protect the instances in your VPC, such as ECSs, databases, and CCI instances.
You can configure firewall and security group rules to protect the instances in your VPC, such as ECSs and databases.
- A security group protects the instances in it.
- A firewall protects associated subnets and all the resources in the subnets.
@ -28,7 +28,7 @@ For details, see :ref:`Figure 1 <en-us_topic_0052003963__fig9582182315479>`.
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Category | Security Group | Firewall |
+=======================+========================================================================================================================================================================+===========================================================================================================================================================================================================================================================+
| Protection Scope | Protects instances in a security group, such as ECSs, databases, and CCI instances. | Protects subnets and all the instances in the subnets. |
| Protection Scope | Protects instances in a security group, such as ECSs and databases. | Protects subnets and all the instances in the subnets. |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Rules | Does not support **Allow** or **Deny** rules. | Supports both **Allow** and **Deny** rules. |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

82
umn/source/access_control/firewall/management_firewall_rules/adding_a_firewall_rule.rst
View File

@ -43,49 +43,45 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+=======================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - IP address group: A collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - IP address group: A collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+========================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **OK**.

82
umn/source/access_control/firewall/management_firewall_rules/modifying_a_firewall_rule.rst
View File

@ -37,49 +37,45 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+=======================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - IP address group: A collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - IP address group: A collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+========================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **Confirm**.

127
umn/source/access_control/security_group/managing_a_security_group/creating_a_security_group.rst
View File

File diff suppressed because it is too large Load Diff

8
umn/source/change_history.rst
View File

@ -8,6 +8,14 @@ Change History
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+====================================================================================================================================================================================================================================================================================================================================+
| 2024-02-29 | This release incorporates the following changes: |
| | |
| | Deleted parameter **Destination Address** in :ref:`Creating a Custom Route Table <vpc_route01_0005>`, :ref:`Adding a Custom Route <vpc_route01_0006>`, and :ref:`Modifying a Route <vpc_route01_0011>`. |
| | |
| | Deleted the descriptions about IP address groups in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>` and :ref:`Modifying a Firewall Rule <vpc_acl_0005>`. |
| | |
| | Modified the subnet description in :ref:`Subnet <en-us_topic_0030969424>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2024-02-18 | This release incorporates the following changes: |
| | |
| | Added :ref:`What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs? <en-us_topic_0000001799161498>` |

26
umn/source/faq/eips/what_are_the_differences_between_5_bgp_5_mailbgp_and_5_gray_eips.rst
View File

@ -11,16 +11,16 @@ What Are the Differences Between 5_bgp, 5_mailbgp, and 5_gray EIPs?
.. table:: **Table 1** Differences between **5_bgp**, **5_mailbgp**, and **5_gray** EIPs
+----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Dimension | 5_bgp EIP | 5_gray EIP | 5_mailbgp EIP |
+======================+=======================================================================================================+===============================================================================================================================================================================+=======================================================================================================+
| Application scenario | Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | **5_gray** EIPs can be bound to dedicated or shared load balancers for Internet access. | **5_mailbgp** EIPs are used together with port 25, 465, or 587 for email services. |
| | | | |
| | **5_bgp** EIPs can be bound to cloud resources except dedicated load balancers. | | |
+----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Differences | - Cannot be bound to dedicated load balancers. | - Can only be bound to dedicated or shared load balancers. | - Cannot be bound to dedicated load balancers. |
| | - Cannot be used for email services. | - Cannot be used for email services. | - Can be used for email services. |
+----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Constraints | The selected EIP type cannot be changed after the EIP is assigned. | - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. | If you need an EIP of this type, contact the account administrator to grant the required permissions. |
| | | - Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect. | |
+----------------------+-------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
+----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Dimension | 5_bgp EIP | 5_gray EIP | 5_mailbgp EIP |
+======================+=======================================================================================================+=====================================================================================================================================================+=======================================================================================================+
| Application scenario | Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | 5_gray EIPs are no longer supported. | **5_mailbgp** EIPs are used together with port 25, 465, or 587 for email services. |
| | | | |
| | **5_bgp** EIPs can be bound to cloud resources except dedicated load balancers. | | |
+----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Differences | - Cannot be used for email services. | - Not suggested to be bound to dedicated or shared load balancers by default. | - Cannot be bound to dedicated load balancers. |
| | - Can be bound to dedicated and shared load balancers. | - Cannot be used for email services. | - Can be used for email services. |
+----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+
| Constraints | The selected EIP type cannot be changed after the EIP is assigned. | - In **eu-de**, existing **5_gray** EIPs cannot be bound to dedicated or shared load balancers. You can use **5_bgp** EIPs instead. | If you need an EIP of this type, contact the account administrator to grant the required permissions. |
| | | - In **eu-de**, EIPs of the Dedicated Load Balancer (**5_gray**) type cannot be assigned anymore. You can assign EIPs of the BGP (**5_bgp**) type. | |
+----------------------+-------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+

