forked from docs/virtual-private-cloud
Compare commits
1 Commits
main
...
propose-vp
| Author | SHA1 | Date | |
|---|---|---|---|
| 405725be9c |
BIN
umn/source/_static/images/en-us_image_0000001646961692.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001646961692.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 128 B |
Binary file not shown.
|
Before Width: | Height: | Size: 10 KiB |
@ -43,49 +43,49 @@ Procedure
|
||||
|
||||
.. table:: **Table 1** Parameter descriptions
|
||||
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+========================+========================================================================================================================================================================================+=======================+
|
||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||
| | | |
|
||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - Security group: sg-A | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - Security group: sg-A | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||
| | | |
|
||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
|
||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||
| | | |
|
||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||
| | | |
|
||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
7. Click **OK**.
|
||||
|
||||
|
||||
@ -8,12 +8,13 @@ Associating Subnets with a Firewall
|
||||
Scenarios
|
||||
---------
|
||||
|
||||
You can associate a firewall with a subnet to protect resources in the subnet. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic.
|
||||
You can associate a firewall with a subnet to protect resources in the subnet.
|
||||
|
||||
Notes and Constraints
|
||||
---------------------
|
||||
|
||||
You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
|
||||
- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
|
||||
- After a firewall is associated with a subnet, the default firewall rules deny all traffic to and from the subnet until you add custom rules to allow traffic. For details, see :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`.
|
||||
|
||||
Procedure
|
||||
---------
|
||||
@ -32,13 +33,13 @@ Procedure
|
||||
|
||||
6. On the displayed page, click the **Associated Subnets** tab.
|
||||
|
||||
7. On the **Associated Subnets** page, click **Associate**.
|
||||
7. On the **Associated Subnets** tab, click **Associate**.
|
||||
|
||||
8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**.
|
||||
|
||||
.. note::
|
||||
|
||||
Subnets with firewalls associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
|
||||
A subnet with a firewall associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001626734158.png
|
||||
|
||||
@ -2,13 +2,13 @@
|
||||
|
||||
.. _vpc_acl_0003:
|
||||
|
||||
Disassociating a Subnet from a Firewall
|
||||
=======================================
|
||||
Disassociating Subnets from a Firewall
|
||||
======================================
|
||||
|
||||
Scenarios
|
||||
---------
|
||||
|
||||
Disassociate a subnet from a firewall when necessary.
|
||||
You can disassociate a subnet from its firewall based on your network requirements.
|
||||
|
||||
Procedure
|
||||
---------
|
||||
@ -33,7 +33,7 @@ Procedure
|
||||
|
||||
**Disassociating subnets from a firewall**
|
||||
|
||||
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from a firewall at a time.
|
||||
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the firewall at a time.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001675413845.png
|
||||
@ -10,7 +10,7 @@ Firewall
|
||||
- :ref:`Creating a Firewall <en-us_topic_0051746698>`
|
||||
- :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`
|
||||
- :ref:`Associating Subnets with a Firewall <en-us_topic_0051746700>`
|
||||
- :ref:`Disassociating a Subnet from a Firewall <vpc_acl_0003>`
|
||||
- :ref:`Disassociating Subnets from a Firewall <vpc_acl_0003>`
|
||||
- :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`
|
||||
- :ref:`Modifying a Firewall Rule <vpc_acl_0005>`
|
||||
- :ref:`Enabling or Disabling a Firewall Rule <vpc_acl_0006>`
|
||||
@ -29,7 +29,7 @@ Firewall
|
||||
creating_a_firewall
|
||||
adding_a_firewall_rule
|
||||
associating_subnets_with_a_firewall
|
||||
disassociating_a_subnet_from_a_firewall
|
||||
disassociating_subnets_from_a_firewall
|
||||
changing_the_sequence_of_a_firewall_rule
|
||||
modifying_a_firewall_rule
|
||||
enabling_or_disabling_a_firewall_rule
|
||||
|
||||
@ -37,49 +37,49 @@ Procedure
|
||||
|
||||
.. table:: **Table 1** Parameter descriptions
|
||||
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+========================+========================================================================================================================================================================================+=======================+
|
||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||
| | | |
|
||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - Security group: sg-A | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - Security group: sg-A | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||
