diff --git a/umn/source/_static/images/en-us_image_0000001190483836.png b/umn/source/_static/images/en-us_image_0000001190483836.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001190483836.png differ diff --git a/umn/source/_static/images/en-us_image_0000002082069408.png b/umn/source/_static/images/en-us_image_0000002082069408.png new file mode 100644 index 0000000..a3296c2 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002082069408.png differ diff --git a/umn/source/_static/images/en-us_image_0000002082224192.png b/umn/source/_static/images/en-us_image_0000002082224192.png new file mode 100644 index 0000000..a3296c2 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002082224192.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089104748.png b/umn/source/_static/images/en-us_image_0000002089104748.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089104748.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089104752.png b/umn/source/_static/images/en-us_image_0000002089104752.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089104752.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089264608.png b/umn/source/_static/images/en-us_image_0000002089264608.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089264608.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089264612.png b/umn/source/_static/images/en-us_image_0000002089264612.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089264612.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089584348.png b/umn/source/_static/images/en-us_image_0000002089584348.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089584348.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089584360.png b/umn/source/_static/images/en-us_image_0000002089584360.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089584360.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089584372.png b/umn/source/_static/images/en-us_image_0000002089584372.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089584372.png differ diff --git a/umn/source/_static/images/en-us_image_0000002089584376.png b/umn/source/_static/images/en-us_image_0000002089584376.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002089584376.png differ diff --git a/umn/source/_static/images/en-us_image_0000002090740630.png b/umn/source/_static/images/en-us_image_0000002090740630.png new file mode 100644 index 0000000..73a5b03 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002090740630.png differ diff --git a/umn/source/_static/images/en-us_image_0000002121850428.png b/umn/source/_static/images/en-us_image_0000002121850428.png new file mode 100644 index 0000000..d8f9804 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002121850428.png differ diff --git a/umn/source/_static/images/en-us_image_0000002122008564.png b/umn/source/_static/images/en-us_image_0000002122008564.png new file mode 100644 index 0000000..0ab7bc8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002122008564.png differ diff --git a/umn/source/_static/images/en-us_image_0000002125143773.png b/umn/source/_static/images/en-us_image_0000002125143773.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002125143773.png differ diff --git a/umn/source/_static/images/en-us_image_0000002125143777.png b/umn/source/_static/images/en-us_image_0000002125143777.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002125143777.png differ diff --git a/umn/source/_static/images/en-us_image_0000002125143785.png b/umn/source/_static/images/en-us_image_0000002125143785.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002125143785.png differ diff --git a/umn/source/_static/images/en-us_image_0000002125143789.png b/umn/source/_static/images/en-us_image_0000002125143789.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002125143789.png differ diff --git a/umn/source/_static/images/en-us_image_0000002157370221.png b/umn/source/_static/images/en-us_image_0000002157370221.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002157370221.png differ diff --git a/umn/source/_static/images/en-us_image_0000002178551392.png b/umn/source/_static/images/en-us_image_0000002178551392.png new file mode 100644 index 0000000..14b75c6 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002178551392.png differ diff --git a/umn/source/_static/images/en-us_image_0000002445232846.png b/umn/source/_static/images/en-us_image_0000002445232846.png new file mode 100644 index 0000000..c93e727 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002445232846.png differ diff --git a/umn/source/_static/images/en-us_image_0000002445430860.png b/umn/source/_static/images/en-us_image_0000002445430860.png new file mode 100644 index 0000000..c76cb0d Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002445430860.png differ diff --git a/umn/source/_static/images/en-us_image_0000002446287918.png b/umn/source/_static/images/en-us_image_0000002446287918.png new file mode 100644 index 0000000..81d7963 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002446287918.png differ diff --git a/umn/source/_static/images/en-us_image_0000002446606818.png b/umn/source/_static/images/en-us_image_0000002446606818.png new file mode 100644 index 0000000..c5c67f1 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002446606818.png differ diff --git a/umn/source/_static/images/en-us_image_0000002446788280.png b/umn/source/_static/images/en-us_image_0000002446788280.png new file mode 100644 index 0000000..70f3690 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002446788280.png differ diff --git a/umn/source/_static/images/en-us_image_0000002446790368.png b/umn/source/_static/images/en-us_image_0000002446790368.png new