64
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst
View File

@ -43,39 +43,37 @@ Procedure
.. table:: **Table 1** Parameter description
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================================================================================+============================+
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
| | .. note:: | |
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | Mandatory | General-purpose web server |
| | | |
| | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | |
| | | |
| | - **Custom**: This template allows you to create security groups with custom security group rules. | |
| | - **General-purpose web server** (default value): The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | |
| | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+================================================================================================================================================================================================================================+============================+
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
| | .. note:: | |
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | Mandatory | General-purpose web server |
| | | |
| | The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. | |
| | | |
| | :ref:`Table 1 <en-us_topic_0013748715__table117828131111>` describes the security group templates. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
#. Confirm the inbound and outbound rules of the template and click **OK**.

64
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst
View File

@ -43,39 +43,37 @@ Procedure
.. table:: **Table 1** Parameter description
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================================================================================+============================+
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
| | .. note:: | |
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | Mandatory | General-purpose web server |
| | | |
| | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | |
| | | |
| | - **Custom**: This template allows you to create security groups with custom security group rules. | |
| | - **General-purpose web server** (default value): The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | |
| | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+================================================================================================================================================================================================================================+============================+
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
| | .. note:: | |
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | Mandatory | General-purpose web server |
| | | |
| | The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. | |
| | | |
| | :ref:`Table 1 <en-us_topic_0013748715__table117828131111>` describes the security group templates. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
#. Confirm the inbound and outbound rules of the template and click **OK**.

2
umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst
View File

@ -31,7 +31,7 @@ Procedure
5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted.
.. figure:: /_static/images/en-us_image_0214585306.png
.. figure:: /_static/images/en-us_image_0000001856641285.png
:alt: **Figure 1** Create Route Table
**Figure 1** Create Route Table

2
umn/source/route_tables/managing_routes/adding_a_custom_route.rst
View File

@ -35,7 +35,7 @@ Procedure
You can click **+** to add more routes.
.. figure:: /_static/images/en-us_image_0000001540725521.png
.. figure:: /_static/images/en-us_image_0000001856562181.png
:alt: **Figure 1** Add Route
**Figure 1** Add Route

2
umn/source/service_overview/basic_concepts/subnet.rst
View File

@ -7,8 +7,6 @@ Subnet
A subnet is a unique CIDR block with a range of IP addresses in a VPC. All resources in a VPC must be deployed on subnets.
- By default, all instances in different subnets of the same VPC can communicate with each other and the subnets can be located in different AZs. If you have a VPC with two subnets in it and they are located in different AZs, they can communicate with each other by default.
- After a subnet is created, its CIDR block cannot be modified. Subnets in the same VPC cannot overlap.
A subnet mask can be between the netmask of its VPC CIDR block and /29 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can be between 16 and 29.

188
umn/source/service_overview/permissions.rst
View File

File diff suppressed because it is too large Load Diff

64
umn/source/vpc_and_subnet/vpc/adding_a_secondary_ipv4_cidr_block_to_a_vpc.rst Normal file
View File