| | | |
|
||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
|
||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||
| | | |
|
||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||
| | | |
|
||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||
| | | |
|
||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
7. Click **Confirm**.
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,71 @@
|
||||
:original_name: SecurityGroup_0005.html
|
||||
|
||||
.. _SecurityGroup_0005:
|
||||
|
||||
Allowing Common Ports with A Few Clicks
|
||||
=======================================
|
||||
|
||||
Scenarios
|
||||
---------
|
||||
|
||||
You can configure a security group to allow common ports with a few clicks. This function is suitable for the following scenarios:
|
||||
|
||||
- Remotely log in to ECSs.
|
||||
- Use the ping command to test ECS connectivity.
|
||||
- ECSs functioning as web servers provide website access services.
|
||||
|
||||
:ref:`Table 1 <securitygroup_0005__table117828131111>` describes the common ports that can be opened with a few clicks.
|
||||
|
||||
.. _securitygroup_0005__table117828131111:
|
||||
|
||||
.. table:: **Table 1** Common ports
|
||||
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Direction | Protocol & Port & Type | Source/Destination | Description |
|
||||
+=================+========================+====================+===================================================================================================================================+
|
||||
| Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| | TCP: 20-21 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. |
|
||||
| | | | |
|
||||
| | All (IPv6) | ::/0 | |
|
||||
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
Procedure
|
||||
---------
|
||||
|
||||
#. Log in to the management console.
|
||||
|
||||
#. Click |image1| in the upper left corner and select the desired region and project.
|
||||
|
||||
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
|
||||
|
||||
The **Virtual Private Cloud** page is displayed.
|
||||
|
||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||
|
||||
The security group list is displayed.
|
||||
|
||||
#. In the security group list, click the name of the security group.
|
||||
|
||||
The security group details page is displayed.
|
||||
|
||||
#. Click the **Inbound Rules** or **Outbound Rules** tab, and then click **Allow Common Ports**.
|
||||
|
||||
The **Allow Common Ports** page is displayed.
|
||||
|
||||
#. Click **OK**.
|
||||
|
||||
After the operation is complete, you can view the added rules in the security group rule list.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001646961692.png
|
||||
@ -16,10 +16,6 @@ You can clone a security group in the following scenarios:
|
||||
- If you need new security group rules, you can clone the original security group as a backup.
|
||||
- Before you modify security group rules used by a service, you can clone the security group and modify the security group rules in the test environment to ensure that the modified rules work.
|
||||
|
||||
.. note::
|
||||
|
||||
Security group cloning is not supported now.
|
||||
|
||||
Notes and Constraints
|
||||
---------------------
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Default Security Group and Its Rules
|
||||
====================================
|
||||
|
||||
If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
|
||||
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
|
||||
|
||||
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
|
||||
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -51,36 +51,42 @@ Procedure
|
||||
|
||||
.. table:: **Table 1** Template parameters
|
||||
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+=======================+=============================================================================================================================================================================+====================================+
|
||||
| Direction | The direction in which the security group rule takes effect. | Inbound |
|
||||
| | | |
|
||||
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
|
||||
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||
| | | |
|
||||
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - Security group: sg-A | |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
|
||||
| | | |
|
||||
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+
|
||||
| Direction | The direction in which the security group rule takes effect. | Inbound |
|
||||
| | | |
|
||||
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
|
||||
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||
| | | |
|
||||
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Type | Source IP address version. You can select: | IPv4 |
|
||||
| | | |
|
||||
| | - IPv4 | |
|
||||
| | - IPv6 | |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||
| | | |
|
||||
| | - IP address: | |
|
||||
| | | |
|
||||
| | - Single IP address: 192.168.10.10/32 | |
|
||||
| | - All IP addresses: 0.0.0.0/0 | |
|
||||
| | - IP address range: 192.168.1.0/24 | |
|
||||
| | | |
|
||||
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
|
||||
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
|
||||
| | | |
|
||||
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001675254013.png
|
||||
|
||||
@ -14,6 +14,7 @@ Security Group
|
||||
- :ref:`Deleting a Security Group <vpc_securitygroup_0008>`
|
||||
- :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`
|
||||
- :ref:`Fast-Adding Security Group Rules <securitygroup_0004>`
|
||||
- :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`
|
||||
- :ref:`Modifying a Security Group Rule <vpc_securitygroup_0005>`
|
||||
- :ref:`Replicating a Security Group Rule <vpc_securitygroup_0004>`
|
||||