file mode 100644 index 0000000..a2f1bdf Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002446790368.png differ diff --git a/umn/source/_static/images/en-us_image_0000002449787866.png b/umn/source/_static/images/en-us_image_0000002449787866.png new file mode 100644 index 0000000..40cb44c Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002449787866.png differ diff --git a/umn/source/_static/images/en-us_image_0000002449789746.png b/umn/source/_static/images/en-us_image_0000002449789746.png new file mode 100644 index 0000000..15bb862 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002449789746.png differ diff --git a/umn/source/_static/images/en-us_image_0000002449948666.png b/umn/source/_static/images/en-us_image_0000002449948666.png new file mode 100644 index 0000000..8e2f134 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002449948666.png differ diff --git a/umn/source/_static/images/en-us_image_0000002449949814.png b/umn/source/_static/images/en-us_image_0000002449949814.png new file mode 100644 index 0000000..eaef218 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002449949814.png differ diff --git a/umn/source/_static/images/en-us_image_0000002461583304.png b/umn/source/_static/images/en-us_image_0000002461583304.png new file mode 100644 index 0000000..9891779 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002461583304.png differ diff --git a/umn/source/_static/images/en-us_image_0000002461680909.png b/umn/source/_static/images/en-us_image_0000002461680909.png new file mode 100644 index 0000000..45a3a60 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002461680909.png differ diff --git a/umn/source/_static/images/en-us_image_0000002461833813.png b/umn/source/_static/images/en-us_image_0000002461833813.png new file mode 100644 index 0000000..1909444 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002461833813.png differ diff --git a/umn/source/_static/images/en-us_image_0000002478587813.png b/umn/source/_static/images/en-us_image_0000002478587813.png new file mode 100644 index 0000000..ea5b7c7 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002478587813.png differ diff --git a/umn/source/_static/images/en-us_image_0000002479757549.png b/umn/source/_static/images/en-us_image_0000002479757549.png new file mode 100644 index 0000000..d04bf16 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002479757549.png differ diff --git a/umn/source/_static/images/en-us_image_0000002480095461.png b/umn/source/_static/images/en-us_image_0000002480095461.png new file mode 100644 index 0000000..2c07f9f Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002480095461.png differ diff --git a/umn/source/_static/images/en-us_image_0000002482863093.png b/umn/source/_static/images/en-us_image_0000002482863093.png new file mode 100644 index 0000000..95589a4 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002482863093.png differ diff --git a/umn/source/_static/images/en-us_image_0000002483026245.png b/umn/source/_static/images/en-us_image_0000002483026245.png new file mode 100644 index 0000000..2271bc8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002483026245.png differ diff --git a/umn/source/central_network_operation_guide/central_networks/central_networks.rst b/umn/source/central_network_operation_guide/central_networks/central_networks.rst new file mode 100644 index 0000000..48bb51c --- /dev/null +++ b/umn/source/central_network_operation_guide/central_networks/central_networks.rst @@ -0,0 +1,124 @@ +:original_name: cc_03_1020.html + +.. _cc_03_1020: + +Central Networks +================ + +Scenarios +--------- + +After an enterprise router is created, you can create a central network and add the enterprise router to a policy of the central network. In this way, resources can communicate with each other across regions, and network resources in each region can be managed centrally. + +Constraints +----------- + +- Before building a central network, you need to create enterprise routers and enable **Default Route Table Association** and **Default Route Table Propagation** for them. + +.. _cc_03_1020__section2954341203415: + +Creating a Central Network +-------------------------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. In the upper right corner of the page, click **Create Central Network**. + +#. Enter the name and description and then configure policies for the central network. :ref:`Table 1 ` describes the parameters required for creating a central network. + + + .. figure:: /_static/images/en-us_image_0000002479757549.png + :alt: **Figure 1** Creating a central network + + **Figure 1** Creating a central network + + .. _cc_03_1020__table1866394313519: + + .. table:: **Table 1** Parameters for creating a central network + + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Setting | + +===================================+==========================================================================================================================+ + | Name | Enter a name for the central network. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------+ + | Description | Describe the central network for easy identification. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------+ + | Policy | - Region | + | | | + | | Add a policy to record your configuration. You need to select a region for the policy. | + | | | + | | - Enterprise Router | + | | | + | | Add only one enterprise router for a region. All added enterprise routers can communicate with each other by default. | + | | | + | | .. note:: | + | | | + | | Please select all the ERs which needs to be connected in one go in Create Central Network page. | + | | | + | | 10 kbit/s of bandwidth is provided for testing connectivity between enterprise routers. | + +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------+ + +#. Click **OK**. + +Viewing a Central Network +------------------------- + +#. Log in to the management console. + +#. Click |image2| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. In the central network list, click the name of the target central network. + +#. On the **Basic Information** tab, you can view the details about the central network. + + + .. figure:: /_static/images/en-us_image_0000002446788280.png + :alt: **Figure 2** Viewing the basic information about a central network + + **Figure 2** Viewing the basic information about a central network + +Modifying a Central Network +--------------------------- + +#. Log in to the management console. +#. Click |image3| in the upper left corner to select a region and a project. +#. In the service list, choose **Network** > **Cloud Connect**. +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. +#. In the central network list, click the name of the target central network. +#. On the **Basic Information** page, you can change the name and description of the central network. + +Deleting a Central Network +-------------------------- + +#. Log in to the management console. + +#. Click |image4| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. In the central network list, locate the central network you want to delete and click **Delete** in the **Operation** column. + +#. In the displayed dialog box, enter **DELETE** to confirm the deletion. + + + .. figure:: /_static/images/en-us_image_0000002446790368.png + :alt: **Figure 3** Deleting a central network + + **Figure 3** Deleting a central network + +.. |image1| image:: /_static/images/en-us_image_0000002125143789.png +.. |image2| image:: /_static/images/en-us_image_0000002125143789.png +.. |image3| image:: /_static/images/en-us_image_0000002125143789.png +.. |image4| image:: /_static/images/en-us_image_0000002125143789.png diff --git a/umn/source/central_network_operation_guide/central_networks/cross-site_connection_bandwidths.rst b/umn/source/central_network_operation_guide/central_networks/cross-site_connection_bandwidths.rst new file mode 100644 index 0000000..3d15634 --- /dev/null +++ b/umn/source/central_network_operation_guide/central_networks/cross-site_connection_bandwidths.rst @@ -0,0 +1,153 @@ +:original_name: cc_03_1050.html + +.. _cc_03_1050: + +Cross-Site Connection Bandwidths +================================ + +Scenarios +--------- + +Enterprise routers in different regions added to the same policy can communicate with each other after you purchase a global connection bandwidth and assign cross-site connection bandwidths for these network resources. + +Constraints +----------- + +- :ref:`Changing Cross-Site Connection Bandwidth ` and :ref:`Deleting a Cross-Site Connection Bandwidth ` cannot be performed when a cross-site connection is being created, updated, deleted, frozen, unfrozen, or is recovering. +- The total of cross-site connection bandwidths cannot exceed the global connection bandwidth. +- Cross site connection bandwidths are displayed only when a central network is created with at least 2 enterprise routers (1 per region) under policies. + +.. _cc_03_1050__section6858346105817: + +Assigning a Cross-Site Connection Bandwidth +------------------------------------------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. Click the **Cross-Site Connection Bandwidths** tab. + +#. Locate the cross-site connection and click **Assign now** in the **Global Connection Bandwidth** column. + +#. On the **Assign Bandwidth** page, select the global connection bandwidth. + + You can also click **create Now** if there are no available global connection bandwidths. + + + .. figure:: /_static/images/en-us_image_0000002446606818.png + :alt: **Figure 1** Assigning a cross-site connection bandwidth + + **Figure 1** Assigning a cross-site connection bandwidth + +#. Enter the bandwidth. + +#. Click **OK**. + +Viewing Monitoring Metrics of Cross-Site Connection Bandwidths +-------------------------------------------------------------- + +You can view the status of each cross-site connection bandwidth assigned for communication between network resources. + +#. Log in to the management console. + +#. Click |image2| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. Switch to the **Cross-Site Connection Bandwidths** tab and click the icon in the **Monitoring** column to view the monitoring data. + + + .. figure:: /_static/images/en-us_image_0000002449948666.png + :alt: **Figure 2** Cross-site connection bandwidth monitoring + + **Figure 2** Cross-site connection bandwidth monitoring + +.. note:: + + By setting up a central network, you can enable communications between enterprise routers in the same region or across regions. When a central network is used, attachments on the enterprise routers used in the central network policy will be monitored. For details about monitoring, see :ref:`Central Network Metrics `. + +.. _cc_03_1050__section1734561716011: + +Changing Cross-Site Connection Bandwidth +---------------------------------------- + +#. Log in to the management console. + +#. Click |image3| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. Click the **Cross-Site Connection Bandwidths** tab. + +#. Locate the cross-site connection and click **Change Bandwidth** in the **Operation** column. + +#. In the displayed dialog box, change the global connection bandwidth of the cross-site connection. + + You can also change the bandwidth of the cross-site connection. + + + .. figure:: /_static/images/en-us_image_0000002449789746.png + :alt: **Figure 3** Modifying a bandwidth + + **Figure 3** Modifying a bandwidth + +#. Click **OK**. + +.. _cc_03_1050__section658814195716: + +Deleting a Cross-Site Connection Bandwidth +------------------------------------------ + +#. Log in to the management console. + +#. Click |image4| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. Click the **Cross-Site Connection Bandwidths** tab. + +#. Locate the cross-site connection and click **Delete Bandwidth** in the **Operation** column. + +#. In the displayed dialog box, click **OK**. + + + .. figure:: /_static/images/en-us_image_0000002449949814.png + :alt: **Figure 4** Deleting a cross-site connection bandwidth + + **Figure 4** Deleting a cross-site connection bandwidth + +#. Click **Go to Delete** to delete the global connection bandwidth if you no longer need it to avoid unnecessary charges. + + + .. figure:: /_static/images/en-us_image_0000002461583304.png + :alt: **Figure 5** Confirming whether to delete the global connection bandwidth + + **Figure 5** Confirming whether to delete the global connection bandwidth + +.. note:: + + After you delete a cross-site connection bandwidth, you still need to pay for the global connection bandwidth. + +.. |image1| image:: /_static/images/en-us_image_0000002125143777.png +.. |image2| image:: /_static/images/en-us_image_0000002089584360.png +.. |image3| image:: /_static/images/en-us_image_0000002125143773.png +.. |image4| image:: /_static/images/en-us_image_0000002089584348.png diff --git a/umn/source/central_network_operation_guide/central_networks/index.rst b/umn/source/central_network_operation_guide/central_networks/index.rst new file mode 100644 index 0000000..caece4d --- /dev/null +++ b/umn/source/central_network_operation_guide/central_networks/index.rst @@ -0,0 +1,20 @@ +:original_name: cc_gcn_0000.html + +.. _cc_gcn_0000: + +Central Networks +================ + +- :ref:`Overview ` +- :ref:`Central Networks ` +- :ref:`Policies ` +- :ref:`Cross-Site Connection Bandwidths ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + overview + central_networks + policies + cross-site_connection_bandwidths diff --git a/umn/source/central_network_operation_guide/central_networks/overview.rst b/umn/source/central_network_operation_guide/central_networks/overview.rst new file mode 100644 index 0000000..8229a57 --- /dev/null +++ b/umn/source/central_network_operation_guide/central_networks/overview.rst @@ -0,0 +1,69 @@ +:original_name: cc_03_1010.html + +.. _cc_03_1010: + +Overview +======== + +Central Network +--------------- + +Relying on the cloud backbone network, a central network allows you to easily set up a reliable, intelligent enterprise-grade network and manage global network resources on premises and on the cloud. By setting up a central network, you can enable communication between enterprise routers, in the same region or different regions. + +Application Scenarios +--------------------- + +- Cross-region communication on the cloud: Enterprise routers in different regions are added to a central network as attachments so that resources in these regions can communicate with each other over one network. + + + .. figure:: /_static/images/en-us_image_0000002445430860.png + :alt: **Figure 1** Cross-region communication between enterprise routers + + **Figure 1** Cross-region communication between enterprise routers + +- Global network: By flexibly changing the central network policies, you can build a global network more conveniently. + +Central Network Constraints +--------------------------- + +- To use a central network, the following resources must have been created: + + - Enterprise router: used to set up a central network + + .. note:: + + If you are not the owner of an enterprise router, you cannot use the enterprise router to set up a central network. + +- Policy management + + - A central network can only have one policy. If you apply another policy for this central network, the policy that was previously applied will be automatically cancelled. + - In each policy, only one enterprise router can be added for a region. All added enterprise routers can communicate with each other by default. + - A policy that is being applied or cancelled cannot be deleted. + +- Cross-site connection bandwidth management + + - A cross-site connection bandwidth cannot be changed or deleted when it is being created, updated, deleted, frozen, unfrozen, or is recovering. + - The total of cross-site connection bandwidths cannot exceed the global connection bandwidth. + - If a cross-site connection bandwidth is deleted, you will still be billed for the global connection bandwidth. + +Configuration Process +--------------------- + +:ref:`Figure 2 ` shows the process of configuring a central network to manage global network resources. + +.. _cc_03_1010__fig1846518181211: + +.. figure:: /_static/images/en-us_image_0000002478587813.png + :alt: **Figure 2** Central network configuration process + + **Figure 2** Central network configuration process + +.. table:: **Table 1** Steps for configuring a central network + + +-----+-----------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------+ + | No. | Step | Description | Reference | + +=====+=========================================+=================================================================================================================================================================================================================================================================================+=======================================================================================+ + | 1 | Create a central network. | After