diff --git a/umn/source/_static/images/en-us_image_0000001209321492.png b/umn/source/_static/images/en-us_image_0000001209321492.png new file mode 100644 index 0000000..76b3419 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001209321492.png differ diff --git a/umn/source/_static/images/en-us_image_0000001209777270.png b/umn/source/_static/images/en-us_image_0000001209777270.png new file mode 100644 index 0000000..e6e9c70 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001209777270.png differ diff --git a/umn/source/_static/images/en-us_image_0000001221790501.png b/umn/source/_static/images/en-us_image_0000001221790501.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001221790501.png differ diff --git a/umn/source/_static/images/en-us_image_0000001337710801.png b/umn/source/_static/images/en-us_image_0000001337710801.png new file mode 100644 index 0000000..c5bd875 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001337710801.png differ diff --git a/umn/source/_static/images/en-us_image_0000001461263993.png b/umn/source/_static/images/en-us_image_0000001461263993.png new file mode 100644 index 0000000..6fe7324 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001461263993.png differ diff --git a/umn/source/_static/images/en-us_image_0000001469919564.png b/umn/source/_static/images/en-us_image_0000001490118666.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001469919564.png rename to umn/source/_static/images/en-us_image_0000001490118666.png diff --git a/umn/source/_static/images/en-us_image_0000001470237928.png b/umn/source/_static/images/en-us_image_0000001500905066.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001470237928.png rename to umn/source/_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/_static/images/en-us_image_0000001503448449.png b/umn/source/_static/images/en-us_image_0000001503011070.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001503448449.png rename to umn/source/_static/images/en-us_image_0000001503011070.png diff --git a/umn/source/_static/images/en-us_image_0000001524337893.png b/umn/source/_static/images/en-us_image_0000001503011074.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001524337893.png rename to umn/source/_static/images/en-us_image_0000001503011074.png diff --git a/umn/source/_static/images/en-us_image_0000001525502489.png b/umn/source/_static/images/en-us_image_0000001503159042.png similarity index 100% rename from umn/source/_static/images/en-us_image_0000001525502489.png rename to umn/source/_static/images/en-us_image_0000001503159042.png diff --git a/umn/source/_static/images/en-us_image_0000001503170970.png b/umn/source/_static/images/en-us_image_0000001503170970.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503170970.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503170974.png b/umn/source/_static/images/en-us_image_0000001503170974.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503170974.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503318922.png b/umn/source/_static/images/en-us_image_0000001503318922.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503318922.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503330854.png b/umn/source/_static/images/en-us_image_0000001503330854.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503330854.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503330858.png b/umn/source/_static/images/en-us_image_0000001503330858.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503330858.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503478818.png b/umn/source/_static/images/en-us_image_0000001503478818.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503478818.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503490746.png b/umn/source/_static/images/en-us_image_0000001503490746.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503490746.png differ diff --git a/umn/source/_static/images/en-us_image_0000001503490750.png b/umn/source/_static/images/en-us_image_0000001503490750.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001503490750.png differ diff --git a/umn/source/_static/images/en-us_image_0173155793.png b/umn/source/_static/images/en-us_image_0000001540725521.png similarity index 100% rename from umn/source/_static/images/en-us_image_0173155793.png rename to umn/source/_static/images/en-us_image_0000001540725521.png diff --git a/umn/source/_static/images/en-us_image_0173155870.png b/umn/source/_static/images/en-us_image_0000001540846821.png similarity index 100% rename from umn/source/_static/images/en-us_image_0173155870.png rename to umn/source/_static/images/en-us_image_0000001540846821.png diff --git a/umn/source/_static/images/en-us_image_0000001553650753.png b/umn/source/_static/images/en-us_image_0000001553650753.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553650753.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553650757.png b/umn/source/_static/images/en-us_image_0000001553650757.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553650757.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553770733.png b/umn/source/_static/images/en-us_image_0000001553770733.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553770733.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553770737.png b/umn/source/_static/images/en-us_image_0000001553770737.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553770737.png differ diff --git a/umn/source/_static/images/en-us_image_0000001553930581.png b/umn/source/_static/images/en-us_image_0000001553930581.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001553930581.png differ diff --git a/umn/source/_static/images/en-us_image_0000001554010645.png b/umn/source/_static/images/en-us_image_0000001554010645.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001554010645.png differ diff --git a/umn/source/_static/images/en-us_image_0000001554010649.png b/umn/source/_static/images/en-us_image_0000001554010649.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001554010649.png differ diff --git a/umn/source/_static/images/en-us_image_0000001570070841.png b/umn/source/_static/images/en-us_image_0000001570070841.png new file mode 100644 index 0000000..6fe740f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001570070841.png differ diff --git a/umn/source/_static/images/en-us_image_0167573711.png b/umn/source/_static/images/en-us_image_0167573711.png deleted file mode 100644 index 113f966..0000000 Binary files a/umn/source/_static/images/en-us_image_0167573711.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0171311823.png b/umn/source/_static/images/en-us_image_0171311823.png new file mode 100644 index 0000000..aa2b287 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0171311823.png differ diff --git a/umn/source/_static/images/en-us_image_0173155804.png b/umn/source/_static/images/en-us_image_0173155804.png deleted file mode 100644 index 64883ba..0000000 Binary files a/umn/source/_static/images/en-us_image_0173155804.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0209577986.png b/umn/source/_static/images/en-us_image_0209577986.png new file mode 100644 index 0000000..1a3ab09 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0209577986.png differ diff --git a/umn/source/_static/images/en-us_image_0214585306.png b/umn/source/_static/images/en-us_image_0214585306.png new file mode 100644 index 0000000..e0684de Binary files /dev/null and b/umn/source/_static/images/en-us_image_0214585306.png differ diff --git a/umn/source/_static/images/en-us_image_0185346582.png b/umn/source/_static/images/en-us_image_0214585307.png similarity index 100% rename from umn/source/_static/images/en-us_image_0185346582.png rename to umn/source/_static/images/en-us_image_0214585307.png diff --git a/umn/source/_static/images/en-us_image_0118498992.png b/umn/source/_static/images/en-us_image_0214585308.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118498992.png rename to umn/source/_static/images/en-us_image_0214585308.png diff --git a/umn/source/_static/images/en-us_image_0118499109.png b/umn/source/_static/images/en-us_image_0214585309.png similarity index 100% rename from umn/source/_static/images/en-us_image_0118499109.png rename to umn/source/_static/images/en-us_image_0214585309.png diff --git a/umn/source/_static/images/en-us_image_0163203842.png b/umn/source/_static/images/en-us_image_0214585341.png similarity index 100% rename from umn/source/_static/images/en-us_image_0163203842.png rename to umn/source/_static/images/en-us_image_0214585341.png diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 2d2b33b..f530781 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -32,8 +32,7 @@ Change History +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2022-10-20 | Modified the following content: | | | | -| | - Added user-defined networks in :ref:`Route Table Overview `. | -| | - Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? ` | +| | Modified the bandwidth range in :ref:`What Is the Bandwidth Size Range? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2022-09-07 | Added the following content: | | | | @@ -92,7 +91,7 @@ Change History | | | | | - Added rules in :ref:`Firewall Configuration Examples `. | | | - Modified :ref:`Does a Security Group Rule or a Firewall Rule Immediately Take Effect for Existing Connections After It Is Modified? ` | -| | - Modified :ref:`How Can I Delete a Subnet That Is Being Used by Other Resources? ` | +| | - Modified :ref:`Why Can't I Delete My VPCs and Subnets? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2020-02-25 | Added the following content: | | | | @@ -132,10 +131,9 @@ Change History | | - Modified the steps in :ref:`Assigning an EIP and Binding It to an ECS `, :ref:`Elastic IP `, and :ref:`Shared Bandwidth `. | | | - Updated screenshots in :ref:`Modifying a Shared Bandwidth `. | | | - Updated screenshots and parameter description in :ref:`Creating a Subnet for the VPC `. | -| | - Updated screenshots in :ref:`Creating a Custom Route Table `, :ref:`Adding a Custom Route `, and :ref:`Associating a Subnet with a Route Table `. | | | - Modified steps in :ref:`Assigning a Virtual IP Address `, :ref:`Binding a Virtual IP Address to an EIP or ECS `, and :ref:`Releasing a Virtual IP Address `. | | | - Updated screenshots in :ref:`VPC Peering Connection `. | -| | - Modified description in :ref:`How Many Routes Can a Route Table Contain? ` and :ref:`How Many Route Tables Can Be Created for a VPC? ` | +| | - Modified description in :ref:`How Many Routes Can a Route Table Contain? ` | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2019-12-13 | Added the following content: | | | | @@ -186,43 +184,36 @@ Change History | | | | | Added the following content: | | | | -| | Added descriptions about route types in :ref:`Route Table ` and :ref:`Route Table Overview `. | +| | Added descriptions about route types in :ref:`Route Table `. | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2019-08-16 | Added the following content: | | | | -| | Added :ref:`Exporting Route Table Information `. | +| | Added :ref:`Exporting Route Table Information `. | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2019-08-09 | Added the following content: | | | | | | - Added parameters **Type** and **Bandwidth Type** to :ref:`Step 3: Assign an EIP and Bind It to an ECS ` and :ref:`Assigning an EIP and Binding It to an ECS `. | -| | - Added description about how to replicate multiple routes in :ref:`Replicating a Route `. | -| | - Added the description about **Next Hop Type** in :ref:`Adding a Custom Route `. | +| | - Added description about how to replicate multiple routes in :ref:`Replicating a Route `. | +| | - Added the description about **Next Hop Type** in :ref:`Adding a Custom Route `. | | | | | | Modified the following content: | | | | | | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet `. | -| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | -| | - Modified descriptions about system routes and custom routes in :ref:`Route Table Overview `. | -| | - Modified description about usage restrictions in :ref:`Route Table Overview `. | -| | - Modified steps in :ref:`Creating a Custom Route Table `. | -| | - Modified description about the scenario in :ref:`Modifying a Route ` and :ref:`Deleting a Route `. | +| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | +| | - Modified descriptions about system routes and custom routes in :ref:`Route Table Overview `. | +| | - Modified description about usage restrictions in :ref:`Route Table Overview `. | | | | | | Deleted the following content: | | | | | | - Deleted parameter **Enterprise Project** from the document. | -| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | +| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview `. | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2019-08-02 | Added the following content based on the RM-584 requirements: | | | | | | - Added subnet parameter description in :ref:`Modifying a Subnet `. | -| | - Added **Route Settings** to the parameter description in :ref:`Creating a Custom Route Table `. | -| | - Added description about route parameters in :ref:`Modifying a Route `. | | | | | | Modified the following content based on the RM-584 requirements: | | | | -| | - Optimized description about **Next Hop** in :ref:`Adding a Custom Route `. | -| | - Optimized description about the scenario in :ref:`Associating a Subnet with a Route Table `. | -| | - Modified steps in :ref:`Changing the Route Table Associated with a Subnet `. | | | - Added prerequisites in :ref:`Releasing a Virtual IP Address `. | | | - Optimized description about scenarios and prerequisites in :ref:`Deleting a Subnet `. | +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -405,7 +396,6 @@ Change History | | Added the following content: | | | | | | - Added :ref:`Security Group Configuration Examples `. | -| | - Added :ref:`Route Table Overview `. | | | - Added :ref:`Modifying an EIP Bandwidth `. | | | - Added description about disassociating and releasing multiple EIPs at a time in :ref:`Unbinding an EIP from an ECS and Releasing the EIP `. | | | | diff --git a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index c050132..a39abd8 100644 --- a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -44,39 +44,39 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Billed By | Two options are available: | Dedicated | - | | | | - | | - **Dedicated**: The bandwidth can be used by only one EIP. | | - | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Name | The EIP name. | eip-test | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Enterprise Project | The enterprise project that the EIP belongs to. | default | - | | | | - | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | - | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to assign. | 1 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Billed By | Two options are available: | Dedicated | + | | | | + | | - **Dedicated**: The bandwidth can be used by only one EIP. | | + | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Name | The EIP name. | eip-test | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Enterprise Project | The enterprise project that the EIP belongs to. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 3005eip | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Quantity | The number of EIPs you want to assign. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. _en-us_topic_0013748738__table36606052153313: @@ -95,7 +95,7 @@ Assigning an EIP | | - Digits | | | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | + | Value | - Can contain a maximum of 43 characters. | 3005eip | | | - Can contain only the following character types: | | | | | | | | - Uppercase letters | | diff --git a/umn/source/elastic_ip/managing_eip_tags.rst b/umn/source/elastic_ip/managing_eip_tags.rst index db2778a..5a9873e 100644 --- a/umn/source/elastic_ip/managing_eip_tags.rst +++ b/umn/source/elastic_ip/managing_eip_tags.rst @@ -29,7 +29,7 @@ A tag consists of a key and value pair. :ref:`Table 1 **Elastic IP**. -#. In the upper right corner of the EIP list, click **Search by Tag**. +#. Click the search box and then click **Tag** in the drop-down list. -#. In the displayed area, enter the tag key and value of the EIP you are looking for. - - You must specify both the tag key and value. The system will display the EIPs that contain the tag you specified. - -#. Click **+** to add another tag key and value. +#. Select the tag key and value of the EIP. You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for EIPs, the system will display only the EIPs that contain all of the tags you specified. -#. Click **Search**. +#. Click **OK**. The system displays the EIPs you are looking for based on the entered tag keys and values. diff --git a/umn/source/faqs/bandwidth/how_do_i_buy_a_shared_bandwidth.rst b/umn/source/faqs/bandwidth/how_do_i_buy_a_shared_bandwidth.rst deleted file mode 100644 index 974d645..0000000 --- a/umn/source/faqs/bandwidth/how_do_i_buy_a_shared_bandwidth.rst +++ /dev/null @@ -1,15 +0,0 @@ -:original_name: vpc_faq_0035.html - -.. _vpc_faq_0035: - -How Do I Buy a Shared Bandwidth? -================================ - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. -#. In the navigation pane on the left, choose **Shared Bandwidths**. -#. In the upper right corner, click **Assign Shared Bandwidth**. On the displayed page, configure parameters as prompted to assign a shared bandwidth. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001454059512.png diff --git a/umn/source/faqs/bandwidth/index.rst b/umn/source/faqs/bandwidth/index.rst index 09f2fb0..b35debe 100644 --- a/umn/source/faqs/bandwidth/index.rst +++ b/umn/source/faqs/bandwidth/index.rst @@ -8,7 +8,6 @@ Bandwidth - :ref:`What Is the Bandwidth Size Range? ` - :ref:`What Bandwidth Types Are Available? ` - :ref:`What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around? ` -- :ref:`How Do I Buy a Shared Bandwidth? ` .. toctree:: :maxdepth: 1 @@ -17,4 +16,3 @@ Bandwidth what_is_the_bandwidth_size_range what_bandwidth_types_are_available what_are_the_differences_between_a_dedicated_bandwidth_and_a_shared_bandwidth_can_a_dedicated_bandwidth_be_changed_to_a_shared_bandwidth_or_the_other_way_around - how_do_i_buy_a_shared_bandwidth diff --git a/umn/source/faqs/eips/can_a_bandwidth_be_used_by_multiple_accounts.rst b/umn/source/faqs/eips/can_a_bandwidth_be_used_by_multiple_accounts.rst deleted file mode 100644 index 39332a6..0000000 --- a/umn/source/faqs/eips/can_a_bandwidth_be_used_by_multiple_accounts.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: faq_eip_0010.html - -.. _faq_eip_0010: - -Can a Bandwidth Be Used by Multiple Accounts? -============================================= - -A bandwidth cannot be shared between different accounts. Each account can use and manage only its own EIP bandwidths. diff --git a/umn/source/faqs/eips/can_i_change_the_region_of_my_eip.rst b/umn/source/faqs/eips/can_i_change_the_region_of_my_eip.rst new file mode 100644 index 0000000..92fa8d2 --- /dev/null +++ b/umn/source/faqs/eips/can_i_change_the_region_of_my_eip.rst @@ -0,0 +1,10 @@ +:original_name: faq_eip_0014.html + +.. _faq_eip_0014: + +Can I Change the Region of My EIP? +================================== + +The region of an EIP cannot be changed. + +If you assigned an EIP in region A but need an EIP in region B, you cannot directly change the region of the assigned EIP from A to B. Instead, you have to assign an EIP in region B. diff --git a/umn/source/faqs/eips/index.rst b/umn/source/faqs/eips/index.rst index ce2f04a..939ebfa 100644 --- a/umn/source/faqs/eips/index.rst +++ b/umn/source/faqs/eips/index.rst @@ -8,8 +8,8 @@ EIPs - :ref:`What Is an EIP? ` - :ref:`Can I Bind an EIP to Multiple ECSs? ` - :ref:`How Do I Access an ECS with an EIP Bound from the Internet? ` -- :ref:`Can a Bandwidth Be Used by Multiple Accounts? ` - :ref:`Can I Bind an EIP to a Cloud Resource in Another Region? ` +- :ref:`Can I Change the Region of My EIP? ` .. toctree:: :maxdepth: 1 @@ -18,5 +18,5 @@ EIPs what_is_an_eip can_i_bind_an_eip_to_multiple_ecss how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet - can_a_bandwidth_be_used_by_multiple_accounts can_i_bind_an_eip_to_a_cloud_resource_in_another_region + can_i_change_the_region_of_my_eip diff --git a/umn/source/faqs/general_questions/what_is_a_quota.rst b/umn/source/faqs/general_questions/what_is_a_quota.rst index d5675a7..def4c97 100644 --- a/umn/source/faqs/general_questions/what_is_a_quota.rst +++ b/umn/source/faqs/general_questions/what_is_a_quota.rst @@ -45,5 +45,7 @@ Before dialing the hotline number or sending an email, make sure that the follow - Quota type - Required quota +`Learn how to obtain the service hotline and email address. `__ + .. |image1| image:: /_static/images/en-us_image_0275513364.png .. |image2| image:: /_static/images/en-us_image_0152727234.png diff --git a/umn/source/faqs/routing/how_many_route_tables_can_be_created_for_a_vpc.rst b/umn/source/faqs/routing/how_many_route_tables_can_be_created_for_a_vpc.rst deleted file mode 100644 index 304277c..0000000 --- a/umn/source/faqs/routing/how_many_route_tables_can_be_created_for_a_vpc.