- :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`
|
||||
@ -35,6 +36,7 @@ Security Group
|
||||
deleting_a_security_group
|
||||
adding_a_security_group_rule
|
||||
fast-adding_security_group_rules
|
||||
allowing_common_ports_with_a_few_clicks
|
||||
modifying_a_security_group_rule
|
||||
replicating_a_security_group_rule
|
||||
importing_and_exporting_security_group_rules
|
||||
|
||||
@ -8,9 +8,9 @@ Security Groups and Security Group Rules
|
||||
Security Groups
|
||||
---------------
|
||||
|
||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
|
||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
|
||||
|
||||
If you have not created any security group yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
|
||||
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
|
||||
|
||||
Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
|
||||
|
||||
@ -29,42 +29,46 @@ A security group has inbound and outbound rules to control traffic that's allowe
|
||||
|
||||
.. table:: **Table 1** Security group rule information
|
||||
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Parameter | Description |
|
||||
+===================================+========================================================================================================================================================================================================================+
|
||||
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
|
||||
| | |
|
||||
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
|
||||
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
|
||||
| | |
|
||||
| | - IP address: |
|
||||
| | |
|
||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||
| | - Example IPv6 address: 2002:50::44/128 |
|
||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||
| | |
|
||||
| | - Security group: You can select another security group in the same region under the current account as the source. |
|
||||
| | |
|
||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
|
||||
| | |
|
||||
| | - IP address: |
|
||||
| | |
|
||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||
| | - Example IPv6 address: 2002:50::44/128 |
|
||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||
| | |
|
||||
| | - Security group: You can select another security group in the same region under the current account as the destination. |
|
||||
| | |
|
||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Parameter | Description |
|
||||
+===================================+=====================================================================================================================================================================================================================================+
|
||||
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
|
||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
|
||||
| | |
|
||||
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
|
||||
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
|
||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
|
||||
| | |
|
||||
| | - IP address: |
|
||||
| | |
|
||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||
| | - Example IPv6 address: 2002:50::44/128 |
|
||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||
| | |
|
||||
| | - Security group: You can select another security group in the same region under the current account as the source. |
|
||||
| | |
|
||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
|
||||
| | |
|
||||
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. |
|
||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
|
||||
| | |
|
||||
| | - IP address: |
|
||||
| | |
|
||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||
| | - Example IPv6 address: 2002:50::44/128 |
|
||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||
| | |
|
||||
| | - Security group: You can select another security group in the same region under the current account as the destination. |
|
||||
| | |
|
||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
|
||||
| | |
|
||||
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. |
|
||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
Like whitelists, security group rules work as follows:
|
||||
|
||||
|
||||
@ -8,6 +8,24 @@ Change History
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Released On | Description |
|
||||
+===================================+====================================================================================================================================================================================================================================================================================================================================+
|
||||
| 2023-12-18 | This release incorporates the following changes: |
|
||||
| | |
|
||||
| | Added IPv6-related content. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| 2023-12-12 | This release incorporates the following changes: |
|
||||
| | |
|
||||
| | Added descriptions about security group and IP address group as source or destination in :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| 2023-11-30 | This release incorporates the following changes: |
|
||||
| | |
|
||||
| | Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| 2023-11-14 | This release incorporates the following changes: |
|
||||
| | |
|
||||
| | Added the following content: |
|
||||
| | |
|
||||
| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| 2023-10-10 | This release incorporates the following changes: |
|
||||
| | |
|
||||
| | - Added the figure for configuring route tables in :ref:`Route Table <en-us_topic_0038263963>`. |
|
||||
|
||||
@ -49,7 +49,7 @@ Procedure
|
||||
|
||||
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
|
||||
|
||||
#. Click the search box and then click **Tag** in the drop-down list.