an enterprise router is created, you can create a central network and add the enterprise router to a policy of the central network. In this way, resources can communicate with each other across regions, and network resources in each region can be managed centrally. | :ref:`Creating a Central Network ` | + +-----+-----------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------+ + | 2 | Assign cross-site connection bandwidth. | After adding enterprise routers in different regions to the same policy, purchase a global connection bandwidth and assign a bandwidth for cross-site connections. | :ref:`Assigning a Cross-Site Connection Bandwidth ` | + +-----+-----------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------+ diff --git a/umn/source/central_network_operation_guide/central_networks/policies.rst b/umn/source/central_network_operation_guide/central_networks/policies.rst new file mode 100644 index 0000000..7087a27 --- /dev/null +++ b/umn/source/central_network_operation_guide/central_networks/policies.rst @@ -0,0 +1,97 @@ +:original_name: cc_03_1030.html + +.. _cc_03_1030: + +Policies +======== + +Scenarios +--------- + +Policies record the enterprises routers that have been added to a central network to allow you to better manage your network. You can apply policies of any version. + +Constraints +----------- + +- A central network can only have one policy. If you apply another policy for this central network, the policy that was previously applied will be automatically cancelled. +- In each policy, only one enterprise router can be added for a region. All added enterprise routers can communicate with each other by default. +- A policy that is being applied or cancelled cannot be deleted. + +Creating a Policy +----------------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. On the **Policies** tab, click **Add Policy**. + +#. Select the target region and enterprise router in that region. + + You can click **Add Enterprise Router** to add an enterprise router in another region. + + + .. figure:: /_static/images/en-us_image_0000002446287918.png + :alt: **Figure 1** Creating a policy + + **Figure 1** Creating a policy + +#. Click **OK**. + +Applying a Policy +----------------- + +#. Log in to the management console. + +#. Click |image2| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. On the **Policies** tab, locate the policy you want to apply and click **Apply** on the right. + + + .. figure:: /_static/images/en-us_image_0000002483026245.png + :alt: **Figure 2** Applying a policy + + **Figure 2** Applying a policy + +#. In the **Policy Changes** area on the right, check the change of the enterprise router in the policy. + +#. Click **OK**. + +Deleting a Policy +----------------- + +#. Log in to the management console. + +#. Click |image3| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. + +#. Locate the central network and click its name. + +#. On the **Policies** tab, locate the policy you want to delete and click **Delete** on the right. + + + .. figure:: /_static/images/en-us_image_0000002449787866.png + :alt: **Figure 3** Deleting a policy + + **Figure 3** Deleting a policy + +#. In the displayed dialog box, click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000002089584376.png +.. |image2| image:: /_static/images/en-us_image_0000002125143785.png +.. |image3| image:: /_static/images/en-us_image_0000002089584372.png diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/adding_instances_to_a_global_connection_bandwidth.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/adding_instances_to_a_global_connection_bandwidth.rst new file mode 100644 index 0000000..2e3e0bd --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/adding_instances_to_a_global_connection_bandwidth.rst @@ -0,0 +1,39 @@ +:original_name: cc_03_1103.html + +.. _cc_03_1103: + +Adding Instances to a Global Connection Bandwidth +================================================= + +Scenarios +--------- + +Central networks can use global connection bandwidths for communication. + +Constraints +----------- + +- Instances that can be added to a global connection bandwidth must be from the same region as the bandwidth. +- A global connection bandwidth can only be used by instances of the same type. If you want another type of instances to use a global connection bandwidth that already has instances, you need to remove the instances first. + + - You can bind one global connection bandwidth to or unbind it from a central network at a time. + +- To use a global connection bandwidth on a central network, you need to configure cross-site connections by referring to the following: + + - :ref:`Central Networks ` + - :ref:`Policies ` + +Using a Global Connection Bandwidth on a Central Network +-------------------------------------------------------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner to select a region and a project. +#. In the service list, choose **Network** > **Cloud Connect**. +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. +#. In the central network list, click the name of the target central network. +#. Click the **Cross-Site Connection Bandwidths** tab. +#. Locate the cross-site connection and click **Assign now** in the **Global Connection Bandwidth** column. +#. On the **Assign Bandwidth** page, select the global connection bandwidth. +#. Specify the bandwidth and click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000002089104752.png diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/creating_a_global_connection_bandwidth.