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0071.html - -.. _vpc_faq_0071: - -How Many Route Tables Can Be Created for a VPC? -=============================================== - -Currently, a VPC can have a maximum of 10 route tables by default. diff --git a/umn/source/faqs/routing/index.rst b/umn/source/faqs/routing/index.rst index 873496a..c4ded72 100644 --- a/umn/source/faqs/routing/index.rst +++ b/umn/source/faqs/routing/index.rst @@ -7,10 +7,8 @@ Routing - :ref:`How Many Routes Can a Route Table Contain? ` - :ref:`Are There Any Restrictions on Using a Route Table? ` -- :ref:`Will a Route Table Be Billed? ` - :ref:`Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC? ` - :ref:`Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC? ` -- :ref:`How Many Route Tables Can Be Created for a VPC? ` .. toctree:: :maxdepth: 1 @@ -18,7 +16,5 @@ Routing how_many_routes_can_a_route_table_contain are_there_any_restrictions_on_using_a_route_table - will_a_route_table_be_billed do_the_same_routing_priorities_apply_to_direct_connect_connections_and_custom_routes_in_the_same_vpc are_there_different_routing_priorities_of_the_vpn_and_custom_routes_in_the_same_vpc - how_many_route_tables_can_be_created_for_a_vpc diff --git a/umn/source/faqs/routing/will_a_route_table_be_billed.rst b/umn/source/faqs/routing/will_a_route_table_be_billed.rst deleted file mode 100644 index 9ec35d3..0000000 --- a/umn/source/faqs/routing/will_a_route_table_be_billed.rst +++ /dev/null @@ -1,8 +0,0 @@ -:original_name: vpc_faq_0065.html - -.. _vpc_faq_0065: - -Will a Route Table Be Billed? -============================= - -The route table function itself is free, but you are charged for the ECSs and bandwidth that you use together with the route table function. diff --git a/umn/source/faqs/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst b/umn/source/faqs/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst new file mode 100644 index 0000000..1f323f6 --- /dev/null +++ b/umn/source/faqs/vpc_peering_connections/can_a_vpc_peering_connection_connect_vpcs_in_different_regions.rst @@ -0,0 +1,22 @@ +:original_name: faq_connection_0001.html + +.. _faq_connection_0001: + +Can a VPC Peering Connection Connect VPCs in Different Regions? +=============================================================== + +A VPC peering connection only can connect VPCs in the same region. + +:ref:`Figure 1 ` shows an application scenario of VPC peering connections. + +- There are two VPCs (VPC-A and VPC-B) in region A that are not connected. +- Service servers (ECS-A01 and ECS-A02) are in VPC-A, and database servers (RDS-B01 and RDS-B02) are in VPC-B. The service servers and database servers cannot communicate with each other. + +- You need to create a VPC peering connection (peering-AB) between VPC-A and VPC-B so the service servers and database servers can communicate with each other. + +.. _faq_connection_0001__en-us_topic_0046655036_fig4721642193711: + +.. figure:: /_static/images/en-us_image_0000001512591549.png + :alt: **Figure 1** VPC peering connection network diagram + + **Figure 1** VPC peering connection network diagram diff --git a/umn/source/faqs/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst b/umn/source/faqs/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst index 0e3144e..156c9fe 100644 --- a/umn/source/faqs/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst +++ b/umn/source/faqs/vpc_peering_connections/how_many_vpc_peering_connections_can_i_create_in_an_account.rst @@ -5,7 +5,7 @@ How Many VPC Peering Connections Can I Create in an Account? ============================================================ -A VPC peering connection can connect VPCs in the same region. You can log in to the management console to view your quota. For details, see `How Do I View My Quotas? `__ +Each account can have a maximum of 50 VPC peering connections in each region by default. - Number of VPC peering connections that you can create in each region between VPCs in the same account: subject to the actual quota diff --git a/umn/source/faqs/vpc_peering_connections/index.rst b/umn/source/faqs/vpc_peering_connections/index.rst index 2bc8ee0..d264f5d 100644 --- a/umn/source/faqs/vpc_peering_connections/index.rst +++ b/umn/source/faqs/vpc_peering_connections/index.rst @@ -6,6 +6,7 @@ VPC Peering Connections ======================= - :ref:`How Many VPC Peering Connections Can I Create in an Account? ` +- :ref:`Can a VPC Peering Connection Connect VPCs in Different Regions? ` - :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ` .. toctree:: @@ -13,4 +14,5 @@ VPC Peering Connections :hidden: how_many_vpc_peering_connections_can_i_create_in_an_account + can_a_vpc_peering_connection_connect_vpcs_in_different_regions why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection diff --git a/umn/source/faqs/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst b/umn/source/faqs/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst index 2d3d58f..4db7cfd 100644 --- a/umn/source/faqs/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst +++ b/umn/source/faqs/vpc_peering_connections/why_did_communication_fail_between_vpcs_that_were_connected_by_a_vpc_peering_connection.rst @@ -5,11 +5,203 @@ Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? ======================================================================================== -#. Check whether the VPC IDs are correctly configured for the VPC peering connection. -#. Check whether the VPCs have routes that point to the CIDR block of the other VPC. -#. Check whether the VPCs have routes that point to the subnet CIDR block of the other VPC if the two VPCs have overlapping CIDR blocks. -#. Check whether the VPCs contain overlapping subnets. -#. Check whether required security group rules have been configured for the ECSs that need to communicate with each other and whether restriction rules have been added to the iptables or firewalls used by the ECSs. -#. If a message indicating that this route already exists is displayed when you add a route for a VPC peering connection, check whether the destination of a VPN, Direct Connect, or VPC peering connection route already exists. -#. If the route destination of the VPC peering connection overlaps with that of a Direct Connect or VPN connection, the route may be invalid. -#. If VPCs in a VPC peering connection cannot communicate with each other after all these possible faults have been rectified, contact customer service. +Symptom +------- + +After a VPC peering connection is created, the local and peer VPCs cannot communicate with each other. + +Troubleshooting +--------------- + +The issues here are described in order of how likely they are to occur. + +.. table:: **Table 1** Possible causes and solutions + + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | No. | Possible Cause | Solution | + +=======================+========================================================================================================+============================================================================================================+ + | 1 | Overlapping CIDR blocks of local and peer VPCs | Refer to :ref:`Overlapping CIDR Blocks of Local and Peer VPCs `. | + | | | | + | | - All their subnet CIDR blocks overlap. | | + | | - Some of their subnet CIDR blocks overlap. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 2 | Incorrect route configuration for the local and peer VPCs | Refer to :ref:`Incorrect Route Configuration for Local and Peer VPCs `. | + | | | | + | | - No routes are added. | | + | | - Incorrect routes are added. | | + | | - Destinations of the routes overlap with that configured for Direct Connect or VPN connections. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 3 | Incorrect network configuration | Refer to :ref:`Incorrect Network Configuration `. | + | | | | + | | - The security group rules of the ECSs that need to communicate deny inbound traffic from each other. | | + | | - The firewall of the ECS NIC blocks traffic. | | + | | - The network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. | | + | | - Check the policy-based routing configuration of an ECS with multiple NICs. | | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + | 4 | ECS network failure | Refer to :ref:`ECS Network Failure `. | + +-----------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section18800459153612: + +Overlapping CIDR Blocks of Local and Peer VPCs +---------------------------------------------- + +If the CIDR blocks of VPCs connected by a VPC peering connection overlap, the connection may not take effect due to route conflicts. + +.. table:: **Table 2** Overlapping CIDR blocks of local and peer VPCs + + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Scenario | Description | Solution | + +=================================================================================+=============================================================================================================================================+==============================================================================================================================================================+ + | VPCs with overlapping CIDR blocks also include subnets that overlap. | As shown in :ref:`Figure 1 `, the CIDR blocks of VPC-A and VPC-B overlap, and all their subnets overlap. | VPC-A and VPC-B cannot be connected using a VPC peering connection. | + | | | | + | | - Overlapping CIDR blocks of VPC-A and VPC-B: 10.0.0.0/16 | Replan the network. | + | | - Overlapping CIDR blocks of Subnet-A01 in VPC-A and Subnet-B01 in VPC-B: 10.0.0.0/24 | | + | | - Overlapping CIDR blocks of Subnet-A02 in VPC-A and Subnet-B02 in VPC-B: 10.0.1.0/24 | | + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Two VPCs have overlapping CIDR blocks but some of their subnets do not overlap. | As shown in :ref:`Figure 2 `, the CIDR blocks of VPC-A and VPC-B overlap, and some of their subnets overlap. | - A VPC peering connection cannot connect the entire VPCs, | + | | | | + | | - Overlapping CIDR blocks of VPC-A and VPC-B: 10.0.0.0/16 | VPC-A and VPC-B. | + | | - Overlapping CIDR blocks of Subnet-A01 in VPC-A and Subnet-B01 in VPC-B: 10.0.0.0/24 | | + | | - CIDR blocks of Subnet-A02 in VPC-A and Subnet-B02 in VPC-B do not overlap. | - A connection can connect their subnets (Subnet-A02 and Subnet-B02) that do not overlap. For details, see :ref:`Figure 3 `. | + +---------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__fig465519155457: + +.. figure:: /_static/images/en-us_image_0000001254335981.png + :alt: **Figure 1** Networking diagram (IPv4) + + **Figure 1** Networking diagram (IPv4) + +.. _vpc_faq_0069__fig098452131910: + +.. figure:: /_static/images/en-us_image_0000001209777270.png + :alt: **Figure 2** Networking diagram (IPv4) + + **Figure 2** Networking diagram (IPv4) + +If CIDR blocks of VPCs overlap and some of their subnets overlap, you can create a VPC peering connection between their subnets with non-overlapping CIDR blocks. :ref:`Figure 3 ` shows the networking diagram of connecting Subnet-A02 and Subnet-B02. :ref:`Table 3 ` describes the routes required. + +.. _vpc_faq_0069__fig920231311415: + +.. figure:: /_static/images/en-us_image_0000001209321492.png + :alt: **Figure 3** Networking diagram (IPv4) + + **Figure 3** Networking diagram (IPv4) + +.. _vpc_faq_0069__table45541823135611: + +.. table:: **Table 3** Routes required for the VPC peering connection between Subnet-A02 and Subnet-B02 + + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + | Route Table | Destination | Next Hop | Description | + +===================+=============+============+==================================================================================================+ + | VPC-A route table | 10.0.2.0/24 | Peering-AB | Add a route with the CIDR block of Subnet-B02 as the destination and Peering-AB as the next hop. | + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + | VPC-B route table | 10.0.1.0/24 | Peering-AB | Add a route with the CIDR block of Subnet-A02 as the destination and Peering-AB as the next hop. | + +-------------------+-------------+------------+--------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section582181993814: + +Incorrect Route Configuration for Local and Peer VPCs +----------------------------------------------------- + +Check the routes in the route tables of the local and peer VPCs by referring to :ref:`Viewing Routes Configured for a VPC Peering Connection `. :ref:`Table 4 ` lists the items that you need to check. + +.. _vpc_faq_0069__table513212558272: + +.. table:: **Table 4** Route check items + + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Item | Solution | + +==================================================================================================================================================================+==================================================================================================================================================================================+ + | Check whether routes are added to the route tables of the local and peer VPCs. | If routes are not added, add routes by referring to: | + | | | + | | - :ref:`Creating a VPC Peering Connection with Another VPC in Your Account ` | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Check the destinations of routes added to the route tables of the local and peer VPCs. | If the route destination is incorrect, change it by referring to :ref:`Modifying Routes Configured for a VPC Peering Connection `. | + | | | + | - In the route table of the local VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the peer VPC. | | + | - In the route table of the peer VPC, check whether the route destination is the CIDR block, subnet CIDR block, or related private IP address of the local VPC. | | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Destinations of the routes overlap with that configured for Direct Connect or VPN connections. | Check whether any of the VPCs connected by the VPC peering connection also has a VPN or Direct Connect connection connected. If they do, check the destinations of their routes. | + | | | + | | If the destinations of the routes overlap, the VPC peering connection does not take effect. In this case, replan the network connection. | + +------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _vpc_faq_0069__section157663413717: + +Incorrect Network Configuration +------------------------------- + +#. Check whether security group rules of the ECSs that need to communicate allow inbound traffic from each other by referring to :ref:`Viewing the Security Group of an ECS `. + + - If the ECSs are associated with the same security group, you do not need to check their rules. + - If the ECSs are associated with different security groups, add an inbound rule to allow access from each other by referring to :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network `. + +#. Check whether the firewall of the ECS NIC blocks traffic. + + If the firewall blocks traffic, configure the firewall to allow inbound traffic. + +#. Check whether network ACL rules of the subnets connected by the VPC peering connection deny inbound traffic. + + If the network ACL rules deny inbound traffic, configure the rules to allow the traffic. + +#. If an ECS has more than one NIC, check whether correct policy-based routing has been configured for the ECS and packets with different source IP addresses match their own routes from each NIC. + + If an ECS has two NICs (eth0 and eth1): + + - IP address of eth0: 192.168.1.10; Subnet gateway: 192.168.1.1 + - IP address of eth1: 192.168.2.10; Subnet gateway: 192.168.2.1 + + Command format: + + - **ping -l** *IP address of eth0 Subnet gateway address of eth0* + - **ping -l** *IP address of eth1 Subnet gateway address of eth1* + + Run the following commands: + + - **ping -I 192.168.1.10 192.168.1.1** + - **ping -I 192.168.2.10 192.168.2.1** + + If the network communication is normal, the routes of the NICs are correctly configured. + +.. _vpc_faq_0069__section8357923710: + +ECS Network Failure +------------------- + +#. Log in to the ECS. + +#. Check whether the ECS NIC has an IP address assigned. + + - Linux ECS: Use the **ifconfig** or **ip address** command to view the IP address of the NIC. + - Windows ECS: In the search box, enter **cmd** and press **Enter**. In the displayed command prompt, run the **ipconfig** command. + + If the ECS NIC has no IP address assigned, see + +#. Check whether the subnet gateway of the ECS can be pinged. + + a. In the ECS list, click the ECS name. + + The ECS details page is displayed. + + b. On the ECS details page, click the hyperlink of VPC. + + The **Virtual Private Cloud** page is displayed. + + c. In the VPC list, locate the target VPC and click the number in the **Subnets** column. + + The **Subnets** page is displayed. + + d. In the subnet list, click the subnet name. + + The subnet details page is displayed. + + e. Click the **IP Addresses** tab and view the gateway address of the subnet. + + f. Check whether the gateway communication is normal: + + **ping** *Subnet gateway address* + + Example command: **ping 172.17.0.1** diff --git a/umn/source/faqs/vpcs_and_subnets/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst b/umn/source/faqs/vpcs_and_subnets/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst deleted file mode 100644 index c15b880..0000000 --- a/umn/source/faqs/vpcs_and_subnets/how_can_i_delete_a_subnet_that_is_being_used_by_other_resources.rst +++ /dev/null @@ -1,68 +0,0 @@ -:original_name: vpc_faq_0075.html - -.. _vpc_faq_0075: - -How Can I Delete a Subnet That Is Being Used by Other Resources? -================================================================ - -The VPC service allows you to create private, isolated virtual networks. In a VPC, you can manage private IP address ranges, subnets, route tables, and gateways. ECSs, BMSs, databases, and some applications can use subnets created in VPCs. - -A subnet cannot be deleted if it is being used by other resources. You must delete all resources in the subnet before you can delete the subnet. - -You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. - -The resources may include: - -- ECS -- BMS -- CCE cluster -- RDS instance -- MRS cluster -- DCS instance -- Load balancer -- VPN -- Private IP address -- Custom route -- NAT gateway - -Deleting Subnets ----------------- - -You can refer to :ref:`Table 1 ` to delete subnets. - -.. _vpc_faq_0075__table4284113316400: - -.. table:: **Table 1** Deleting subnets - - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Cause | Solution | - +============================================================================+============================================================================================================================================================+ - | Your account does not have permissions to delete subnets. | Contact the account administrator to grant permissions to your account and then delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The route table has custom routes with the following as the next hop type: | Delete the custom route from the route table and then delete the subnet. | - | | | - | - Server | | - | - Extension NIC | | - | - Supplementary network interface | | - | - Virtual IP address | | - | - NAT gateway | | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet has virtual IP addresses configured. | Release the virtual IP addresses from the subnet and then delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet has virtual IP addresses that are not used by any instance. | On the **IP Addresses** tab, view and release these private IP addresses and then delete the subnet. | - | | | - | | #. In the private IP address list, locate the IP address that is not being used and click **Release** in the **Operation** column. | - | | | - | | .. important:: | - | | | - | | NOTICE: | - | | If you want to release an in-use private IP address, you need to delete the resource that uses the IP address first. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet is being used by an ECS or a load balancer. | Delete the ECS or load balancer and then delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet is being used by a load balancer. | Delete the load balancer and then delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet is being used by a NAT gateway. | Delete the NAT gateway and then delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | The subnet is being used by cloud resources. | On the **IP Addresses** tab, view the usage of the IP address, find the resource that is using the IP address, delete the resource, and delete the subnet. | - +----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/faqs/vpcs_and_subnets/index.rst b/umn/source/faqs/vpcs_and_subnets/index.rst index 984ab96..1c78314 100644 --- a/umn/source/faqs/vpcs_and_subnets/index.rst +++ b/umn/source/faqs/vpcs_and_subnets/index.rst @@ -11,7 +11,7 @@ VPCs and Subnets - :ref:`What Subnet CIDR Blocks Are Available? ` - :ref:`How Many Subnets Can I Create? ` - :ref:`What Are the Differences Between the Network ID and Subnet ID of a Subnet? ` -- :ref:`How Can I Delete a Subnet That Is Being Used by Other Resources? ` +- :ref:`Why Can't I Delete My VPCs and Subnets? ` .. toctree:: :maxdepth: 1 @@ -23,4 +23,4 @@ VPCs and Subnets what_subnet_cidr_blocks_are_available how_many_subnets_can_i_create what_are_the_differences_between_the_network_id_and_subnet_id_of_a_subnet - how_can_i_delete_a_subnet_that_is_being_used_by_other_resources + why_cant_i_delete_my_vpcs_and_subnets diff --git a/umn/source/faqs/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst b/umn/source/faqs/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst new file mode 100644 index 0000000..4d32cd9 --- /dev/null +++ b/umn/source/faqs/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst @@ -0,0 +1,111 @@ +:original_name: vpc_faq_0075.html + +.. _vpc_faq_0075: + +Why Can't I Delete My VPCs and Subnets? +======================================= + +If VPCs and subnets are being used by other resources, you need to delete these resources first based on the prompts on the console before deleting the VPCs and subnets. This following provides detailed deletion prompts and corresponding deletion guide. + +- :ref:`Deleting Subnets ` +- :ref:`Deleting VPCs ` + +.. _vpc_faq_0075__section16966157133218: + +Deleting Subnets +---------------- + +You can refer to :ref:`Table 1 ` to delete subnets. + +.. _vpc_faq_0075__table4284113316400: + +.. table:: **Table 1** Deleting subnets + + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause | Solution | + +=================================================================================================+============================================================================+============================================================================================================================================================+ + | You do not have permission to perform this operation. | Your account does not have permissions to delete subnets. | Contact the account administrator to grant permissions to your account and then delete the subnet. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete custom routes from the associated route table of the subnet and then delete the subnet. | The route table has custom routes with the following as the next hop type: | Delete the custom route from the route table and then delete the subnet. | + | | | | + | | - Server | #. :ref:`Viewing the Route Table Associated with a Subnet ` | + | | - Extension NIC | #. :ref:`Deleting a Route ` | + | | - Virtual IP address | | + | | - NAT gateway | | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Release any virtual IP addresses configured in the subnet and then delete the subnet. | The subnet has virtual IP addresses configured. | Release the virtual IP addresses from the subnet and then delete the subnet. | + | | | | + | | | :ref:`Releasing a Virtual IP Address ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Release any private IP addresses configured in the subnet and then delete the subnet. | The subnet has virtual IP addresses that are not used by any instance. | On the **IP Addresses** tab, view and release these private IP addresses and then delete the subnet. | + | | | | + | | | #. :ref:`Viewing IP Addresses in a Subnet ` | + | | | #. In the private IP address list, locate the IP address that is not being used and click **Release** in the **Operation** column. | + | | | | + | | | .. important:: | + | | | | + | | | NOTICE: | + | | | If you want to release an in-use private IP address, you need to delete the resource that uses the IP address first. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the resource (ECS or load balancer) that is using the subnet and then delete the subnet. | The subnet is being used by an ECS or a load balancer. | Delete the ECS or load balancer and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the load balancer that is using the subnet and then delete the subnet. | The subnet is being used by a load balancer. | Delete the load balancer and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the NAT gateway that is using the subnet and then delete the subnet. | The subnet is being used by a NAT gateway. | Delete the NAT gateway and then delete the subnet. | + | | | | + | | | :ref:`Viewing and Deleting Resources in a Subnet ` | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Delete the resource that is using the subnet and then delete the subnet. | The subnet is being used by cloud resources. | On the **IP Addresses** tab, view the usage of the IP address, find the resource that is using the IP address, delete the resource, and delete the subnet. | + | | | | + | | | #. :ref:`Viewing IP Addresses in a Subnet ` | + | | | #. Locate resource based on the usage of the IP address. | + | | | #. Delete the resource and then delete the subnet. | + +-------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Deleting VPCs +------------- + +Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You can refer to :ref:`Table 2 ` to delete VPCs. + +.. _vpc_faq_0075__table95312065138: + +.. table:: **Table 2** Deleting VPCs + + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause | Solution | + +===========================================================================================================================+=========================================================================================================================+===============================================================================================================+ + | You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | + | | | | + | | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | + | | | | + | | | The route table list is displayed. | + | | | | + | | | #. :ref:`Deleting a Route ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | + | | | | + | | - Subnet | - :ref:`Table 1 ` | + | | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection ` | + | | - Custom route table | - :ref:`Deleting a Route Table ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | + | | | | + | | .. important:: | :ref:`Deleting a Security Group ` | + | | | | + | | NOTICE: | | + | | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | + | | | | + | | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index c6e203f..0256770 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -19,67 +19,65 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | | - | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Advanced Settings | Click the drop-down arrow to set advanced VPC parameters, including tags. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Description | Supplementary information about the VPC. This parameter is optional. | ``-`` | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ .. _en-us_topic_0017816228__en-us_topic_0013935842_table248245914136: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst index 758de95..cd828ea 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst @@ -29,67 +29,65 @@ Procedure .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | | - | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Advanced Settings | Click the drop-down arrow to set advanced VPC parameters, including tags. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Description | Supplementary information about the VPC. This parameter is optional. | ``-`` | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ .. _vpc_qs_0009__en-us_topic_0013935842_table248245914136: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst index 2715830..f636c1b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -109,4 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst index ba9c217..09fd885 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst @@ -44,39 +44,39 @@ Assigning an EIP .. table:: **Table 1** Parameter descriptions - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=========================+ - | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | - | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | - | | | | - | | The selected EIP type cannot be changed after the EIP is assigned. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Billed By | Two options are available: | Dedicated | - | | | | - | | - **Dedicated**: The bandwidth can be used by only one EIP. | | - | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth | The bandwidth size in Mbit/s. | 100 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | EIP Name | The EIP name. | eip-test | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Enterprise Project | The enterprise project that the EIP belongs to. | default | - | | | | - | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | - | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Bandwidth Name | The name of the bandwidth. | bandwidth | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | - | | | - Value: 192.168.12.10 | - | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ - | Quantity | The number of EIPs you want to assign. | 1 | - +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. The region selected for the EIP is its geographical location. | eu-de | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Type | - **Dynamic BGP**: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. | Dynamic BGP | + | | - **Mail BGP**: EIPs with port 25, 465, or 587 enabled are used for email services. | | + | | | | + | | The selected EIP type cannot be changed after the EIP is assigned. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Billed By | Two options are available: | Dedicated | + | | | | + | | - **Dedicated**: The bandwidth can be used by only one EIP. | | + | | - **Shared**: The bandwidth can be shared by multiple EIPs. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth | The bandwidth size in Mbit/s. | 100 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | EIP Name | The EIP name. | eip-test | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Enterprise Project | The enterprise project that the EIP belongs to. | default | + | | | | + | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | + | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Bandwidth Name | The name of the bandwidth. | bandwidth | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Tag | The EIP tags. Each tag contains a key and value pair. | - Key: Ipv4_key1 | + | | | - Value: 3005eip | + | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Quantity | The number of EIPs you want to assign. | 1 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. _vpc_qs_0011__en-us_topic_0013748738_table36606052153313: @@ -95,7 +95,7 @@ Assigning an EIP | | - Digits | | | | - Special characters, including hyphens (-) and underscores (_) | | +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | 192.168.12.10 | + | Value | - Can contain a maximum of 43 characters. | 3005eip | | | - Can contain only the following character types: | | | | | | | | - Uppercase letters | | diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst index 8aa425d..c9d6c67 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst @@ -10,7 +10,7 @@ Scenarios You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. -Each ECS must be associated with at least one security group. If you have no security groups when buying an ECS, the ECS will use the :ref:`default security group ` (**default**). +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. @@ -70,4 +70,4 @@ Procedure #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001470237928.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index f745df0..a27fa52 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -42,28 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -77,28 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001469919564.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst index 416aaec..159554b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst @@ -29,67 +29,65 @@ Procedure .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | | - | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Advanced Settings | Click the drop-down arrow to set advanced VPC parameters, including tags. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Description | Supplementary information about the VPC. This parameter is optional. | ``-`` | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ .. _vpc_qs_0005__en-us_topic_0013935842_table248245914136: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst index a225ca8..3350c1b 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -109,4 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst index 7910783..06740e7 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst @@ -10,7 +10,7 @@ Scenarios You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. -Each ECS must be associated with at least one security group. If you have no security groups when buying an ECS, the ECS will use the :ref:`default security group ` (**default**). +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. @@ -70,4 +70,4 @@ Procedure #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001470237928.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 2248b4b..63f0ed4 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -42,28 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -77,28 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001469919564.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/getting_started/typical_application_scenarios.rst b/umn/source/getting_started/typical_application_scenarios.rst index 5527cf5..c56e2e0 100644 --- a/umn/source/getting_started/typical_application_scenarios.rst +++ b/umn/source/getting_started/typical_application_scenarios.rst @@ -9,3 +9,5 @@ A VPC provides an isolated virtual network for ECSs. You can configure and manag - If any of your ECSs, for example, ECSs that function as the database of server nodes for website deployment, do not need to access the Internet or need to access the Internet specific IP addresses on the default network with limited bandwidth, you can configure a VPC for the ECSs by following the instructions described in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access `. - If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. Then, you can configure a VPC for these ECSs by following the instructions provided in :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. +- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. For details, see :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. +- When you need to access the IPv6 services on the Internet or provide services accessible from users using an IPv6 client, you need to enable the IPv6 function. After the IPv6 function is enabled, you can provide services for users using an IPv4 or IPv6 client. diff --git a/umn/source/index.rst b/umn/source/index.rst index 7650e37..7dd8710 100644 --- a/umn/source/index.rst +++ b/umn/source/index.rst @@ -11,12 +11,13 @@ Virtual Private Cloud - User Guide security/index elastic_ip/index shared_bandwidth/index - route_table/index + route_tables/index vpc_peering_connection/index vpc_flow_log/index direct_connect virtual_ip_address/index monitoring/index + permissions_management/index faqs/index change_history glossary diff --git a/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst new file mode 100644 index 0000000..7b16bb6 --- /dev/null +++ b/umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst @@ -0,0 +1,50 @@ +:original_name: permission_0003.html + +.. _permission_0003: + +Creating a User and Granting VPC Permissions +============================================ + +This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: + +- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing VPC resources. +- Grant only the permissions required for users to perform a specific task. +- Entrust a cloud account or cloud service to perform efficient O&M on your VPC resources. + +If your cloud account does not require individual IAM users, skip this section. + +This section describes the procedure for granting permissions (see :ref:`Figure 1 `). + +Prerequisites +------------- + +Learn about the permissions (:ref:`Permissions `) supported by VPC and choose policies or roles according to your requirements. + +For permissions of other services, see . + +Process Flow +------------ + +.. _permission_0003__fig1447123814172: + +.. figure:: /_static/images/en-us_image_0171311823.png + :alt: **Figure 1** Process for granting VPC permissions + + **Figure 1** Process for granting VPC permissions + +#. .. _permission_0003__li8447183891715: + + `Create a user group and assign permissions to it `__. + + Create a user group on the IAM console, and assign the **VPC ReadOnlyAccess** policy to the group. + +#. `Create an IAM user and add it to the user group `__. + + Create a user on the IAM console and add the user to the group created in :ref:`1 `. + +#. `Log in `__ and verify permissions. + + Log in to the VPC console by using the user created in 2, and verify that the user only has read permissions for VPC. + + - Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPC ReadOnlyAccess** policy has already taken effect. + - Choose any other service in **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPC ReadOnlyAccess** policy has already taken effect. diff --git a/umn/source/permissions_management/index.rst b/umn/source/permissions_management/index.rst new file mode 100644 index 0000000..52f067a --- /dev/null +++ b/umn/source/permissions_management/index.rst @@ -0,0 +1,16 @@ +:original_name: permission_0001.html + +.. _permission_0001: + +Permissions Management +====================== + +- :ref:`Creating a User and Granting VPC Permissions ` +- :ref:`VPC Custom Policies ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_user_and_granting_vpc_permissions + vpc_custom_policies diff --git a/umn/source/permissions_management/vpc_custom_policies.rst b/umn/source/permissions_management/vpc_custom_policies.rst new file mode 100644 index 0000000..5d0a6a8 --- /dev/null +++ b/umn/source/permissions_management/vpc_custom_policies.rst @@ -0,0 +1,82 @@ +:original_name: permission_0004.html + +.. _permission_0004: + +VPC Custom Policies +=================== + +Custom policies can be created to supplement the system-defined policies of VPC. For the actions supported for custom policies, see `Permissions Policies and Supported Actions `__. + +You can create custom policies in either of the following ways: + +- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax. +- JSON: Edit JSON policies from scratch or based on an existing policy. + +For operation details, see `Creating a Custom Policy `__. The following section contains examples of common VPC custom policies. + +Example Custom Policies +----------------------- + +- Example 1: Allowing users to create and view VPCs + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + " + vpc:vpcs:create + vpc:svpcs:list + " + ] + } + ] + } + +- Example 2: Denying VPC deletion + + A deny policy must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both Allow and Deny actions, the Deny actions take precedence over the Allow actions. + + The following method can be used if you need to assign permissions of the **VPC FullAccess** policy to a user but also forbid the user from deleting VPCs. Create a custom policy for denying VPC deletion, and assign both policies to the group the user belongs to. Then the user can perform all operations on VPC except deleting VPCs. The following is an example deny policy: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Deny", + "Action": [ + "vpc:vpcs:delete" + ] + } + ] + } + +- Example 3: Defining permissions for multiple services in a policy + + A custom policy can contain the actions of multiple services that are of the global or project-level type. The following is an example policy containing actions of multiple services: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Action": [ + "vpc:vpcs:create", + "vpc:vpcs:update" + ], + "Effect": "Allow" + }, + { + "Action": [ + "ecs:servers:delete" + ], + "Effect": "Allow" + } + ] + } diff --git a/umn/source/route_table/adding_a_custom_route.rst b/umn/source/route_table/adding_a_custom_route.rst deleted file mode 100644 index e7d0773..0000000 --- a/umn/source/route_table/adding_a_custom_route.rst +++ /dev/null @@ -1,60 +0,0 @@ -:original_name: vpc_route_0006.html - -.. _vpc_route_0006: - -Adding a Custom Route -===================== - -Scenarios ---------- - -Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can add custom routes as required to forward the traffic destined for the destination to the specified next hop. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. - -#. In the route table list, click the name of the route table to which you want to add a route. - -#. Click **Add Route** and set parameters as prompted. - - You can click **+** to add more routes. - - - .. figure:: /_static/images/en-us_image_0173155793.png - :alt: **Figure 1** Add Route - - **Figure 1** Add Route - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+===================================================================================================================================================================+=======================+ - | Destination | The destination CIDR block. | 192.168.0.0/16 | - | | | | - | | The destination of each route must be unique. The destination cannot overlap with any subnet CIDR block in the VPC. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop Type | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | ECS | - | | | | - | | .. note:: | | - | | | | - | | When you add a custom route to or modify a custom route in a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | ecs-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/associating_a_subnet_with_a_route_table.rst b/umn/source/route_table/associating_a_subnet_with_a_route_table.rst deleted file mode 100644 index 73119a3..0000000 --- a/umn/source/route_table/associating_a_subnet_with_a_route_table.rst +++ /dev/null @@ -1,41 +0,0 @@ -:original_name: vpc_route_0007.html - -.. _vpc_route_0007: - -Associating a Subnet with a Route Table -======================================= - -Scenarios ---------- - -After a route table is associated with a subnet, the routes in the route table control the routing for the subnet and apply to all cloud resources in the subnet. Determine the impact on services before performing this operation. - -Notes and Constraints ---------------------- - -A subnet can only be associated with one route table. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. - -#. In the route table list, locate the row that contains the target route table and click **Associate Subnet** in the **Operation** column. - -#. Select the subnet to be associated. - - - .. figure:: /_static/images/en-us_image_0173155870.png - :alt: **Figure 1** Associate Subnet - - **Figure 1** Associate Subnet - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_table/changing_the_route_table_associated_with_a_subnet.rst deleted file mode 100644 index 596ac87..0000000 --- a/umn/source/route_table/changing_the_route_table_associated_with_a_subnet.rst +++ /dev/null @@ -1,32 +0,0 @@ -:original_name: vpc_route_0008.html - -.. _vpc_route_0008: - -Changing the Route Table Associated with a Subnet -================================================= - -Scenarios ---------- - -You can change the route table associated with the subnet to another one in the VPC. If the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. Determine the impact on services before performing this operation. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. - -#. In the route table list, click the name of the target route table. - -#. On the **Associated Subnets** tab page, click **Change Route Table** in the **Operation** column and select a new route table as prompted. - -#. Click **OK**. - - After the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/configuring_an_snat_ecs.rst b/umn/source/route_table/configuring_an_snat_ecs.rst deleted file mode 100644 index c9b3617..0000000 --- a/umn/source/route_table/configuring_an_snat_ecs.rst +++ /dev/null @@ -1,139 +0,0 @@ -:original_name: route_0004.html - -.. _route_0004: - -Configuring an SNAT ECS -======================= - -Scenarios ---------- - -Together with VPC route tables, you can configure SNAT on an ECS to enable other ECSs that have no EIPs bound in the same VPC to access the Internet through this ECS. - -The configured SNAT takes effect for all subnets in a VPC. - -Prerequisites -------------- - -- You have an ECS where SNAT is to be configured. -- The ECS where SNAT is to be configured runs Linux. -- The ECS where SNAT is to be configured has only one network interface card (NIC). - -Procedure ---------- - -#. Log in to the management console. - -2. Click |image1| in the upper left corner and select the desired region and project. - -3. In the upper left corner of the page, click |image2|. In the service list, choose **Computing** > **Elastic Cloud Server**. - -4. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. - -5. On the ECS details page, click the **NICs** tab. - -6. Click the NIC IP address. In the displayed area showing the NIC details, disable the source/destination check. - - By default, the source/destination check is enabled to check whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This prevents packet spoofing and improves system security. For an SNAT ECS that needs to forward packets, enabling the source/destination check prevents the packet sender from receiving returned packets. To stop this, you need to disable the source/destination check for SNAT ECSs. - -7. Bind an EIP. - - - Bind an EIP to the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. - - Bind an EIP to the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. - -8. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. - -9. Switch to user **root** and enter the password when prompted: - - **su - root** - -10. Confirm that the ECS can connect to the Internet. - - .. note:: - - Before running the following command, disable the response iptables rule on the ECS where SNAT is configured and configure security group rules. - - **ping www.google.com** - - The ECS can access the Internet if the following information is displayed: - - .. code-block:: console - - [root@localhost ~]# ping www.google.com - PING www.a.shifen.com (xxx.xxx.xxx.xxx) 56(84) bytes of data. - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms - 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms - -11. Check whether IP forwarding of the Linux OS is enabled: - - **cat /proc/sys/net/ipv4/ip_forward** - - In command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. - - - If IP forwarding is enabled, go to step :ref:`14 `. - - If IP forwarding is disabled, perform step :ref:`12 ` to enable it. - - Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these, you need to enable the IP forwarding function and configure SNAT rules. - -12. .. _route_0004__li3948189019612: - - Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. - -13. Apply the changes: - - **sysctl -p /etc/sysctl.conf** - -14. .. _route_0004__li2168883919851: - - Configure SNAT. - - Grant all ECSs on the network (for example, 192.168.1.0/24) access to the Internet using SNAT. Example command: - - **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** - - - .. figure:: /_static/images/en-us_image_0118498992.png - :alt: **Figure 1** Configuring SNAT - - **Figure 1** Configuring SNAT - - .. note:: - - - To ensure that the configured rules will not be lost after a restart, write the rules into the **/etc/rc.local** file. - - a. Switch to the **/etc/rc.local** file: - - **vi /etc/rc.local** - - b. Perform :ref:`14 ` to configure SNAT. - - c. Save the configuration and exit: - - **:wq** - - d. Add the execute permission for the **rc.local** file: - - **# chmod +x /etc/rc.local** - - - To ensure that the configuration changes are applied, run the **iptables -L** command to check that the configured rules do not conflict with each other. - -15. Check whether the configuration is successful. If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the configuration is successful. - - **iptables -t nat --list** - - .. _route_0004__fig8358771201535: - - .. figure:: /_static/images/en-us_image_0118499109.png - :alt: **Figure 2** Verifying configuration - - **Figure 2** Verifying configuration - -16. Add a route. For details, see section :ref:`Adding a Custom Route `. - - Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. - -After these operations are complete, if the network communication still fails, check your security group and firewall rules deny required traffic. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001524337893.png diff --git a/umn/source/route_table/deleting_a_route.rst b/umn/source/route_table/deleting_a_route.rst deleted file mode 100644 index 5e13de9..0000000 --- a/umn/source/route_table/deleting_a_route.rst +++ /dev/null @@ -1,30 +0,0 @@ -:original_name: vpc_route_0012.html - -.. _vpc_route_0012: - -Deleting a Route -================ - -Scenarios ---------- - -This section describes how to delete a custom route from a route table. - -Notes and Constraints ---------------------- - -- The system route cannot be deleted. -- The routes delivered by the VPN, Direct Connect services to the default route table cannot be deleted. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the route table list, click the name of the target route table. -#. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. -#. Click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/deleting_a_route_table.rst b/umn/source/route_table/deleting_a_route_table.rst deleted file mode 100644 index b1ce6a3..0000000 --- a/umn/source/route_table/deleting_a_route_table.rst +++ /dev/null @@ -1,28 +0,0 @@ -:original_name: vpc_route_0010.html - -.. _vpc_route_0010: - -Deleting a Route Table -====================== - -Scenarios ---------- - -You can delete custom route tables but cannot delete the default route table. - -Prerequisites -------------- - -Before deleting a route table, ensure that no subnet has been associated with the custom route table. If there is an associated subnet, associate the subnet with another route table by clicking **Change Route Table** and then delete the custom route table. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the route table list, locate the row that contains the route table to be deleted and click **Delete** in the **Operation** column. -#. Click **Yes**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/index.rst b/umn/source/route_table/index.rst deleted file mode 100644 index 7768769..0000000 --- a/umn/source/route_table/index.rst +++ /dev/null @@ -1,36 +0,0 @@ -:original_name: vpc_route_0000.html - -.. _vpc_route_0000: - -Route Table -=========== - -- :ref:`Route Table Overview ` -- :ref:`Configuring an SNAT ECS ` -- :ref:`Creating a Custom Route Table ` -- :ref:`Adding a Custom Route ` -- :ref:`Associating a Subnet with a Route Table ` -- :ref:`Changing the Route Table Associated with a Subnet ` -- :ref:`Viewing a Route Table ` -- :ref:`Deleting a Route Table ` -- :ref:`Modifying a Route ` -- :ref:`Deleting a Route ` -- :ref:`Replicating a Route ` -- :ref:`Exporting Route Table Information ` - -.. toctree:: - :maxdepth: 1 - :hidden: - - route_table_overview - configuring_an_snat_ecs - creating_a_custom_route_table - adding_a_custom_route - associating_a_subnet_with_a_route_table - changing_the_route_table_associated_with_a_subnet - viewing_a_route_table - deleting_a_route_table - modifying_a_route - deleting_a_route - replicating_a_route - exporting_route_table_information diff --git a/umn/source/route_table/modifying_a_route.rst b/umn/source/route_table/modifying_a_route.rst deleted file mode 100644 index 7caa096..0000000 --- a/umn/source/route_table/modifying_a_route.rst +++ /dev/null @@ -1,54 +0,0 @@ -:original_name: vpc_route_0011.html - -.. _vpc_route_0011: - -Modifying a Route -================= - -Scenarios ---------- - -Modify a route. - -Notes and Constraints ---------------------- - -- The system route cannot be modified. -- The routes delivered by the VPN, Direct Connect services to the default route table cannot be modified. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the route table list, click the name of the target route table. -#. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. -#. Modify the route information in the displayed dialog box. - - .. table:: **Table 1** Parameter descriptions - - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+===================================================================================================================================================================+=======================+ - | Destination | The destination CIDR block. | 192.168.0.0/16 | - | | | | - | | The destination of each route must be unique. The destination cannot overlap with any subnet CIDR block in the VPC. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop Type | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | ECS | - | | | | - | | .. note:: | | - | | | | - | | When you add a custom route to or modify a custom route in a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Next Hop | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | ecs-001 | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the route. This parameter is optional. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/replicating_a_route.rst b/umn/source/route_table/replicating_a_route.rst deleted file mode 100644 index 9d70efd..0000000 --- a/umn/source/route_table/replicating_a_route.rst +++ /dev/null @@ -1,39 +0,0 @@ -:original_name: vpc_route_0013.html - -.. _vpc_route_0013: - -Replicating a Route -=================== - -Scenarios ---------- - -You can replicate a created route as required. - -Notes and Constraints ---------------------- - -- The routes delivered by the VPN service to the default route table cannot be replicated. -- The routes delivered to the default route table by the Direct Connect service that is enabled by call or email cannot be replicated. -- Black hole routes cannot be replicated. - -Procedure ---------- - -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. - -#. In the route table list, locate the row that contains the target route table and click **Replicate Route** in the **Operation** column. - -#. Select the target route table and then the route to be replicated as prompted. - - The routes listed on the page are those that do not exist in the target route table. You can select one or more routes to replicate to the target route table. - -#. Click **OK**. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_table/viewing_a_route_table.rst b/umn/source/route_table/viewing_a_route_table.rst deleted file mode 100644 index a5df519..0000000 --- a/umn/source/route_table/viewing_a_route_table.rst +++ /dev/null @@ -1,22 +0,0 @@ -:original_name: vpc_route_0009.html - -.. _vpc_route_0009: - -Viewing a Route Table -===================== - -Scenarios ---------- - -You can view the basic information, routes, and associated subnets of a route table. - -Procedure ---------- - -#. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the route table list, click the name of the target route table. - -.. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/route_tables/adding_a_custom_route.rst b/umn/source/route_tables/adding_a_custom_route.rst new file mode 100644 index 0000000..291bf51 --- /dev/null +++ b/umn/source/route_tables/adding_a_custom_route.rst @@ -0,0 +1,72 @@ +:original_name: vpc_route01_0006.html + +.. _vpc_route01_0006: + +Adding a Custom Route +===================== + +Scenarios +--------- + +Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can also add custom routes as required to forward the traffic destined for the destination to the specified next hop. + +Notes and Constraints +--------------------- + +A maximum of 200 routes can be added to each route table. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. In the route table list, click the name of the route table to which you want to add a route. + +6. Click **Add Route** and set parameters as prompted. + + You can click **+** to add more routes. + + + .. figure:: /_static/images/en-us_image_0000001540725521.png + :alt: **Figure 1** Add Route + + **Figure 1** Add Route + + .. table:: **Table 1** Parameter descriptions + + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Parameter | Description | Example Value | + +=======================+======================================================================================================================================================================+========================+ + | Destination | Mandatory | IPv4: 192.168.0.0/16 | + | | | | + | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | + | | | | + | | The destination of each route in a route table must be unique. The destination cannot overlap with any subnet in the VPC. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Mandatory | VPC peering connection | + | | | | + | | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | | + | | | | + | | .. note:: | | + | | | | + | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop | Mandatory | peer-AB | + | | | | + | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Description | Optional | ``-`` | + | | | | + | | Enter the description of the route in the text box as required. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst b/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst new file mode 100644 index 0000000..c661936 --- /dev/null +++ b/umn/source/route_tables/associating_a_route_table_with_a_subnet.rst @@ -0,0 +1,42 @@ +:original_name: vpc_route01_0007.html + +.. _vpc_route01_0007: + +Associating a Route Table with a Subnet +======================================= + +Scenarios +--------- + +After a route table is associated with a subnet, its routes control the routing for the subnet and apply to all cloud resources in the subnet. + +Notes and Constraints +--------------------- + +A subnet can only be associated with one route table. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. In the route table list, locate the row that contains the target route table and click **Associate Subnet** in the **Operation** column. + +6. Select the subnet to be associated. + + + .. figure:: /_static/images/en-us_image_0000001540846821.png + :alt: **Figure 1** Associate Subnet + + **Figure 1** Associate Subnet + +7. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst new file mode 100644 index 0000000..f45845b --- /dev/null +++ b/umn/source/route_tables/changing_the_route_table_associated_with_a_subnet.rst @@ -0,0 +1,33 @@ +:original_name: vpc_route01_0008.html + +.. _vpc_route01_0008: + +Changing the Route Table Associated with a Subnet +================================================= + +Scenarios +--------- + +You can change the route table for a subnet. If the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Click the name of the target route table. + +6. On the **Associated Subnets** tab page, click **Change Route Table** in the **Operation** column and select a new route table as prompted. + +7. Click **OK**. + + After the route table for a subnet is changed, routes in the new route table will apply to all cloud resources in the subnet. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/configuring_an_snat_server.rst b/umn/source/route_tables/configuring_an_snat_server.rst new file mode 100644 index 0000000..704a8c8 --- /dev/null +++ b/umn/source/route_tables/configuring_an_snat_server.rst @@ -0,0 +1,137 @@ +:original_name: vpc_route_0004.html + +.. _vpc_route_0004: + +Configuring an SNAT Server +========================== + +Scenarios +--------- + +Together with VPC route tables, you can configure SNAT on an ECS to enable other ECSs that have no EIPs bound in the same VPC to access the Internet through this ECS. + +The configured SNAT takes effect for all subnets in a VPC. + +Prerequisites +------------- + +- You have an ECS where SNAT is to be configured. +- The ECS where SNAT is to be configured runs Linux. +- The ECS where SNAT is to be configured has only one network interface card (NIC). + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. In the upper left corner of the page, click |image2|. In the service list, choose **Computing** > **Elastic Cloud Server**. + +#. On the displayed page, locate the target ECS in the ECS list and click the ECS name to switch to the page showing ECS details. + +#. On the displayed ECS details page, click the **NICs** tab. + +#. In the displayed area showing the NIC IP address details, disable **Source/Destination Check**. + + By default, the source/destination check is enabled. When this check is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. If the SNAT function is used, the SNAT server needs to forward packets. This mechanism prevents the packet sender from receiving returned packets. Therefore, you need to disable the source/destination check for SNAT servers. + +#. Bind an EIP. + + - Bind an EIP to the private IP address of the ECS. For details, see :ref:`Assigning an EIP and Binding It to an ECS `. + - Bind an EIP to the virtual IP address of the ECS. For details, see :ref:`Binding a Virtual IP Address to an EIP or ECS `. + +#. On the ECS console, use the remote login function to log in to the ECS where you plan to configure SNAT. + +#. Run the following command and enter the password of user **root** to switch to user **root**: + + **su - root** + +#. Run the following command to check whether the ECS can successfully connect to the Internet: + + .. note:: + + Before running the command, you must disable the response iptables rule on the ECS where SNAT is configured and configure security group rules. + + **ping www.google.com** + + The ECS can access the Internet if the following information is displayed: + + .. code-block:: console + + [root@localhost ~]# ping www.google.com + PING www.XXX.com (xxx.xxx.xxx.xxx) 56(84) bytes of data. + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms + 64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms + +#. Run the following command to check whether IP forwarding of the Linux OS is enabled: + + **cat /proc/sys/net/ipv4/ip_forward** + + In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**. + + - If IP forwarding in Linux is enabled, go to step :ref:`14 `. + - If IP forwarding in Linux is disabled, go to :ref:`12 ` to enable IP forwarding in Linux. + + Many OSs support packet routing. Before forwarding packets, OSs change source IP addresses in the packets to OS IP addresses. Therefore, the forwarded packets contain the IP address of the public sender so that the response packets can be sent back along the same path to the initial packet sender. This method is called SNAT. The OSs need to keep track of the packets where IP addresses have been changed to ensure that the destination IP addresses in the packets can be rewritten and that packets can be forwarded to the initial packet sender. To achieve these purposes, you need to enable the IP forwarding function and configure SNAT rules. + +#. .. _vpc_route_0004__en-us_topic_0212076959_li3948189019612: + + Use the vi editor to open the **/etc/sysctl.conf** file, change the value of **net.ipv4.ip_forward** to **1**, and enter **:wq** to save the change and exit. + +#. Run the following command to make the change take effect: + + **sysctl -p /etc/sysctl.conf** + +#. .. _vpc_route_0004__en-us_topic_0212076959_li2168883919851: + + Configure the SNAT function. + + Run the following command to enable all ECSs on the network (for example, 192.168.1.0/24) to access the Internet using the SNAT function: + + **iptables -t nat -A POSTROUTING -o eth0 -s subnet -j SNAT --to nat-instance-ip** + + + .. figure:: /_static/images/en-us_image_0214585308.png + :alt: **Figure 1** Configuring SNAT + + **Figure 1** Configuring SNAT + + .. note:: + + To ensure that the rule will not be lost after the restart, write the rule into the **/etc/rc.local** file. + + a. Switch to the **/etc/sysctl.conf** file: + + **vi /etc/rc.local** + + b. Perform :ref:`14 ` to configure SNAT. + + c. Save the configuration and exit: + + **:wq** + + d. Add the execution permissions for the **rc.local** file: + + **# chmod +x /etc/rc.local** + +#. Check whether the configuration is successful. If information similar to :ref:`Figure 2 ` (for example, 192.168.1.0/24) is displayed, the configuration was successful. + + **iptables -t nat --list** + + .. _vpc_route_0004__en-us_topic_0212076959_fig8358771201535: + + .. figure:: /_static/images/en-us_image_0214585309.png + :alt: **Figure 2** Verifying configuration + + **Figure 2** Verifying configuration + +#. Add a route. For details, see section :ref:`Adding a Custom Route `. + + Set the destination to **0.0.0.0/0**, and the next hop to the private or virtual IP address of the ECS where SNAT is deployed. For example, the next hop is **192.168.1.4**. + +After these operations are complete, if the network communication still fails, check your security group and firewall configuration to see whether required traffic is allowed. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001490118666.png diff --git a/umn/source/route_table/creating_a_custom_route_table.rst b/umn/source/route_tables/creating_a_custom_route_table.rst similarity index 84% rename from umn/source/route_table/creating_a_custom_route_table.rst rename to umn/source/route_tables/creating_a_custom_route_table.rst index 43c9e22..2c6970b 100644 --- a/umn/source/route_table/creating_a_custom_route_table.rst +++ b/umn/source/route_tables/creating_a_custom_route_table.rst @@ -1,6 +1,6 @@ -:original_name: vpc_route_0005.html +:original_name: vpc_route01_0005.html -.. _vpc_route_0005: +.. _vpc_route01_0005: Creating a Custom Route Table ============================= @@ -8,23 +8,28 @@ Creating a Custom Route Table Scenarios --------- -You can create a custom route table if you do not want to use the default one. +If your default route table cannot meet your service requirements, you can create a custom route table by following the instructions provided in this section. + +Notes and Constraints +--------------------- + +- Each VPC can have a maximum of 10 route tables, including the default route table. Procedure --------- #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. +2. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. +5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0173155804.png + .. figure:: /_static/images/en-us_image_0214585306.png :alt: **Figure 1** Create Route Table **Figure 1** Create Route Table @@ -46,17 +51,18 @@ Procedure +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Route Settings | The route information. This parameter is optional. | ``-`` | | | | | - | | You can add a route when creating the route table or after the route table is created. For details, see :ref:`Adding a Custom Route `. | | + | | You can add a route when creating the route table or after the route table is created. For details, see :ref:`Adding a Custom Route `. | | | | | | | | You can click **+** to add more routes. | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. Click **OK**. +6. Click **OK**. A message is displayed. You can determine whether to associate the route table with subnets immediately as prompted. If you want to associate immediately, perform the following operations: - a. Click **Associate Subnet**. The **Associated Subnets** page is displayed. + a. Click **Associate Subnet**. The route table details page is displayed. b. Click **Associate Subnet** and select the target subnets to be associated. c. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/deleting_a_route.rst b/umn/source/route_tables/deleting_a_route.rst new file mode 100644 index 0000000..8bc625f --- /dev/null +++ b/umn/source/route_tables/deleting_a_route.rst @@ -0,0 +1,47 @@ +:original_name: vpc_route01_0012.html + +.. _vpc_route01_0012: + +Deleting a Route +================ + +Scenarios +--------- + +This section describes how to delete a custom route from a route table. + +Notes and Constraints +--------------------- + +- System routes cannot be deleted. + +- The routes automatically delivered by VPN or Direct Connect to the default route table cannot be deleted. The next hop types of such routes are: + + - VPN connection + - Direct Connect gateway + + The following figure shows a route with **VPN gateway** as **Next Hop Type**. If you want to delete such a route, click the next hop hyperlink to delete the corresponding resource. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Locate the target route table and click its name. + + The route table details page is displayed. + +6. In the route list, locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +7. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/deleting_a_route_table.rst b/umn/source/route_tables/deleting_a_route_table.rst new file mode 100644 index 0000000..be2d88e --- /dev/null +++ b/umn/source/route_tables/deleting_a_route_table.rst @@ -0,0 +1,40 @@ +:original_name: vpc_route01_0010.html + +.. _vpc_route01_0010: + +Deleting a Route Table +====================== + +Scenarios +--------- + +This section describes how to delete a custom route table. + +Notes and Constraints +--------------------- + +- The default route table cannot be deleted. + +- A custom route table cannot be deleted if it is associated with a subnet. + + You associate the subnet with another route table by referring to :ref:`Changing the Route Table Associated with a Subnet ` and then delete the route table. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +#. Locate the row that contains the route table you want to delete and click **Delete** in the **Operation** column. + + A confirmation dialog box is displayed. + +#. Click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_table/exporting_route_table_information.rst b/umn/source/route_tables/exporting_route_table_information.rst similarity index 57% rename from umn/source/route_table/exporting_route_table_information.rst rename to umn/source/route_tables/exporting_route_table_information.rst index d2e2ea5..e24001f 100644 --- a/umn/source/route_table/exporting_route_table_information.rst +++ b/umn/source/route_tables/exporting_route_table_information.rst @@ -1,6 +1,6 @@ -:original_name: vpc_route_0014.html +:original_name: vpc_route01_0014.html -.. _vpc_route_0014: +.. _vpc_route01_0014: Exporting Route Table Information ================================= @@ -15,15 +15,16 @@ Procedure #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. +2. Click |image1| in the upper left corner and select the desired region and project. -#. Under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. -#. On the displayed page, click |image2| in the upper right of the route table list. +5. On the displayed page, click |image3| in the upper right of the route table list. The system will automatically export information about all route tables under your account in the current region as an Excel file to a local directory. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0185346582.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0214585307.png diff --git a/umn/source/route_tables/index.rst b/umn/source/route_tables/index.rst new file mode 100644 index 0000000..9fdae4f --- /dev/null +++ b/umn/source/route_tables/index.rst @@ -0,0 +1,38 @@ +:original_name: vpc_route01_0000.html + +.. _vpc_route01_0000: + +Route Tables +============ + +- :ref:`Route Table Overview ` +- :ref:`Creating a Custom Route Table ` +- :ref:`Associating a Route Table with a Subnet ` +- :ref:`Changing the Route Table Associated with a Subnet ` +- :ref:`Viewing the Route Table Associated with a Subnet ` +- :ref:`Viewing Route Table Information ` +- :ref:`Exporting Route Table Information ` +- :ref:`Deleting a Route Table ` +- :ref:`Adding a Custom Route ` +- :ref:`Modifying a Route ` +- :ref:`Replicating a Route ` +- :ref:`Deleting a Route ` +- :ref:`Configuring an SNAT Server ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + route_table_overview + creating_a_custom_route_table + associating_a_route_table_with_a_subnet + changing_the_route_table_associated_with_a_subnet + viewing_the_route_table_associated_with_a_subnet + viewing_route_table_information + exporting_route_table_information + deleting_a_route_table + adding_a_custom_route + modifying_a_route + replicating_a_route + deleting_a_route + configuring_an_snat_server diff --git a/umn/source/route_tables/modifying_a_route.rst b/umn/source/route_tables/modifying_a_route.rst new file mode 100644 index 0000000..bb13ae6 --- /dev/null +++ b/umn/source/route_tables/modifying_a_route.rst @@ -0,0 +1,62 @@ +:original_name: vpc_route01_0011.html + +.. _vpc_route01_0011: + +Modifying a Route +================= + +Scenarios +--------- + +This section describes how to modify a custom route in a route table. + +Notes and Constraints +--------------------- + +- System routes cannot be modified. +- When you create a VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. +5. In the route table list, click the name of the target route table. +6. Locate the row that contains the route to be modified and click **Modify** in the **Operation** column. +7. Modify the route information in the displayed dialog box. + + .. table:: **Table 1** Parameter descriptions + + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Parameter | Description | Example Value | + +=======================+======================================================================================================================================================================+========================+ + | Destination | Mandatory | IPv4: 192.168.0.0/16 | + | | | | + | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | + | | | | + | | The destination of each route in a route table must be unique. The destination cannot overlap with any subnet in the VPC. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop Type | Mandatory | VPC peering connection | + | | | | + | | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 `. | | + | | | | + | | .. note:: | | + | | | | + | | When you add or modify a custom route in a default route table, the next hop type of the route cannot be set to **VPN connection** or **Direct Connect gateway**. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Next Hop | Mandatory | peer-AB | + | | | | + | | Set the next hop. The resources in the drop-down list box are displayed based on the selected next hop type. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + | Description | Optional | ``-`` | + | | | | + | | Enter the description of the route in the text box as required. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ + +8. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/replicating_a_route.rst b/umn/source/route_tables/replicating_a_route.rst new file mode 100644 index 0000000..4c1ede9 --- /dev/null +++ b/umn/source/route_tables/replicating_a_route.rst @@ -0,0 +1,70 @@ +:original_name: vpc_route01_0013.html + +.. _vpc_route01_0013: + +Replicating a Route +=================== + +Scenarios +--------- + +This section describes how to replicate routes among all route tables of a VPC. VPC route tables include the default and custom route tables. + +Notes and Constraints +--------------------- + +:ref:`Table 1 ` shows the types of routes that can be replicated. + +For example, if the next hop of a route is a server, this route can be replicated to the default or custom route table. If the next hop of a route is a Direct Connect gateway, the route cannot be replicated to the default route table, but can be replicated to a custom route table. + +.. _vpc_route01_0013__route_0001_table1727714140542: + +.. table:: **Table 1** Route replication description + + +------------------------+-----------------------------------+----------------------------------+ + | Next Hop Type | Replicated to Default Route Table | Replicated to Custom Route Table | + +========================+===================================+==================================+ + | Local | Not supported | Not supported | + +------------------------+-----------------------------------+----------------------------------+ + | Server | Supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | Extension NIC | Supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | VPN connection | Not supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | Direct Connect gateway | Not supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | NAT gateway | Supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | VPC peering connection | Supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + | Virtual IP address | Supported | Supported | + +------------------------+-----------------------------------+----------------------------------+ + +.. note:: + + - Black hole routes cannot be replicated. + - If the Direct Connect service is enabled in the self-service mode, the routes delivered to the default route table can be replicated to the custom route table. + - If the Direct Connect service is enabled by call or email, the routes delivered to the default route table cannot be replicated to the custom route table. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +#. In the route table list, locate the row that contains the target route table and click **Replicate Route** in the **Operation** column. + +#. Select the target route table and then the route to be replicated as prompted. + + The routes listed on the page are those that do not exist in the target route table. You can select one or more routes to replicate to the target route table. + +#. Click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_table/route_table_overview.rst b/umn/source/route_tables/route_table_overview.rst similarity index 77% rename from umn/source/route_table/route_table_overview.rst rename to umn/source/route_tables/route_table_overview.rst index 6178db4..5e1efba 100644 --- a/umn/source/route_table/route_table_overview.rst +++ b/umn/source/route_tables/route_table_overview.rst @@ -1,27 +1,22 @@ -:original_name: route_0001.html +:original_name: vpc_route01_0001.html -.. _route_0001: +.. _vpc_route01_0001: Route Table Overview ==================== -A custom route is route that you add to a VPC route table. - Route Table ----------- A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. - -.. figure:: /_static/images/en-us_image_0167573711.png - :alt: **Figure 1** Route table - - **Figure 1** Route table - Default Route Table and Custom Route Table ------------------------------------------ -When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. You can add, delete, and modify routes in the default route table, but you cannot delete the route table. When you create a VPN, Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you want to modify or delete the route, you can associate your subnet with a custom route table and replicate the route to the custom route table to modify or delete it. +When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. + +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. You can delete the custom route table if it is no longer required. @@ -29,8 +24,6 @@ If you do not want to use the default route table, you can now create a custom r The custom route table associated with a subnet affects only the outbound traffic. The default route table determines the inbound traffic. -For details about how to create a custom route table, see section :ref:`Creating a Custom Route Table `. - Route ----- @@ -49,9 +42,11 @@ A route is configured with the destination, next hop type, and next hop to deter - Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route. - You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. + You can add a custom route and configure the destination, next hop type, and next hop in the route to determine where network traffic is directed. :ref:`Table 1 ` lists the supported types of next hops. - .. _route_0001__table1727714140542: + You cannot add two routes with the same destination to a VPC route table even if their next hop types are different. The route priority depends on the destination. According to the longest match routing rule, the destination with a higher matching degree is preferentially selected for packet forwarding. + + .. _vpc_route01_0001__table1727714140542: .. table:: **Table 1** Next hop type @@ -90,31 +85,15 @@ A route is configured with the destination, next hop type, and next hop to deter Custom Route Table Configuration Process ---------------------------------------- -:ref:`Figure 2 ` shows the process of creating and configuring a custom route table. +:ref:`Figure 1 ` shows the process of creating and configuring a custom route table. -.. _route_0001__fig16862186152219: +.. _vpc_route01_0001__en-us_topic_0212076956_fig16862186152219: -.. figure:: /_static/images/en-us_image_0163203842.png - :alt: **Figure 2** Route table configuration process +.. figure:: /_static/images/en-us_image_0214585341.png + :alt: **Figure 1** Route table configuration process - **Figure 2** Route table configuration process + **Figure 1** Route table configuration process -#. For details about how to create a custom route table, see :ref:`Creating a Custom Route Table `. -#. For details about how to add a custom route, see :ref:`Adding a Custom Route `. -#. For details about how to associate a subnet with a route table, see :ref:`Associating a Subnet with a Route Table `. After the association, the routes in the route table control the routing for the subnet. - -Notes and Constraints ---------------------- - -- A maximum of 10 route tables, including the default one, can be created for each VPC. -- A maximum of 200 routes can be added to each route table. -- The default route table cannot be deleted. -- The system route cannot be modified or deleted. -- The routes delivered by the VPN service to the default route table cannot be modified, replicated, or deleted. -- The routes delivered by the Direct Connect service to the default route table cannot be modified or deleted. - - - If the Direct Connect service is enabled in the self-service mode, the routes delivered to the default route table can be replicated to the custom route table. - - If the Direct Connect service is enabled by call or email, the routes delivered to the default route table cannot be replicated to the custom route table. - -- Black hole routes cannot be replicated. -- When you add a custom route to a default route table, the next hop type cannot be set to VPN connection or Direct Connect gateway. +#. For details about how to create a custom route table, see :ref:`Creating a Custom Route Table `. +#. For details about how to add a custom route, see :ref:`Adding a Custom Route `. +#. For details about how to associate a subnet with a route table, see :ref:`Associating a Route Table with a Subnet `. After the association, the routes in the route table control the routing for the subnet. diff --git a/umn/source/route_tables/viewing_route_table_information.rst b/umn/source/route_tables/viewing_route_table_information.rst new file mode 100644 index 0000000..a44e820 --- /dev/null +++ b/umn/source/route_tables/viewing_route_table_information.rst @@ -0,0 +1,36 @@ +:original_name: vpc_route01_0009.html + +.. _vpc_route01_0009: + +Viewing Route Table Information +=============================== + +Scenarios +--------- + +This section describes how to view detailed information about a route table, including: + +- Basic information, such as name, type (default or custom), and ID of the route table +- Routes, such as destination, next hop, and route type (system or custom) +- Associated subnets + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Route Tables**. + +5. Click the name of the target route table. + + The route table details page is displayed. + + a. On the **Summary** tab page, view the basic information and routes of the route table. + b. On the **Associated Subnets** tab page, view the subnets associated with the route table. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst new file mode 100644 index 0000000..b8ceb6a --- /dev/null +++ b/umn/source/route_tables/viewing_the_route_table_associated_with_a_subnet.rst @@ -0,0 +1,37 @@ +:original_name: vpc_route01_0015.html + +.. _vpc_route01_0015: + +Viewing the Route Table Associated with a Subnet +================================================ + +Scenarios +--------- + +This section describes how to view the route table associated with a subnet. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +5. Locate the target subnet and click its name. + + The subnet details page is displayed. + +6. In the right of the subnet details page, view the route table associated with the subnet. + +7. Click the name of the route table. + + The route table details page is displayed. You can further view the route information. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/differences_between_security_groups_and_firewalls.rst b/umn/source/security/differences_between_security_groups_and_firewalls.rst index 7cd644d..27ea951 100644 --- a/umn/source/security/differences_between_security_groups_and_firewalls.rst +++ b/umn/source/security/differences_between_security_groups_and_firewalls.rst @@ -8,7 +8,7 @@ Differences Between Security Groups and Firewalls You can configure security groups and firewall to increase the security of ECSs in your VPC. - Security groups operate at the ECS level. -- Firewalls operate at the subnet level. +- firewalls protect associated subnets and all the resources in the subnets. For details, see :ref:`Figure 1 `. diff --git a/umn/source/security/firewall/adding_a_firewall_rule.rst b/umn/source/security/firewall/adding_a_firewall_rule.rst index 3089fd2..8b664b6 100644 --- a/umn/source/security/firewall/adding_a_firewall_rule.rst +++ b/umn/source/security/firewall/adding_a_firewall_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. @@ -49,13 +49,11 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -63,13 +61,11 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -83,3 +79,4 @@ Procedure 7. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/associating_subnets_with_a_firewall.rst b/umn/source/security/firewall/associating_subnets_with_a_firewall.rst index 38d6f78..80ed752 100644 --- a/umn/source/security/firewall/associating_subnets_with_a_firewall.rst +++ b/umn/source/security/firewall/associating_subnets_with_a_firewall.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Associated Subnets** tab. @@ -28,3 +28,4 @@ Procedure Subnets that have already been associated with firewalls will not be displayed on the page for you to select. One-click subnet association and disassociation are not currently supported. Furthermore, a subnet can only be associated with one firewall. If you want to reassociate a subnet that has already been associated with another firewall, you must first disassociate the subnet from the original firewall. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst b/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst index 92047c9..508e535 100644 --- a/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst +++ b/umn/source/security/firewall/changing_the_sequence_of_a_firewall_rule.rst @@ -19,7 +19,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. @@ -32,3 +32,4 @@ Procedure The rule is inserted. The procedure for inserting an outbound rule is the same as that for inserting an inbound rule. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/creating_a_firewall.rst b/umn/source/security/firewall/creating_a_firewall.rst index 55344cf..a2c1163 100644 --- a/umn/source/security/firewall/creating_a_firewall.rst +++ b/umn/source/security/firewall/creating_a_firewall.rst @@ -17,13 +17,13 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. In the right pane displayed, click **Create firewall**. -6. In the displayed dialog box, enter firewall information as prompted. :ref:`Table 1 ` lists the parameters to be configured. +6. On the **Create firewall** page, configure parameters as prompted. .. figure:: /_static/images/en-us_image_0129304042.png @@ -31,8 +31,6 @@ Procedure **Figure 1** Create Firewall - .. _en-us_topic_0051746698__table145313414319: - .. table:: **Table 1** Parameter descriptions +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ @@ -50,3 +48,4 @@ Procedure 7. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/deleting_a_firewall.rst b/umn/source/security/firewall/deleting_a_firewall.rst index f118b0b..b3d9b0a 100644 --- a/umn/source/security/firewall/deleting_a_firewall.rst +++ b/umn/source/security/firewall/deleting_a_firewall.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall in the right pane, click **More** in the **Operation** column, and click **Delete**. 6. Click **Yes**. @@ -26,3 +26,4 @@ Procedure After a firewall is deleted, associated subnets are disassociated and added rules are deleted from the firewall. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/deleting_a_firewall_rule.rst b/umn/source/security/firewall/deleting_a_firewall_rule.rst index cb67eea..901adf5 100644 --- a/umn/source/security/firewall/deleting_a_firewall_rule.rst +++ b/umn/source/security/firewall/deleting_a_firewall_rule.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the **Inbound Rules** or **Outbound Rules** tab, locate the row that contains the target rule and click **Delete** in the **Operation** column. @@ -27,3 +27,4 @@ Procedure You can also select multiple firewall rules and click **Delete** above the firewall rule list to delete multiple rules at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst b/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst index b92a28c..413094d 100644 --- a/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst +++ b/umn/source/security/firewall/disassociating_a_subnet_from_a_firewall.rst @@ -16,7 +16,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Associated Subnets** tab. @@ -28,3 +28,4 @@ Procedure Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the current firewall at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst b/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst index f450f95..bd56be3 100644 --- a/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst +++ b/umn/source/security/firewall/enabling_or_disabling_a_firewall.rst @@ -18,9 +18,10 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the row that contains the target firewall in the right pane, click **More** in the **Operation** column, and click **Enable** or **Disable**. 6. Click **Yes** in the displayed dialog box. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst b/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst index 65cb052..5d30583 100644 --- a/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst +++ b/umn/source/security/firewall/enabling_or_disabling_a_firewall_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. @@ -30,3 +30,4 @@ Procedure The rule is enabled or disabled. The procedure for enabling or disabling an outbound rule is the same as that for enabling or disabling an inbound rule. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/firewall_overview.rst b/umn/source/security/firewall/firewall_overview.rst index 4311df6..d12d29d 100644 --- a/umn/source/security/firewall/firewall_overview.rst +++ b/umn/source/security/firewall/firewall_overview.rst @@ -98,3 +98,11 @@ Configuration Procedure #. Create a firewall by following the steps described in :ref:`Creating a Firewall `. #. Add firewall rules by following the steps described in :ref:`Adding a Firewall Rule `. #. Associate subnets with the firewall by following the steps described in :ref:`Associating Subnets with a Firewall `. After subnets are associated with the firewall, the subnets will be protected by the configured firewall rules. + +Notes and Constraints +--------------------- + +- By default, you can create a maximum of 200 firewalls in your cloud account. +- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. +- For optimal performance, import no more than 40 firewall rules at a time. Existing rules will still be available after new rules are imported. Each rule can be imported only once. diff --git a/umn/source/security/firewall/modifying_a_firewall.rst b/umn/source/security/firewall/modifying_a_firewall.rst index 8bc1c7d..7ad07ea 100644 --- a/umn/source/security/firewall/modifying_a_firewall.rst +++ b/umn/source/security/firewall/modifying_a_firewall.rst @@ -16,14 +16,15 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. -6. On the displayed page, click |image2| on the right of **Name** and edit the firewall name. +6. On the displayed page, click |image3| on the right of **Name** and edit the firewall name. 7. Click Y to save the new firewall name. -8. Click |image3| on the right of Description and edit the firewall description. +8. Click |image4| on the right of Description and edit the firewall description. 9. Click Y to save the new firewall description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0142359884.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png .. |image3| image:: /_static/images/en-us_image_0142359884.png +.. |image4| image:: /_static/images/en-us_image_0142359884.png diff --git a/umn/source/security/firewall/modifying_a_firewall_rule.rst b/umn/source/security/firewall/modifying_a_firewall_rule.rst index 07cd79d..784d13a 100644 --- a/umn/source/security/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/security/firewall/modifying_a_firewall_rule.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. @@ -48,13 +48,11 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic from all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -62,13 +60,11 @@ Procedure +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | | | | | - | | The default value is **0.0.0.0/0**, which indicates that traffic to all IP addresses is allowed. | | + | | - IP address: | | | | | | - | | For example: | | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IP address) | | - | | - xxx.xxx.xxx.0/24 (IP address range) | | - | | - 0.0.0.0/0 (all IP addresses) | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -82,3 +78,4 @@ Procedure 7. Click **Confirm**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/firewall/viewing_a_firewall.rst b/umn/source/security/firewall/viewing_a_firewall.rst index 1fdc2c4..4595dd2 100644 --- a/umn/source/security/firewall/viewing_a_firewall.rst +++ b/umn/source/security/firewall/viewing_a_firewall.rst @@ -16,9 +16,10 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **firewalls**. 5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall. 6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/index.rst b/umn/source/security/index.rst index 3b3fdc2..43617e9 100644 --- a/umn/source/security/index.rst +++ b/umn/source/security/index.rst @@ -5,14 +5,14 @@ Security ======== +- :ref:`Differences Between Security Groups and Firewalls ` - :ref:`Security Group ` - :ref:`Firewall ` -- :ref:`Differences Between Security Groups and Firewalls ` .. toctree:: :maxdepth: 1 :hidden: + differences_between_security_groups_and_firewalls security_group/index firewall/index - differences_between_security_groups_and_firewalls diff --git a/umn/source/security/security_group/adding_a_security_group_rule.rst b/umn/source/security/security_group/adding_a_security_group_rule.rst index 722b261..4ab1dd9 100644 --- a/umn/source/security/security_group/adding_a_security_group_rule.rst +++ b/umn/source/security/security_group/adding_a_security_group_rule.rst @@ -42,28 +42,31 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==========================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule. @@ -77,28 +80,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================+=======================+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | IPv4 | IPv4 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | IPv4 | IPv4 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001469919564.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst b/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst index cf118e7..5516826 100644 --- a/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst +++ b/umn/source/security/security_group/adding_instances_to_and_removing_them_from_a_security_group.rst @@ -17,7 +17,7 @@ Adding Instances to a Security Group #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. #. On the **Servers** tab, click **Add** and add one or more servers to the current security group. @@ -28,8 +28,8 @@ Removing Instances from a Security Group ---------------------------------------- #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, click **Manage Instance** in the **Operation** column. #. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group. @@ -47,4 +47,6 @@ Follow-Up Operations You can delete the security groups that you no longer need. Deleting a security group will also delete all security group rules in the security group. For details, see :ref:`Deleting a Security Group `. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/creating_a_security_group.rst b/umn/source/security/security_group/creating_a_security_group.rst index 5c2c6e0..b415adf 100644 --- a/umn/source/security/security_group/creating_a_security_group.rst +++ b/umn/source/security/security_group/creating_a_security_group.rst @@ -10,7 +10,7 @@ Scenarios You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups. -Each ECS must be associated with at least one security group. If you have no security groups when buying an ECS, the ECS will use the :ref:`default security group ` (**default**). +Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group. You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console. @@ -70,4 +70,4 @@ Procedure #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001470237928.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst b/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst index 1d9f0a4..3d7394c 100644 --- a/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst +++ b/umn/source/security/security_group/default_security_groups_and_security_group_rules.rst @@ -16,6 +16,11 @@ The system creates a default security group for each account. By default, the de **Figure 1** Default security group +.. note:: + + - You cannot delete the default security group, but you can modify the rules for the default security group. + - If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs. + :ref:`Table 1 ` describes the default rules for the default security group. .. _securitygroup_0003__table493045171919: diff --git a/umn/source/security/security_group/deleting_a_security_group.rst b/umn/source/security/security_group/deleting_a_security_group.rst index 163ea2e..34f080c 100644 --- a/umn/source/security/security_group/deleting_a_security_group.rst +++ b/umn/source/security/security_group/deleting_a_security_group.rst @@ -32,9 +32,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -47,3 +45,4 @@ Procedure #. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/deleting_a_security_group_rule.rst b/umn/source/security/security_group/deleting_a_security_group_rule.rst index a0d75ec..c943cb5 100644 --- a/umn/source/security/security_group/deleting_a_security_group_rule.rst +++ b/umn/source/security/security_group/deleting_a_security_group_rule.rst @@ -10,9 +10,13 @@ Scenarios If the source of an inbound security group rule or destination of an outbound security group rule needs to be changed, you need to first delete the security group rule and add a new one. -.. note:: +Notes and Constraints +--------------------- - Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. +Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows: + +- If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. +- If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. Procedure --------- @@ -20,7 +24,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. 5. On the **Security Groups** page, click the security group name. 6. If you do not need a security group rule, locate the row that contains the target rule, and click **Delete**. @@ -31,3 +35,4 @@ Procedure You can also select multiple security group rules and click **Delete** above the security group rule list to delete multiple rules at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/fast-adding_security_group_rules.rst b/umn/source/security/security_group/fast-adding_security_group_rules.rst index 2d21bb8..a137e4e 100644 --- a/umn/source/security/security_group/fast-adding_security_group_rules.rst +++ b/umn/source/security/security_group/fast-adding_security_group_rules.rst @@ -17,7 +17,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -90,3 +90,4 @@ Procedure 8. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst index 85cf405..bc8fac3 100644 --- a/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/security/security_group/importing_and_exporting_security_group_rules.rst @@ -38,38 +38,36 @@ Procedure .. table:: **Table 1** Template parameters - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================+=======================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - Inbound rules control incoming traffic to cloud resources in the security group. | | - | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source of the security group rule. The value can be a single IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination of the security group rule. The value can be a single IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=============================================================================================================================================================================+=======================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - Inbound rules control incoming traffic to cloud resources in the security group. | | + | | - Outbound rules control outgoing traffic from cloud resources in the security group. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001525502489.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png .. |image3| image:: /_static/images/en-us_image_0142360062.png .. |image4| image:: /_static/images/en-us_image_0142360094.png diff --git a/umn/source/security/security_group/modifying_a_security_group.rst b/umn/source/security/security_group/modifying_a_security_group.rst index db7531a..143b226 100644 --- a/umn/source/security/security_group/modifying_a_security_group.rst +++ b/umn/source/security/security_group/modifying_a_security_group.rst @@ -17,7 +17,7 @@ Procedure #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, locate the target security group and choose **More** > **Modify** in the **Operation** column. #. Modify the name and description of the security group as required. @@ -26,16 +26,18 @@ Procedure **Method 2** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, click the security group name. -#. On the displayed page, click |image3| on the right of **Name** and edit the security group name. +#. On the displayed page, click |image5| on the right of **Name** and edit the security group name. #. Click **Y** to save the security group name. -#. Click |image4| on the right of **Description** and edit the security group description. +#. Click |image6| on the right of **Description** and edit the security group description. #. Click **Y** to save the security group description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0239476777.png -.. |image4| image:: /_static/images/en-us_image_0239476777.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png +.. |image5| image:: /_static/images/en-us_image_0239476777.png +.. |image6| image:: /_static/images/en-us_image_0239476777.png diff --git a/umn/source/security/security_group/modifying_a_security_group_rule.rst b/umn/source/security/security_group/modifying_a_security_group_rule.rst index c578b01..7ecafef 100644 --- a/umn/source/security/security_group/modifying_a_security_group_rule.rst +++ b/umn/source/security/security_group/modifying_a_security_group_rule.rst @@ -15,10 +15,11 @@ Procedure #. Log in to the management console. #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. #. On the **Security Groups** page, click the security group name. #. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column. #. Modify the rule and click **Confirm**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/replicating_a_security_group_rule.rst b/umn/source/security/security_group/replicating_a_security_group_rule.rst index e6c3b7b..7dcc70d 100644 --- a/umn/source/security/security_group/replicating_a_security_group_rule.rst +++ b/umn/source/security/security_group/replicating_a_security_group_rule.rst @@ -17,7 +17,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Access Control** > **Security Groups**. @@ -30,3 +30,4 @@ Procedure #. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/security_group_overview.rst b/umn/source/security/security_group/security_group_overview.rst index 470d932..49d8a14 100644 --- a/umn/source/security/security_group/security_group_overview.rst +++ b/umn/source/security/security_group/security_group_overview.rst @@ -10,14 +10,33 @@ Security Group A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -The system creates a default security group for each account. By default, the default security group rules: +Like whitelists, security group rules work as follows: -- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. -- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. +- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. -Instances in the same security group can communicate with each other without adding additional rules. + Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied. -If the default security group does not meet your requirements, you can :ref:`modify security group rules ` or :ref:`create a custom security group `. +- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. + + IPv4 default route: 0.0.0.0/0 + + IPv6 default route: ::/0 + +:ref:`Table 1 ` shows the inbound and outbound rules in security group sg-AB. + +.. _en-us_topic_0073379079__table102261597217: + +.. table:: **Table 1** Rules in security group sg-AB + + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Direction | Action | Protocol & Port | Source or Destination | Description | + +===========+========+=================+========================+===========================================================================================================================================+ + | Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + +The system automatically creates a default security group for each account. If the default security group does not meet your requirements, you can :ref:`modify security group rules ` or :ref:`create a custom security group `. Security Group Basics --------------------- diff --git a/umn/source/service_overview/basic_concepts/route_table.rst b/umn/source/service_overview/basic_concepts/route_table.rst index 69f7931..37810de 100644 --- a/umn/source/service_overview/basic_concepts/route_table.rst +++ b/umn/source/service_overview/basic_concepts/route_table.rst @@ -5,8 +5,8 @@ Route Table =========== -Route Table (New Console Edition) ---------------------------------- +Route Tables +------------ A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. You can associate a subnet with only one route table at a time, but you can associate multiple subnets with the same route table. @@ -22,9 +22,13 @@ Default Route Table and Custom Route Table When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet automatically associates with the default route table. - You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. -- When you create a VPN, or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. +- When you create a VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. -If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required. +If you do not want to use the default route table, you can now create a custom route table and associate it with the subnet. You can delete the custom route table if it is no longer required. + +.. note:: + + The custom route table associated with a subnet affects only the outbound traffic. The default route table determines the inbound traffic. Route ----- @@ -36,7 +40,7 @@ A route is configured with the destination, next hop type, and next hop to deter After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other. - Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20. - - Routes whose destination are the IPv4 and IPv6 CIDR blocks of subnets in the VPC. + - Routes whose destination is a subnet CIDR block. .. note:: diff --git a/umn/source/service_overview/basic_concepts/security_group.rst b/umn/source/service_overview/basic_concepts/security_group.rst index d2e6bd8..657250c 100644 --- a/umn/source/service_overview/basic_concepts/security_group.rst +++ b/umn/source/service_overview/basic_concepts/security_group.rst @@ -7,7 +7,28 @@ Security Group A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. -The system creates a default security group for each account. By default, the default security group rules: +Like whitelists, security group rules work as follows: -- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups. -- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group. +- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. + + Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied. + +- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. + + IPv4 default route: 0.0.0.0/0 + + IPv6 default route: ::/0 + +:ref:`Table 1 ` shows the inbound and outbound rules in security group sg-AB. + +.. _vpc_concepts_0005__en-us_topic_0073379079_table102261597217: + +.. table:: **Table 1** Rules in security group sg-AB + + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Direction | Action | Protocol & Port | Source or Destination | Description | + +===========+========+=================+========================+===========================================================================================================================================+ + | Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ + | Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. | + +-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/basic_concepts/snat.rst b/umn/source/service_overview/basic_concepts/snat.rst index b7340a8..7c5a8a2 100644 --- a/umn/source/service_overview/basic_concepts/snat.rst +++ b/umn/source/service_overview/basic_concepts/snat.rst @@ -9,4 +9,4 @@ In addition to services provided by the system, some ECSs need to access the Int On a public cloud, an EIP can be assigned to an ECS that serves as the SNAT router or gateway for other ECSs from the same subnet or VPC. -For details about how to configure SNAT, see :ref:`Configuring an SNAT ECS `. +For details about how to configure SNAT, see :ref:`Configuring an SNAT Server `. diff --git a/umn/source/service_overview/index.rst b/umn/source/service_overview/index.rst index bbc3f01..a09d654 100644 --- a/umn/source/service_overview/index.rst +++ b/umn/source/service_overview/index.rst @@ -6,10 +6,12 @@ Service Overview ================ - :ref:`What Is Virtual Private Cloud? ` +- :ref:`Product Advantages ` - :ref:`Application Scenarios ` - :ref:`VPC Connectivity ` +- :ref:`Notes and Constraints ` - :ref:`VPC and Other Services ` -- :ref:`User Permissions ` +- :ref:`Permissions ` - :ref:`Basic Concepts ` - :ref:`Document Usage Instructions ` @@ -18,9 +20,11 @@ Service Overview :hidden: what_is_virtual_private_cloud + product_advantages application_scenarios vpc_connectivity + notes_and_constraints vpc_and_other_services - user_permissions + permissions basic_concepts/index document_usage_instructions diff --git a/umn/source/service_overview/notes_and_constraints.rst b/umn/source/service_overview/notes_and_constraints.rst new file mode 100644 index 0000000..a3706fd --- /dev/null +++ b/umn/source/service_overview/notes_and_constraints.rst @@ -0,0 +1,77 @@ +:original_name: overview_0003.html + +.. _overview_0003: + +Notes and Constraints +===================== + +Security Group +-------------- + +- By default, you can create a maximum of 100 security groups in your cloud account. +- By default, you can add up to 50 security group rules to a security group. +- By default, you can add an ECS or extension NIC to up to five security groups. In such a case, the rules of all the selected security groups are aggregated to take effect. +- When creating a private network load balancer, you need to select a desired security group. Do not delete the default security group rules or ensure that the following requirements are met: + + - Outbound rules: only allow data packets to the selected security group or only data packets from the peer load balancer. + - Inbound rules: only allow data packets from the selected security group or only data packets from the peer load balancer. + +Firewall +-------- + +- By default, you can create a maximum of 200 firewalls in your cloud account. +- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- A firewall can contain no more than 20 rules in one direction, or performance will deteriorate. +- For optimal performance, import no more than 40 firewall rules at a time. Existing rules will still be available after new rules are imported. Each rule can be imported only once. + +Route Table +----------- + +- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table. +- When you create a VPN or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified. + +VPC Peering Connection +---------------------- + +- A VPC peering connection can only connect VPCs in the same region. +- If the local and peer VPCs have overlapping CIDR blocks, the VPC peering connection may not take effect. +- A VPC cannot use EIPs of its peered VPC for Internet access. For example, if VPC A is peered with VPC B that has EIPs, VPC A cannot use EIPs in VPC B to access the Internet. + +VPC Flow Log +------------ + +- Currently, only C3, M3, and S2 ECSs support VPC flow logs. +- By default, you can create a maximum of 10 VPC flow logs. +- By default, a maximum of 400,000 flow log records are supported. + +Virtual IP Address +------------------ + +- Virtual IP addresses are not recommended when multiple NICs in the same subnet are configured on an ECS. It is too easy for there to be route conflicts on the ECS, which would cause communication failure using the virtual IP address. + +- It is recommended that no more than eight virtual IP addresses be bound to an ECS. +- A virtual IP address can be bound to up to 10 ECSs. + + .. note:: + + If you bind a virtual IP address to an ECS, the virtual IP address is also associated with the security groups of the ECS. A virtual IP address can be associated with up to 10 security groups. + +EIP +--- + +- Each EIP can only be bound to one cloud resource. +- An EIP that has already been bound to a cloud resource cannot be bound to another resource without first being unbound from the current resource. +- You can only release EIPs that are not bound to any resources. +- The system preferentially assigns EIPs to you from the ones you released, if any. However, if any of these EIPs is already assigned to another user, it cannot be re-assigned to you. +- EIPs cannot be transferred across accounts. + +Bandwidth +--------- + +- A dedicated bandwidth can control how much data can be transferred using a single EIP. +- A shared bandwidth cannot control how much data can be transferred using a single EIP. Data transfer rate on EIPs cannot be customized. +- A shared bandwidth or dedicated bandwidth can only be used by resources owned by the same account. + +.. note:: + + - Inbound bandwidth is the bandwidth consumed when data is transferred from the Internet to the cloud. Outbound bandwidth is the bandwidth consumed when data is transferred from the cloud to the Internet. diff --git a/umn/source/service_overview/permissions.rst b/umn/source/service_overview/permissions.rst new file mode 100644 index 0000000..5eeced6 --- /dev/null +++ b/umn/source/service_overview/permissions.rst @@ -0,0 +1,131 @@ +:original_name: overview_permission.html + +.. _overview_permission: + +Permissions +=========== + +If you need to assign different permissions to employees in your enterprise to access your VPC resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you securely manage access to your cloud resources. + +With IAM, you can use your cloud account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use VPC resources but should not be allowed to delete the resources or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using VPC resources. + +If your cloud account does not need individual IAM users for permissions management, you may skip over this section. + +IAM can be used free of charge. You pay only for the resources in your account. For more information, see `IAM Service Overview `__. + +VPC Permissions +--------------- + +By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups that they are added to and can perform specified operations on cloud services based on the permissions. + +VPC is a project-level service deployed and accessed in specific physical regions. To assign VPC permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If **All projects** is selected, the permissions will take effect for the user group in all region-specific projects. When accessing VPC, the users need to switch to a region where they have been authorized to use VPC. + +You can grant users permissions by using roles and policies. + +- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control. +- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant IAM users only the permissions for managing a certain type of VPC resources. Most policies define permissions based on APIs. For the API actions supported by VPC, see `Permissions Policies and Supported Actions `__. + +:ref:`Table 1 ` lists all the system-defined roles and policies supported by VPC. + +.. _overview_permission__table43611845113413: + +.. table:: **Table 1** System-defined roles and policies supported by VPC + + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ + | Policy Name | Description | Policy Type | Dependencies | + +====================+=========================================================================================================================+=======================+==========================================================================+ + | VPC FullAccess | All operations on VPC. | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ + | VPC ReadOnlyAccess | Read-only permissions on VPC. | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ + | VPC Administrator | Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules. | System-defined role | Dependent on the **Tenant Guest** and **Server Administrator** policies. | + | | | | | + | | To be granted this permission, users must also have the **Tenant Guest** and **Server Administrator** permission. | | | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ + +:ref:`Table 2 ` lists the common operations supported by each system-defined policy or role of VPC. Select the policies or roles as required. + +.. _overview_permission__table73311721105916: + +.. table:: **Table 2** Common operations supported by each system-defined policy or role of VPC + + +------------------------------------+--------------------+-------------------+----------------+ + | Operation | VPC ReadOnlyAccess | VPC Administrator | VPC FullAccess | + +====================================+====================+===================+================+ + | Creating a VPC | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing VPC information | Y | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a subnet | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing subnet information | Y | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a subnet | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a subnet | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a security group | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing security group information | Y | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Adding a security group rule | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing a security group rule | Y | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group rule | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group rule | x | x | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a firewall | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing a firewall | Y | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Adding a firewall rule | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall rule | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall rule | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC peering connection | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC peering connection | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC peering connection | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a route table | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route table | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Adding a route | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Modifying a route | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC flow log | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Viewing a VPC flow log | Y | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Enabling or disabling VPC flow log | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC flow log | x | Y | Y | + +------------------------------------+--------------------+-------------------+----------------+ + +Helpful Links +------------- + +- `What Is IAM? `__ +- :ref:`Creating a User and Granting VPC Permissions ` +- `Permissions Policies and Supported Actions `__ diff --git a/umn/source/service_overview/product_advantages.rst b/umn/source/service_overview/product_advantages.rst new file mode 100644 index 0000000..9cd020d --- /dev/null +++ b/umn/source/service_overview/product_advantages.rst @@ -0,0 +1,58 @@ +:original_name: overview_0004.html + +.. _overview_0004: + +Product Advantages +================== + +Flexible Configuration +---------------------- + +You can create VPCs, add subnets, specify IP address ranges, and configure DHCP and route tables. You can configure the same VPC for ECSs that are in different availability zones (AZs). + +Secure and Reliable +------------------- + +VPCs are logically isolated through tunneling technologies. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect ECSs. They add additional layers of security to your VPCs, so your network is secure. + + +.. figure:: /_static/images/en-us_image_0209577986.png + :alt: **Figure 1** Secure and Reliable + + **Figure 1** Secure and Reliable + +Seamless Interconnectivity +-------------------------- + +By default, instances in a VPC cannot access the Internet. You can use EIPs, load balancers, NAT gateways, VPN connections, and Direct Connect connections to enable access to or from the Internet. + +By default, instances in different VPCs cannot communicate with each other. You can create a VPC peering connection to enable the instances in the two VPCs in the same region to communicate with each other using private IP addresses. + +Multiple connectivity options are available to meet diverse service requirements for the cloud, enabling you to deploy enterprise applications with ease and lower enterprise IT operation and maintenance (O&M) costs. + +High-Speed Access +----------------- + +Dynamic BGP is used to provide access to various carrier networks. You can establish over 20 dynamic BGP connections to different carriers. Dynamic BGP connections enable real-time failovers based on preset routing protocols, ensuring high network stability, low network latency, and smooth access to services on the cloud. + +Advantage Comparison +-------------------- + +:ref:`Table 1 ` lists the advantages of a VPC over a traditional IDC. + +.. _overview_0004__table1617718259238: + +.. table:: **Table 1** Comparison between a VPC and a traditional IDC + + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Item | VPC | Traditional IDC | + +=======================+=================================================================================================================================================================================================================+===============================================================================================================================================================================================================================================+ + | Deployment cycle | - You do not need to perform complex engineering deployment, including engineering planning and cabling. | You need to set up networks and perform tests. The entire process takes a long time and requires professional technical support. | + | | - You can determine your networks, subnets, and routes on based on service requirements. | | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Total cost | provides flexible billing modes for network services. You can select whichever one best fits your business needs. There are no upfront costs and network O&M costs, reducing the total cost of ownership (TCO). | You need to invest heavily in equipment rooms, power supply, construction, and hardware materials. You also need professional O&M teams to ensure network security. Asset management costs increase with any change in business requirements. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Flexibility | provides a variety of network services for you to choose from. If you need more network resources (for instance, if you need more bandwidth), you can expand resources on the fly. | You have to strictly comply with the network plan to complete the service deployment. If there are changes in your service requirements, it is difficult to dynamically adjust the network. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Security | VPCs are logically isolated from each other. You can use security features such as network ACLs and security groups, and even security services like Advanced Anti-DDoS (AAD) to protect your cloud resources. | The network is insecure and difficult to maintain. You need professional technical personnel to ensure network security. | + +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/user_permissions.rst b/umn/source/service_overview/user_permissions.rst deleted file mode 100644 index 6cb8791..0000000 --- a/umn/source/service_overview/user_permissions.rst +++ /dev/null @@ -1,10 +0,0 @@ -:original_name: vpc_permissions_0001.html - -.. _vpc_permissions_0001: - -User Permissions -================ - -The cloud system provides two types of user permissions by default: user management and resource management. User management refers to the management of users, user groups, and user group rights. Resource management refers to the control operations that can be performed by users on cloud service resources. - -For further details, see `Permissions `__. diff --git a/umn/source/service_overview/what_is_virtual_private_cloud.rst b/umn/source/service_overview/what_is_virtual_private_cloud.rst index 67f7c97..b8a313c 100644 --- a/umn/source/service_overview/what_is_virtual_private_cloud.rst +++ b/umn/source/service_overview/what_is_virtual_private_cloud.rst @@ -18,29 +18,6 @@ Within your own VPC, you can create security groups and VPNs, configure IP addre **Figure 1** VPC components -Advantages ----------- - -- Flexible configuration - - You can create VPCs, add subnets, specify IP address ranges, and configure route tables. You can configure the same VPC for ECSs that are in different availability zones (AZs). - -- Secure and reliable - - Each VPC is completely logically isolated from other VPCs using the tunneling technology. By default, different VPCs cannot communicate with each other. You can use firewalls to protect subnets and use security groups to protect instances, such as cloud servers, containers, and databases. They add additional layers of security to your VPCs, making your network secure. - -- Interconnectivity - - By default, instances in a VPC cannot access the Internet. You can leverage EIPs, load balancers, NAT gateways, VPN connections, and Direct Connect connections to enable access to or from the Internet. - - By default, instances in two VPCs cannot communicate with each other. You can create a VPC peering connection to enable the instances in the two VPCs in the same region to communicate with each other using private IP addresses. - - Multiple connectivity options are provided to meet diverse service requirements for the cloud, enabling you to deploy enterprise applications with ease and lower enterprise IT operation and maintenance (O&M) costs. - -- High-speed access - - Dynamic Border Gateway Protocol (BGP) is used to provide access to various carrier networks. For example, up to 21 dynamic BGP connections are established to multiple carriers. The dynamic BGP connections enable real-time failover based on preset routing protocols, ensuring high network stability, low network latency, and smooth access to services on the cloud. - Accessing the VPC Service ------------------------- diff --git a/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst index 62870fd..d2eae01 100644 --- a/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/deleting_a_shared_bandwidth.rst @@ -21,6 +21,7 @@ Procedure #. Log in to the management console. 2. Click |image1| in the upper left corner and select the desired region and project. + 3. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. 4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**. 5. In the shared bandwidth list, locate the row that contains the shared bandwidth you want to delete, click **More** in the **Operation** column, and then click **Delete**. diff --git a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst index 250f623..b2dde32 100644 --- a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -14,28 +14,20 @@ Procedure --------- #. Log in to the management console. - #. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. - #. In the subnet list, click the name of the subnet where a virtual IP address is to be assigned. - #. Click the **IP Addresses** tab and click **Assign Virtual IP Address**. - #. Select a virtual IP address assignment mode. - **Automatic**: The system assigns an IP address automatically. - **Manual**: You can specify an IP address. #. Select **Manual** and enter a virtual IP address. - #. Click **OK**. You can then query the assigned virtual IP address in the IP address list. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001554010645.png diff --git a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst index 32dd190..2edbaf5 100644 --- a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -14,17 +14,10 @@ Procedure --------- #. Log in to the management console. - #. Click |image1| in the upper left corner and select the desired region and project. - -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. - #. In the subnet list, click the name of the subnet that the virtual IP address belongs to. - #. Click the **IP Addresses** tab. - To bind a virtual IP address to an EIP, locate the row that contains the virtual IP address and click **Bind to EIP** in the **Operation** column. @@ -53,7 +46,7 @@ Procedure Information similar to the following is displayed: - |image2| + |image3| The command output in this example is described as follows: @@ -87,7 +80,7 @@ Procedure Information similar to the following is displayed: - |image3| + |image4| d. Run the following command to check whether the virtual IP address has been bound: @@ -95,7 +88,7 @@ Procedure Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. - |image4| + |image5| **Windows OS** (Windows Server is used as an example here.) @@ -136,6 +129,7 @@ Procedure In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001281210233.png -.. |image3| image:: /_static/images/en-us_image_0000001237328110.png -.. |image4| image:: /_static/images/en-us_image_0000001237013856.png +.. |image2| image:: /_static/images/en-us_image_0000001553930581.png +.. |image3| image:: /_static/images/en-us_image_0000001281210233.png +.. |image4| image:: /_static/images/en-us_image_0000001237328110.png +.. |image5| image:: /_static/images/en-us_image_0000001237013856.png diff --git a/umn/source/virtual_ip_address/index.rst b/umn/source/virtual_ip_address/index.rst index f075cf5..fb460b4 100644 --- a/umn/source/virtual_ip_address/index.rst +++ b/umn/source/virtual_ip_address/index.rst @@ -13,6 +13,8 @@ Virtual IP Address - :ref:`Using a Direct Connect Connection to Access the Virtual IP Address ` - :ref:`Using a VPC Peering Connection to Access the Virtual IP Address ` - :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) ` +- :ref:`Unbinding a Virtual IP Address from an Instance ` +- :ref:`Unbinding a Virtual IP Address from an EIP ` - :ref:`Releasing a Virtual IP Address ` .. toctree:: @@ -27,4 +29,6 @@ Virtual IP Address using_a_direct_connect_connection_to_access_the_virtual_ip_address using_a_vpc_peering_connection_to_access_the_virtual_ip_address disabling_source_and_destination_check_ha_load_balancing_cluster_scenario + unbinding_a_virtual_ip_address_from_an_instance + unbinding_a_virtual_ip_address_from_an_eip releasing_a_virtual_ip_address diff --git a/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst index 952aa60..3a6b52b 100644 --- a/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst @@ -13,11 +13,24 @@ If you no longer need a virtual IP address or a reserved virtual IP address, you Notes and Constraints --------------------- -Before deleting a virtual IP address, ensure that the virtual IP address has been unbound from the following resources: +If you want to release a virtual IP address that is being used by a resource, refer to :ref:`Table 1 `. -- ECS -- EIP -- CCE cluster +.. _vpc_vip_0009__table85161971410: + +.. table:: **Table 1** Releasing a virtual IP address that is being used by a resource + + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Prompts | Cause Analysis and Solution | + +===================================================================================================================================+=====================================================================================================================================+ + | This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being by an EIP or an ECS. Unbind the virtual IP address first. | + | | | + | | - EIP: :ref:`Unbinding a Virtual IP Address from an EIP ` | + | | - ECS: :ref:`Unbinding a Virtual IP Address from an Instance ` | + | | | + | | Release the virtual IP address. | + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | This operation cannot be performed because the IP address is being used by a system component. | The virtual IP address is being used by an RDS DB instance. Delete the DB instance, which will also release its virtual IP address. | + +-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ Procedure --------- @@ -26,9 +39,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. @@ -41,3 +52,4 @@ Procedure #. Confirm the information and click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001553650753.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst new file mode 100644 index 0000000..5478db5 --- /dev/null +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_eip.rst @@ -0,0 +1,41 @@ +:original_name: vpc_vip_0011.html + +.. _vpc_vip_0011: + +Unbinding a Virtual IP Address from an EIP +========================================== + +Scenarios +--------- + +This section describes how to unbind a virtual IP address from an EIP. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Click the name of the subnet that the virtual IP address belongs to. + + The **Summary** page is displayed. + +#. Click the **IP Addresses** tab. + + The virtual IP address list is displayed. + +#. Locate the row that contains the virtual IP address, click **More** in the **Operation** column, and select **Unbind from EIP**. + + A confirmation dialog box is displayed. + +#. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503170970.png diff --git a/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst new file mode 100644 index 0000000..dd550d6 --- /dev/null +++ b/umn/source/virtual_ip_address/unbinding_a_virtual_ip_address_from_an_instance.rst @@ -0,0 +1,55 @@ +:original_name: vpc_vip_0010.html + +.. _vpc_vip_0010: + +Unbinding a Virtual IP Address from an Instance +=============================================== + +Scenarios +--------- + +This section describes how to unbind a virtual IP address from an ECS. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Click the name of the subnet that the virtual IP address belongs to. + + The **Summary** page is displayed. + +#. Click the **IP Addresses** tab. + + The virtual IP address list is displayed. + + + .. figure:: /_static/images/en-us_image_0000001570070841.png + :alt: **Figure 1** Virtual IP addresses + + **Figure 1** Virtual IP addresses + +#. Locate the row that contains the virtual IP address, click **More** in the **Operation** column, and select **Unbind from Server**. + + The **Bound Server** dialog box is displayed. + +#. Unbind the virtual IP address from the instance. + + a. Select the type of the instance bound to the virtual IP address. + + b. Locate the row that contains the instance and click **Unbind** in the **Operation** column. + + A confirmation dialog box is displayed. + + c. Confirm the information and click **Yes**. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503170974.png diff --git a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst index f3a1a9b..bef9943 100644 --- a/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst +++ b/umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst @@ -50,8 +50,6 @@ Procedure +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Advanced Settings | Two options are available, **Default** and **Custom**. You can set **Advanced Settings** to **Custom** to configure advanced subnet parameters. | ``-`` | - +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Gateway | The gateway address of the subnet. | 192.168.0.1 | +------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | @@ -109,4 +107,4 @@ When a subnet is created, there are five reserved IP addresses, which cannot be If you configured the default settings under **Advanced Settings** during subnet creation, the reserved IP addresses may be different from the default ones, but there will still be five of them. The specific addresses depend on your subnet settings. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst index 6a83c9a..4e7e0c7 100644 --- a/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst +++ b/umn/source/vpc_and_subnet/subnet/deleting_a_subnet.rst @@ -13,23 +13,9 @@ This section describes how to delete a subnet. Notes and Constraints --------------------- -If you want to delete a subnet with resources deployed, you must delete those resources first. +If you want to delete a subnet that has custom routes, virtual IP addresses, or other resources, you need to delete these resources as prompted on the console first and then delete the subnet. -You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete. - -The resources may include: - -- ECS -- BMS -- CCE cluster -- RDS instance -- MRS cluster -- DCS instance -- Load balancer -- VPN -- Private IP address -- Custom route -- NAT gateway +You can refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` Procedure --------- @@ -38,10 +24,6 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - #. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. @@ -54,5 +36,9 @@ Procedure #. Click **Yes**. + .. important:: + + If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` + .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst index 93e6a2d..4b99717 100644 --- a/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst +++ b/umn/source/vpc_and_subnet/subnet/exporting_subnet_list.rst @@ -28,5 +28,5 @@ Procedure The system will automatically export information about all subnets under your account in the current region as an Excel file to a local directory. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png .. |image3| image:: /_static/images/en-us_image_0000001221842468.png diff --git a/umn/source/vpc_and_subnet/subnet/index.rst b/umn/source/vpc_and_subnet/subnet/index.rst index faefb6b..19d0de8 100644 --- a/umn/source/vpc_and_subnet/subnet/index.rst +++ b/umn/source/vpc_and_subnet/subnet/index.rst @@ -9,6 +9,8 @@ Subnet - :ref:`Modifying a Subnet ` - :ref:`Managing Subnet Tags ` - :ref:`Exporting Subnet List ` +- :ref:`Viewing and Deleting Resources in a Subnet ` +- :ref:`Viewing IP Addresses in a Subnet ` - :ref:`Deleting a Subnet ` .. toctree:: @@ -19,4 +21,6 @@ Subnet modifying_a_subnet managing_subnet_tags exporting_subnet_list + viewing_and_deleting_resources_in_a_subnet + viewing_ip_addresses_in_a_subnet deleting_a_subnet diff --git a/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst index 66869de..519f58f 100644 --- a/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst +++ b/umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst @@ -51,6 +51,8 @@ Procedure #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + The **Subnets** page is displayed. + #. In the upper right corner of the subnet list, click **Search by Tag**. #. Enter the tag key of the subnet to be queried. @@ -68,10 +70,17 @@ Procedure **Add, delete, edit, and view tags on the Tags tab of a subnet.** #. Log in to the management console. + #. Click |image3| in the upper left corner and select the desired region and project. + #. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + #. In the subnet list, locate the target subnet and click its name. + #. On the subnet details page, click the **Tags** tab and perform desired operations on tags. - View tags. @@ -91,6 +100,6 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png .. |image3| image:: /_static/images/en-us_image_0141273034.png -.. |image4| image:: /_static/images/en-us_image_0000001503448449.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst index a0793ff..5b64a38 100644 --- a/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst +++ b/umn/source/vpc_and_subnet/subnet/modifying_a_subnet.rst @@ -14,40 +14,47 @@ Procedure --------- #. Log in to the management console. -#. Click |image1| in the upper left corner and select the desired region and project. -#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. -#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. -#. In the subnet list, locate the target subnet and click its name. -#. On the subnet details page, modify required parameters. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. Locate the row that contains the target VPC and click the number in the **Subnets** column. + + The **Subnets** page is displayed. + +5. In the subnet list, locate the target subnet and click its name. + + The subnet details page is displayed. + +6. On the **Summary** tab, click |image3| on the right of the parameter to be modified and modify the parameter as prompted. .. table:: **Table 1** Parameter descriptions - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=============================================================================================================================================================================================================================================+=======================+ - | Name | The subnet name. | Subnet | - | | | | - | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | - | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | - | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - | | | | - | | .. note:: | | - | | | | - | | - If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately. | | - | | - If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately. | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Name | The subnet name. | Subnet | + | | | | + | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of two DNS server addresses are supported. Use commas (,) to separate every two addresses. | 100.125.x.x | + | | | | + | | A maximum of five DNS server addresses are supported. Use commas (,) to separate every two addresses. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | + | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, you do not add an NTP server IP address. | | + | | | | + | | A maximum of four unique NTP server IP addresses can be configured. Multiple IP addresses must be separated by a comma (,). If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately. If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately. | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the subnet. This parameter is optional. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ -#. Click **OK**. +7. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0000001503448449.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001337710801.png diff --git a/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst new file mode 100644 index 0000000..6aa0cce --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst @@ -0,0 +1,85 @@ +:original_name: vpc_vpc_0011.html + +.. _vpc_vpc_0011: + +Viewing and Deleting Resources in a Subnet +========================================== + +Scenarios +--------- + +VPC subnets have private IP addresses used by cloud resources. This section describes how to view resources that are using private IP addresses of subnets. If these resources are no longer required, you can delete them. + +You can view resources, including ECSs, BMSs, load balancers, and NAT gateways. + +.. important:: + + After you delete all resources in a subnet by referring to this section, the message "Delete the resource that is using the subnet and then delete the subnet." is displayed when you delete the subnet, you can refer to :ref:`Viewing IP Addresses in a Subnet `. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Locate the target subnet and click its name. + + The subnet details page is displayed. + +#. On the **Summary** page, view the resources in the subnet. + + a. In the **Resources** area, view the ECSs, BMSs, network interfaces, and load balancers in the subnet. + b. In the **Networking Components** area, view the NAT gateways in the subnet. + +#. Delete resources from the subnet. + + .. table:: **Table 1** Viewing and deleting resources in a subnet + + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Resource | Reference | + +===================================+==================================================================================================================================================+ + | ECS | Currently, you cannot directly switch to ECSs from the subnet details page. You need to search for the target ECS in the ECS list and delete it. | + | | | + | | a. In the ECS list, click the ECS name. | + | | | + | | The ECS details page is displayed. | + | | | + | | b. In the **NICs** area, view the name of the subnet associated with the ECS. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | BMS | Currently, you cannot directly switch to BMSs from the subnet details page. You need to search for the target BMS in the BMS list and delete it. | + | | | + | | a. In the BMS list, click the BMS name. | + | | | + | | The BMS details page is displayed. | + | | | + | | b. In the **NICs** tab, view the subnet associated with the BMS. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | Load balancer | You can directly switch to load balancers from the subnet details page. | + | | | + | | a. Click the load balancer quantity in the **Resources** area. | + | | | + | | The load balancer list is displayed. | + | | | + | | b. Locate the row that contains the load balancer and click **Delete** in the **Operation** column. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + | NAT gateway | You can directly switch to NAT gateways from the subnet details page. | + | | | + | | a. Click the NAT gateway name in the **Networking Components** area. | + | | | + | | The NAT gateway details page is displayed. | + | | | + | | b. Click |image3| to return to the NAT gateway list. | + | | | + | | c. Locate the row that contains the NAT gateway and click **Delete** in the **Operation** column. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001461263993.png diff --git a/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst b/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst new file mode 100644 index 0000000..562b384 --- /dev/null +++ b/umn/source/vpc_and_subnet/subnet/viewing_ip_addresses_in_a_subnet.rst @@ -0,0 +1,53 @@ +:original_name: vpc_vpc_0012.html + +.. _vpc_vpc_0012: + +Viewing IP Addresses in a Subnet +================================ + +Scenarios +--------- + +A subnet is an IP address range in a VPC. This section describes how to view the used IP addresses in a subnet. + +- Virtual IP addresses +- Private IP addresses + + - Used by the subnet itself, such as the gateway, system interface, and DHCP. + - Used by cloud resources, such as ECSs, load balancers, and RDS instances. + +Notes and Constraints +--------------------- + +- A subnet cannot be deleted if its IP addresses are used by cloud resources. +- A subnet can be deleted if its IP addresses are used by itself. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. + + The **Subnets** page is displayed. + +#. Locate the target subnet and click its name. + + The subnet details page is displayed. + +#. Click the **IP Addresses** tab to view the IP addresses in the subnet. + + a. In the virtual IP address list, you can view the virtual IP addresses assigned from the subnet. + b. In the private IP address list in the lower part of the page, you can view the private IP addresses used by the subnet (gateway, system interface, and DHCP). + +Follow-up Operations +-------------------- + +If you want to view and delete the resources in a subnet, refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst index 255aefe..e013768 100644 --- a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst @@ -29,67 +29,65 @@ Procedure .. table:: **Table 1** VPC parameter descriptions - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +==================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - | | | | | - | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Advanced Settings | Click the drop-down arrow to set advanced VPC parameters, including tags. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Description | Supplementary information about the VPC. This parameter is optional. | ``-`` | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +----------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Category | Parameter | Description | Example Value | + +=====================================+========================+=========================================================================================================================================================================================================================================================================================================+=====================+ + | Basic Information | Region | Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you. | eu-de | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Name | The VPC name. | VPC-001 | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | + | | | | | + | | | The following CIDR blocks are supported: | | + | | | | | + | | | 10.0.0.0/8-24 | | + | | | | | + | | | 172.16.0.0/12-24 | | + | | | | | + | | | 192.168.0.0/16-24 | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | + | | | | | + | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | + | | | | | + | | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | + | | | | - Value: vpc-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | + | | | | | + | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Name | The subnet name. | Subnet | + | | | | | + | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | + | | | | | + | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | | + | | | | | + | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | + | | | | - Value: subnet-01 | + | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ + | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | + | | | | | + | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ .. _en-us_topic_0013935842__table248245914136: diff --git a/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst index 7d6bbd2..bdc315a 100644 --- a/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/deleting_a_vpc.rst @@ -13,17 +13,9 @@ This section describes how to delete a VPC. Notes and Constraints --------------------- -- If you want to delete a VPC with resources deployed, you must delete those resources first. +If you want to delete a VPC that has subnets, custom routes, or other resources, you need to delete these resources as prompted on the console first and then delete the VPC. - A VPC cannot be deleted if it contains subnets, Direct Connect connections, custom routes, VPC peering connections, or VPNs. To delete the VPC, you must first delete or disable the following resources. - - - Subnets. For details, see section :ref:`Deleting a Subnet `. - - VPNs. For details, see `Virtual Private Network User Guide `__. - - Direct Connect connections. For details, see `Direct Connect User Guide `__. - - Custom routes. For details, see section :ref:`Deleting a Route `. - - VPC peering connections. For details, see section :ref:`Deleting a VPC Peering Connection `. - -- If there are any EIPs or security groups, the last VPC cannot be deleted. +You can refer to :ref:`Why Can't I Delete My VPCs and Subnets? ` Procedure --------- @@ -32,9 +24,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be deleted and click **Delete** in the **Operation** column. @@ -42,4 +32,9 @@ Procedure #. Confirm the information and click **Yes**. + .. important:: + + If a VPC cannot be deleted, a message will be displayed on the console. Delete the resources that are in the VPC by referring to :ref:`Why Can't I Delete My VPCs and Subnets? ` + .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst index 2988b80..350fa18 100644 --- a/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst +++ b/umn/source/vpc_and_subnet/vpc/exporting_vpc_list.rst @@ -17,13 +17,12 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - The **Virtual Private Cloud** page is displayed. - -#. In the upper right corner of the VPC list, click |image2|. +#. In the upper right corner of the VPC list, click |image3|. The system will automatically export information about all VPCs under your account in the current region. They will be exported in Excel format. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0233469654.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0233469654.png diff --git a/umn/source/vpc_and_subnet/vpc/index.rst b/umn/source/vpc_and_subnet/vpc/index.rst index b619e89..d5491ac 100644 --- a/umn/source/vpc_and_subnet/vpc/index.rst +++ b/umn/source/vpc_and_subnet/vpc/index.rst @@ -11,6 +11,7 @@ VPC - :ref:`Managing VPC Tags ` - :ref:`Exporting VPC List ` - :ref:`Obtaining a VPC ID ` +- :ref:`Viewing a VPC Topology ` .. toctree:: :maxdepth: 1 @@ -22,3 +23,4 @@ VPC managing_vpc_tags exporting_vpc_list obtaining_a_vpc_id + viewing_a_vpc_topology diff --git a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst index eab208c..26ca67e 100644 --- a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst +++ b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst @@ -47,9 +47,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the upper right corner of the VPC list, click **Search by Tag**. @@ -69,11 +67,9 @@ Procedure #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. +#. Click |image3| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the VPC whose tags are to be managed and click the VPC name. @@ -98,4 +94,6 @@ Procedure Locate the row that contains the tag you want to delete, and click **Delete** in the **Operation** column. In the displayed dialog box, click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst index 6f82a73..ac5b612 100644 --- a/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/modifying_a_vpc.rst @@ -34,7 +34,7 @@ Procedure #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. On the **Virtual Private Cloud** page, locate the row that contains the VPC to be modified and click **Edit CIDR Block** in the **Operation** column. @@ -51,17 +51,19 @@ Procedure **Modifying a VPC** #. Log in to the management console. -#. Click |image2| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. +#. Click |image3| in the upper left corner and select the desired region and project. +#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. Modify the basic information about a VPC using either of the following methods: - - In the VPC list, click |image3| on the right of the VPC name to change the VPC name. + - In the VPC list, click |image5| on the right of the VPC name to change the VPC name. - In the VPC list, click the VPC name. - On the VPC details page, click |image4| next to the VPC name or description to change the VPC name or description. + On the VPC details page, click |image6| next to the VPC name or description to change the VPC name or description. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png -.. |image3| image:: /_static/images/en-us_image_0000001267230305.png -.. |image4| image:: /_static/images/en-us_image_0000001267350317.png +.. |image2| image:: /_static/images/en-us_image_0000001520717193.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001520717193.png +.. |image5| image:: /_static/images/en-us_image_0000001267230305.png +.. |image6| image:: /_static/images/en-us_image_0000001267350317.png diff --git a/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst index 448c355..c2f22e1 100644 --- a/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst +++ b/umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst @@ -19,9 +19,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. On the **Virtual Private Cloud** page, locate the VPC and click its name. @@ -29,7 +27,8 @@ Procedure 5. In the **VPC Information area**, view the VPC ID. - Click |image2| next to ID to copy the VPC ID. + Click |image3| next to ID to copy the VPC ID. .. |image1| image:: /_static/images/en-us_image_0000001515644737.png -.. |image2| image:: /_static/images/en-us_image_0000001465124712.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png +.. |image3| image:: /_static/images/en-us_image_0000001465124712.png diff --git a/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst new file mode 100644 index 0000000..5ab4043 --- /dev/null +++ b/umn/source/vpc_and_subnet/vpc/viewing_a_vpc_topology.rst @@ -0,0 +1,36 @@ +:original_name: vpc_vpc_0009.html + +.. _vpc_vpc_0009: + +Viewing a VPC Topology +====================== + +Scenarios +--------- + +This section describes how to view the topology of a VPC. The topology displays the subnets in a VPC and the ECSs in the subnets. + +Procedure +--------- + +#. Log in to the management console. + +2. Click |image1| in the upper left corner and select the desired region and project. + +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +4. In the VPC list, click the name of the VPC for which the topology is to be viewed. + + The VPC details page is displayed. + +5. Click the **Topology** tab to view the VPC topology. + + The topology displays the subnets in the VPC and the ECSs in the subnets. + + You can also perform the following operations on subnets and ECSs in the topology: + + - Modify or delete a subnet. + - Add an ECS to a subnet, bind an EIP to the ECS, and change the security group of the ECS. + +.. |image1| image:: /_static/images/en-us_image_0000001221790501.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst index 017c474..710dcbf 100644 --- a/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/creating_a_vpc_flow_log.rst @@ -27,7 +27,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -76,3 +76,4 @@ Procedure 6. Click **OK**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001553770733.png diff --git a/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst index 73da599..9742c64 100644 --- a/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/deleting_a_vpc_flow_log.rst @@ -21,7 +21,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -36,3 +36,4 @@ Procedure 6. Click **Yes** in the displayed dialog box. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503330854.png diff --git a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst index 03789fa..112d518 100644 --- a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst @@ -17,9 +17,11 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + 4. In the navigation pane on the left, choose **VPC Flow Logs**. 5. Locate the VPC flow log to be enabled or disabled, and choose **More** > **Enable** or **More** > **Disable** in the **Operation** column. 6. Click **Yes**. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503011070.png diff --git a/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst index 14f6232..e677c2d 100644 --- a/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/viewing_a_vpc_flow_log.rst @@ -23,7 +23,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **VPC Flow Logs**. @@ -103,7 +103,7 @@ Procedure | action | The action associated with the traffic: | ACCEPT | | | | | | | - **ACCEPT**: The recorded traffic was allowed by the security groups or firewalls. | | - | | - **REJECT**: The recorded traffic was denied by the firewalls. | | + | | - **REJECT**: The recorded traffic was denied by the security groups or firewalls. | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+ | log-status | The logging status of the VPC flow log: | OK | | | | | @@ -119,3 +119,4 @@ Procedure You can enter a keyword on the log topic details page on the LTS console to search for flow log records. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503490746.png diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst index e24db56..f01e01d 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -12,6 +12,13 @@ If two VPCs from the same region cannot communicate with each other, you can use This following describes how to create a VPC peering connection between VPC-A in account A and VPC-B in account B to enable communications between ECS-A01 and RDS-B01. +Procedure: + +#. :ref:`Step 1: Create a VPC Peering Connection ` +#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request ` +#. :ref:`Step 3: Add Routes for the VPC Peering Connection ` +#. :ref:`Step 4: Verify Network Connectivity ` + .. figure:: /_static/images/en-us_image_0000001464757610.png :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in different accounts @@ -36,6 +43,8 @@ Prerequisites You have two VPCs in the same region. If you want to create one, see :ref:`Creating a VPC `. +.. _en-us_topic_0046655038__section14616192294815: + Step 1: Create a VPC Peering Connection --------------------------------------- @@ -43,9 +52,7 @@ Step 1: Create a VPC Peering Connection 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -116,9 +123,7 @@ After you create a VPC peering connection with a VPC in another account, you nee #. Log in to the management console. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image3| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -134,7 +139,9 @@ After you create a VPC peering connection with a VPC in another account, you nee #. Locate the row that contains the target VPC peering connection and click **Accept Request** in the **Operation** column. - After the status of the VPC peering connection changes to **Accepted**, the VPC peering connection is created. Go to :ref:`Step 3: Add Routes for the VPC Peering Connection `. + After the status of the VPC peering connection changes to **Accepted**, the VPC peering connection is created. + +#. Go to :ref:`Step 3: Add Routes for the VPC Peering Connection `. .. important:: @@ -219,6 +226,8 @@ Both accounts need to add a route to the route table of their VPC. In this examp You can view the route in the route list. +.. _en-us_topic_0046655038__section920942154519: + Step 4: Verify Network Connectivity ----------------------------------- @@ -253,3 +262,5 @@ After you add routes for the VPC peering connection, verify the communication be - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503159042.png +.. |image3| image:: /_static/images/en-us_image_0000001503478818.png diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst index 3a6a2f9..c484625 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -12,6 +12,12 @@ If two VPCs from the same region cannot communicate with each other, you can use This following describes how to create a VPC peering connection between VPC-A and VPC-B in account A to enable communications between ECS-A01 and RDS-B01. +Procedure: + +#. :ref:`Step 1: Create a VPC Peering Connection ` +#. :ref:`Step 2: Add Routes for the VPC Peering Connection ` +#. :ref:`Step 3: Verify Network Connectivity ` + .. figure:: /_static/images/en-us_image_0000001512876289.png :alt: **Figure 1** Networking diagram of a VPC peering connection between VPCs in the same account @@ -30,6 +36,8 @@ Prerequisites You have two VPCs in the same region. If you want to create one, see :ref:`Creating a VPC `. +.. _en-us_topic_0046655037__section143383585438: + Step 1: Create a VPC Peering Connection --------------------------------------- @@ -37,9 +45,7 @@ Step 1: Create a VPC Peering Connection 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -178,6 +184,8 @@ Step 2: Add Routes for the VPC Peering Connection You can view the route in the route list. +.. _en-us_topic_0046655037__section026312306414: + Step 3: Verify Network Connectivity ----------------------------------- @@ -212,3 +220,4 @@ After you add routes for the VPC peering connection, verify the communication be - If VPCs connected by a VPC peering connection cannot communicate with each other, refer to :ref:`Why Did Communication Fail Between VPCs That Were Connected by a VPC Peering Connection? `. .. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503318922.png diff --git a/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst index 26e570e..c56f0d9 100644 --- a/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/deleting_a_vpc_peering_connection.rst @@ -15,8 +15,7 @@ Either owner of a VPC in a peering connection can delete the VPC peering connect Notes and Constraints --------------------- -- Deleting a VPC peering connection will also delete the routes added for the connection from the route tables of the local and peer VPCs. -- The owner of either VPC in a peering connection can delete the VPC peering connection at any time. Deleting a VPC peering connection will also delete all information about this connection, including the routes added for the connection. +The owner of either VPC in a peering connection can delete the VPC peering connection at any time. Deleting a VPC peering connection will also delete all information about this connection, including the routes in the local and peer VPC route tables added for the connection. Procedure --------- diff --git a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst index ab60b5b..4ad2cf0 100644 --- a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst @@ -22,9 +22,7 @@ Deleting Routes of a VPC Peering Connection Between VPCs in the Same Account #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -69,11 +67,9 @@ Only the account owner of a VPC in a VPC peering connection can delete the route Log in to the management console using the account of the local VPC and delete the route of the local VPC: - a. Click |image2| in the upper left corner and select the desired region and project. + a. Click |image3| in the upper left corner and select the desired region and project. - b. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -98,4 +94,6 @@ Only the account owner of a VPC in a VPC peering connection can delete the route #. Log in to the management console using the account of the peer VPC and delete the route of the peer VPC by referring to :ref:`1 `. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503330858.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001553770737.png diff --git a/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst index befa0f6..5004df6 100644 --- a/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/modifying_routes_configured_for_a_vpc_peering_connection.rst @@ -24,9 +24,7 @@ Modifying Routes of a VPC Peering Connection Between VPCs in the Same Account #. Click |image1| in the upper left corner and select the desired region and project. -#. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. #. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -71,11 +69,9 @@ Only the account owner of a VPC can modify the routes added for the connection. Log in to the management console using the account of the local VPC and modify the route of the local VPC: - a. Click |image2| in the upper left corner and select the desired region and project. + a. Click |image3| in the upper left corner and select the desired region and project. - b. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -100,4 +96,6 @@ Only the account owner of a VPC can modify the routes added for the connection. #. Log in to the management console using the account of the peer VPC and modify the route of the peer VPC by referring to :ref:`1 `. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001554010649.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001553650757.png diff --git a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst index 4d5106c..b8fb49f 100644 --- a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -24,9 +24,7 @@ Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account 2. Click |image1| in the upper left corner and select the desired region and project. -3. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. +3. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. 4. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -52,11 +50,9 @@ Only the account owner of a VPC in a VPC peering connection can view the routes Log in to the management console using the account of the local VPC and view the route of the local VPC: - a. Click |image2| in the upper left corner and select the desired region and project. + a. Click |image3| in the upper left corner and select the desired region and project. - b. On the console homepage, under **Network**, click **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. + b. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**. c. In the navigation pane on the left, choose **Virtual Private Cloud** > **VPC Peering Connections**. @@ -71,4 +67,6 @@ Only the account owner of a VPC in a VPC peering connection can view the routes #. Log in to the management console using the account of the peer VPC and view the route of the peer VPC by referring to :ref:`1 `. .. |image1| image:: /_static/images/en-us_image_0141273034.png -.. |image2| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001503011074.png +.. |image3| image:: /_static/images/en-us_image_0141273034.png +.. |image4| image:: /_static/images/en-us_image_0000001503490750.png