|
||||
#. Click the search box above the EIP list.
|
||||
|
||||
#. Select the tag key and value of the EIP.
|
||||
|
||||
|
||||
@ -16,9 +16,3 @@ Security Group Configuration
|
||||
You can configure port 69 and configure data channel ports used by TFTP for the security group. In RFC1350, the TFTP protocol specifies that ports available to data channels range from 0 to 65535. However, not all these ports are used by the TFTP daemon processes of different applications. You can configure a smaller range of ports for the TFTP daemon.
|
||||
|
||||
The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100.
|
||||
|
||||
|
||||
.. figure:: /_static/images/en-us_image_0129473334.png
|
||||
:alt: **Figure 1** Security group rules
|
||||
|
||||
**Figure 1** Security group rules
|
||||
|
||||
@ -75,37 +75,39 @@ Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You
|
||||
|
||||
.. table:: **Table 2** Deleting VPCs
|
||||
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| Prompts | Cause | Solution |
|
||||
+===========================================================================================================================+=========================================================================================================================+===============================================================================================================+
|
||||
| You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. |
|
||||
| | | |
|
||||
| | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. |
|
||||
| | | |
|
||||
| | | The route table list is displayed. |
|
||||
| | | |
|
||||
| | | #. :ref:`Deleting a Route <vpc_route01_0012>` |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. |
|
||||
| | | |
|
||||
| | - Subnet | - :ref:`Table 1 <vpc_faq_0075__table4284113316400>` |
|
||||
| | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection <vpc_peering_0003>` |
|
||||
| | - Custom route table | - :ref:`Deleting a Route Table <vpc_route01_0010>` |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. |
|
||||
| | | |
|
||||
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` |
|
||||
| | | |
|
||||
| | NOTICE: | |
|
||||
| | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
| Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. |
|
||||
| | | |
|
||||
| | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP <vpc_eip_0001>` |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Prompts | Cause | Solution | |
|
||||
+===========================================================================================================================+=========================================================================================================================+===============================================================================================================+===========================================================+
|
||||
| You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | |
|
||||
| | | | |
|
||||
| | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | |
|
||||
| | | | |
|
||||
| | | The route table list is displayed. | |
|
||||
| | | | |
|
||||
| | | #. :ref:`Deleting a Route <vpc_route01_0012>` | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | |
|
||||
| | | | |
|
||||
| | - Subnet | - :ref:`Table 1 <vpc_faq_0075__table4284113316400>` | |
|
||||
| | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection <vpc_peering_0003>` | |
|
||||
| | - Custom route table | - :ref:`Deleting a Route Table <vpc_route01_0010>` | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Delete the VPN gateway that is using the VPC and then delete the VPC. | Delete the VPN gateway that is using the VPC and then delete the VPC. | The VPC is being used by a VPN gateway. | On the VPN console, locate the VPN gateway and delete it. |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | |
|
||||
| | | | |
|
||||
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` | |
|
||||
| | | | |
|
||||
| | NOTICE: | | |
|
||||
| | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
| Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | |
|
||||
| | | | |
|
||||
| | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP <vpc_eip_0001>` | |
|
||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
|
||||
|
||||
@ -56,7 +56,11 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
|
||||
| | | | |
|
||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | | |
|
||||
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
|
||||
@ -66,7 +66,11 @@ Procedure
|
||||
| | | | |
|
||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | | |
|
||||
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
|
||||
@ -48,7 +48,11 @@ Procedure
|
||||
| | | |
|
||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | |
|
||||
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -66,7 +66,11 @@ Procedure
|
||||
| | | | |
|
||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | | |
|
||||
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
|
||||
@ -48,7 +48,11 @@ Procedure
|
||||
| | | |
|
||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | |
|
||||
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -12,7 +12,7 @@ You can create custom policies in either of the following ways:
|
||||
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
|
||||
- JSON: Edit JSON policies from scratch or based on an existing policy.