@ -0,0 +1,64 @@
:original_name: vpc_vpc_0007.html
.. _vpc_vpc_0007:
Adding a Secondary IPv4 CIDR Block to a VPC
===========================================
Scenarios
---------
When you create a VPC, you specify a primary IPv4 CIDR block for the VPC, which cannot be changed. To extend the IP address range of your VPC, you can add a secondary CIDR block to the VPC.
Notes and Constraints
---------------------
- You can allocate a subnet from either a primary or a secondary CIDR block of a VPC. A subnet cannot use both the primary and the secondary CIDR blocks.
Subnets in the same VPC can communicate with each other by default, even if some subnets are allocated from the primary CIDR block and some are from the secondary CIDR block of a VPC.
- If a subnet in a secondary CIDR block of your VPC is the same as or overlaps with the destination of an existing route in the VPC route table, the existing route does not take effect.
If you create a subnet in a secondary CIDR block of your VPC, a route (the destination is the subnet CIDR block and the next hop is **Local**) is automatically added to your VPC route table. This route allows communications within the VPC and has a higher priority than any other routes in the VPC route table. For example, if a VPC route table has a route with the VPC peering connection as the next hop and 100.20.0.0/24 as the destination, and a route for the subnet in the secondary CIDR block has a destination of 100.20.0.0/16, 100.20.0.0/16 and 100.20.0.0/24 overlaps and traffic will be forwarded through the route of the subnet.
- :ref:`Table 1 <vpc_vpc_0007__table1060431941314>` lists the secondary CIDR blocks that are not supported.
.. _vpc_vpc_0007__table1060431941314:
.. table:: **Table 1** Restricted secondary CIDR blocks
+-----------------------------------+-----------------------------------+
| Type | CIDR Block (Not Supported) |
+===================================+===================================+
| Reserved system CIDR blocks | - 100.64.0.0/10 |
| | - 214.0.0.0/7 |
| | - 198.18.0.0/15 |
| | - 169.254.0.0/16 |
+-----------------------------------+-----------------------------------+
| Reserved public CIDR blocks | - 0.0.0.0/8 |
| | - 127.0.0.0/8 |
| | - 240.0.0.0/4 |
| | - 255.255.255.255/32 |
+-----------------------------------+-----------------------------------+
Procedure
---------
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
The **Virtual Private Cloud** page is displayed.
#. In the VPC list, locate the row that contains the VPC and click **Edit CIDR Block** in the **Operation** column.
The **Edit CIDR Block** dialog box is displayed.
#. Click **Add Secondary IPv4 CIDR Block**.
#. Enter the secondary CIDR block and click **OK**.
.. |image1| image:: /_static/images/en-us_image_0000001429281925.png
.. |image2| image:: /_static/images/en-us_image_0000001626574374.png

36
umn/source/vpc_and_subnet/vpc/deleting_a_secondary_ipv4_cidr_block_from_a_vpc.rst Normal file
View File

@ -0,0 +1,36 @@
:original_name: vpc_vpc_0008.html
.. _vpc_vpc_0008:
Deleting a Secondary IPv4 CIDR Block from a VPC
===============================================
Scenarios
---------
If a secondary CIDR block of a VPC is no longer required, you can delete it.
- A secondary IPv4 CIDR block of a VPC can be deleted, but the primary CIDR block cannot be deleted.
- If you want to delete a secondary CIDR block that contains subnets, you need to delete the subnets first.
Procedure
---------
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
The **Virtual Private Cloud** page is displayed.
#. In the VPC list, locate the row that contains the VPC and click **Edit CIDR Block** in the **Operation** column.
The **Edit CIDR Block** dialog box is displayed.
#. Locate the row that contains the secondary CIDR block to be deleted and click **Delete** in the **Operation** column.
#. Click **OK**.
.. |image1| image:: /_static/images/en-us_image_0000001429973081.png
.. |image2| image:: /_static/images/en-us_image_0000001627054074.png

4
umn/source/vpc_and_subnet/vpc/index.rst
View File

@ -7,6 +7,8 @@ VPC
- :ref:`Creating a VPC <en-us_topic_0013935842>`
- :ref:`Modifying a VPC <en-us_topic_0030969462>`
- :ref:`Adding a Secondary IPv4 CIDR Block to a VPC <vpc_vpc_0007>`
- :ref:`Deleting a Secondary IPv4 CIDR Block from a VPC <vpc_vpc_0008>`
- :ref:`Deleting a VPC <vpc_vpc_0003>`
- :ref:`Managing VPC Tags <vpc_vpc_0004>`
- :ref:`Exporting VPC List <vpc_vpc_0006>`
@ -19,6 +21,8 @@ VPC
creating_a_vpc
modifying_a_vpc
adding_a_secondary_ipv4_cidr_block_to_a_vpc
deleting_a_secondary_ipv4_cidr_block_from_a_vpc
deleting_a_vpc
managing_vpc_tags
exporting_vpc_list