|
||||
|
||||
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/usermanual/iam/en-us_topic_0274187246.html>`__. The following section contains examples of common VPC custom policies.
|
||||
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/permissions/creating_a_custom_policy.html>`__. The following section contains examples of common VPC custom policies.
|
||||
|
||||
Example Custom Policies
|
||||
-----------------------
|
||||
|
||||
@ -60,7 +60,7 @@ Procedure
|
||||
.. code-block:: console
|
||||
|
||||
[root@localhost ~]# ping www.google.com
|
||||
PING www.XXX.com (xxx.xxx.xxx.xxx) 56(84) bytes of data.
|
||||
PING www.google.com (xxx.xxx.xxx.xxx) 56(84) bytes of data.
|
||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms
|
||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms
|
||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms
|
||||
|
||||
@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
|
||||
|
||||
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
||||
|
||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
|
||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
|
||||
|
||||
Route
|
||||
-----
|
||||
@ -35,8 +35,14 @@ You can add routes to default and custom route tables and configure the destinat
|
||||
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
||||
|
||||
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
||||
|
||||
- Routes whose destination is a subnet CIDR block.
|
||||
|
||||
If you enable IPv6 when creating a subnet, the system automatically assigns an IPv6 CIDR block to the subnet. Then, you can view IPv6 routes in its route table. Example destinations of subnet CIDR blocks are as follows:
|
||||
|
||||
- IPv4: 192.168.2.0/24
|
||||
- IPv6: 2407:c080:802:be7::/64
|
||||
|
||||
.. note::
|
||||
|
||||
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
||||
|
||||
@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
|
||||
|
||||
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
||||
|
||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
|
||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
|
||||
|
||||
Route
|
||||
-----
|
||||
@ -35,8 +35,14 @@ You can add routes to default and custom route tables and configure the destinat
|
||||
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
||||
|
||||
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
||||
|
||||
- Routes whose destination is a subnet CIDR block.
|
||||
|
||||
If you enable IPv6 when creating a subnet, the system automatically assigns an IPv6 CIDR block to the subnet. Then, you can view IPv6 routes in its route table. Example destinations of subnet CIDR blocks are as follows:
|
||||
|
||||
- IPv4: 192.168.2.0/24
|
||||
- IPv6: 2407:c080:802:be7::/64
|
||||
|
||||
.. note::
|
||||
|
||||
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Security Group
|
||||
==============
|
||||
|
||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
|
||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
|
||||
|
||||
Like whitelists, security group rules work as follows:
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
VPC Peering Connection
|
||||
======================
|
||||
|
||||
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||
|
||||
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
||||
|
||||
|
||||
@ -27,6 +27,11 @@ Procedure
|
||||
|
||||
#. Click the **IP Addresses** tab and click **Assign Virtual IP Address**.
|
||||
|
||||
#. Select an IP address type. This parameter is available only in regions supporting IPv6.
|
||||
|
||||
- IPv4
|
||||
- IPv6
|
||||
|
||||
#. Select a virtual IP address assignment mode.
|
||||
|
||||
- **Automatic**: The system assigns an IP address automatically.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -7,6 +7,7 @@ VPC and Subnet
|
||||
|
||||
- :ref:`VPC <vpc_0003>`
|
||||
- :ref:`Subnet <vpc_0004>`
|
||||
- :ref:`IPv4 and IPv6 Dual-Stack Network <vpc_0002>`
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
@ -14,3 +15,4 @@ VPC and Subnet
|
||||
|
||||
vpc/index
|
||||
subnet/index
|
||||
ipv4_and_ipv6_dual-stack_network
|
||||
|
||||
101
umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst
Normal file
101
umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst
Normal file
File diff suppressed because it is too large
Load Diff
@ -48,7 +48,11 @@ Procedure
|
||||
| | | |
|
||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | |
|
||||
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
@ -57,14 +57,14 @@ Procedure
|
||||
|
||||
The **Subnets** page is displayed.
|
||||
|
||||
#. Click **+** to add another tag key and value.
|
||||
|
||||
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for subnets, the subnets containing all specified tags will be displayed.
|
||||
|
||||
#. In the search box above the subnet list, click the search box.
|
||||
|
||||
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
||||
|
||||
Click anywhere in the search box to add the next tag key and value.
|
||||
|
||||
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for VPCs, the VPCs containing all specified tags will be displayed.
|
||||
|
||||
**Add, delete, edit, and view tags on the Tags tab of a subnet.**
|
||||
|
||||
#. Log in to the management console.
|
||||
|
||||
@ -66,7 +66,11 @@ Procedure
|
||||
| | | | |
|
||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||
| | | | |
|
||||
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||
|
||||
@ -53,7 +53,7 @@ Procedure
|
||||
|
||||
The **Virtual Private Cloud** page is displayed.
|
||||
|
||||
#. In the search box above the subnet list, click the search box.
|
||||
#. In the search box above the VPC list, click anywhere in the search box.
|
||||
|
||||
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
||||
|
||||
|
||||
@ -62,7 +62,7 @@ Procedure
|
||||
| | - **Accepted traffic**: specifies that only accepted traffic of the specified resource will be logged. Accepted traffic refers to the traffic permitted by the security group or firewall. | |
|
||||
| | - **Rejected traffic**: specifies that only rejected traffic of the specified resource will be logged. Rejected traffic refers to the traffic denied by the firewall. | |
|
||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Log Group | The log group created in LTS. | lts-group-wule |
|
||||
| Log Group | The log group created in LTS. | lts-group-abc |
|
||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
| Log Topic | The log topic created in LTS. | LogTopic1 |
|
||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||
|
||||
@ -8,7 +8,13 @@ Enabling or Disabling VPC Flow Log
|
||||
Scenarios
|
||||
---------
|
||||
|
||||
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again.
|
||||
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record flow log data, you can disable the corresponding VPC flow log. A disabled VPC flow log can be enabled again.
|
||||
|
||||
Notes and Constraints
|
||||
---------------------
|
||||
|
||||
- After a VPC flow log is enabled, the system starts to collect flow logs in the next log collection period.
|
||||
- After a VPC flow log is disabled, the system stops collecting flow logs in the next log collection period. Generated flow logs will still be reported.
|
||||
|
||||
Procedure
|
||||
---------
|
||||
|
||||
@ -5,6 +5,9 @@
|
||||
VPC Flow Log Overview
|
||||
=====================
|
||||
|
||||
What Is a VPC Flow Log?
|
||||
-----------------------
|
||||
|
||||
A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification.
|
||||
|
||||
VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 <flowlog_0002__fig1535115691415>` shows the process for configuring VPC flow logs.
|
||||
|
||||
@ -14,10 +14,13 @@ This following describes how to create a VPC peering connection between VPC-A in
|
||||
|
||||
Procedure:
|
||||
|
||||
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
|
||||
#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
|
||||
#. :ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
|
||||
#. :ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
|
||||
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
|
||||
|
||||
:ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
|
||||
|
||||
:ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
|
||||
|
||||
:ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
|
||||
|
||||
|
||||
.. figure:: /_static/images/en-us_image_0000001464757610.png
|
||||
|
||||
@ -14,9 +14,11 @@ This following describes how to create a VPC peering connection between VPC-A an
|
||||
|
||||
Procedure:
|
||||
|
||||
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
|
||||
#. :ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
|
||||
#. :ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
|
||||
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
|
||||
|
||||
:ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
|
||||
|
||||
:ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
|
||||
|
||||
|
||||
.. figure:: /_static/images/en-us_image_0000001512876289.png
|
||||
|
||||
@ -8,7 +8,7 @@ VPC Peering Connection Overview
|
||||
What Is a VPC Peering Connection?
|
||||
---------------------------------
|
||||
|
||||
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||
|
||||
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user