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/creating_a_global_connection_bandwidth.rst new file mode 100644 index 0000000..6ebdaa8 --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/creating_a_global_connection_bandwidth.rst @@ -0,0 +1,82 @@ +:original_name: cc_03_1102.html + +.. _cc_03_1102: + +Creating a Global Connection Bandwidth +====================================== + +Scenarios +--------- + +This section describes how to create a global connection bandwidth for communication over the backbone network. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner to select a region and a project. + +#. In the service list, choose **Network** > **Cloud Connect**. + +#. In the navigation pane on the left, choose **Intra-Cloud** > **Global Connection Bandwidths**. + +#. Click **Create Global Connection Bandwidth**. + +#. Configure the parameters based on :ref:`Table 1 `. + + + .. figure:: /_static/images/en-us_image_0000002480095461.png + :alt: **Figure 1** Creating a global connection bandwidth + + **Figure 1** Creating a global connection bandwidth + + .. _cc_03_1102__table9908161616: + + .. table:: **Table 1** Parameters required for creating a global connection bandwidth + + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Description | + +===================================+===========================================================================================================================================================+ + | Bandwidth Type | Mandatory | + | | | + | | Only geographic-region bandwidths are supported. You need to select a geographic region and specify the regions that need to communicate with each other. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Geographic Region | Only **Europe** is supported if **Geographic-region** is selected for **Bandwidth Type**. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Connect Regions | Regions that need to communicate with each other in a geographic region. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Billed By | Mandatory | + | | | + | | The price of a global connection bandwidth varies by its size. | + | | | + | | - After a bandwidth is purchased, the billing starts immediately regardless of whether the bandwidth is used. | + | | - If a bandwidth is no longer required, delete it in a timely manner to avoid unnecessary fees. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Bandwidth | Mandatory | + | | | + | | Select the bandwidth, in Mbit/s. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Bandwidth Name | Mandatory | + | | | + | | Enter the name of the bandwidth. The name: | + | | | + | | - Must contain 1 to 64 characters. | + | | - Can contain letters, digits, underscores (_), hyphens (-), and periods (.). | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Enterprise Project | Mandatory | + | | | + | | Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project. | + +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +#. Click **Next**. + +#. Confirm the configurations and click **Submit**. + + The global connection bandwidth list page is displayed. + +#. In the global connection bandwidth list, view the status of the bandwidth. + + If the bandwidth status becomes **Normal**, the creation is successful. + +.. |image1| image:: /_static/images/en-us_image_0000002089264608.png diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/deleting_a_global_connection_bandwidth.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/deleting_a_global_connection_bandwidth.rst new file mode 100644 index 0000000..e12154d --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/deleting_a_global_connection_bandwidth.rst @@ -0,0 +1,28 @@ +:original_name: cc_03_1106.html + +.. _cc_03_1106: + +Deleting a Global Connection Bandwidth +====================================== + +Scenarios +--------- + +If a pay-per-use global connection bandwidth is no longer needed, delete the bandwidth in a timely manner to avoid extra expenditures. + +Constraints +----------- + +If a global connection bandwidth is in use by instances, it cannot be deleted. Remove the instances from the global connection bandwidth first. + +Procedure +--------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner to select a region and a project. +#. In the service list, choose **Network** > **Cloud Connect**. +#. In the navigation pane on the left, choose **Intra-Cloud** > **Global Connection Bandwidths**. +#. Locate the global connection bandwidth you want to delete and click **Delete** in the **Operation** column. +#. In the displayed dialog box, click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000002461833813.png diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/index.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/index.rst new file mode 100644 index 0000000..712cf73 --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/index.rst @@ -0,0 +1,24 @@ +:original_name: cc_gpb_0000.html + +.. _cc_gpb_0000: + +Global Connection Bandwidths +============================ + +- :ref:`Overview ` +- :ref:`Creating a Global Connection Bandwidth ` +- :ref:`Adding Instances to a Global Connection Bandwidth ` +- :ref:`Removing Instances from a Global Connection Bandwidth ` +- :ref:`Modifying a Global Connection Bandwidth ` +- :ref:`Deleting a Global Connection Bandwidth ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + overview + creating_a_global_connection_bandwidth + adding_instances_to_a_global_connection_bandwidth + removing_instances_from_a_global_connection_bandwidth + modifying_a_global_connection_bandwidth + deleting_a_global_connection_bandwidth diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/modifying_a_global_connection_bandwidth.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/modifying_a_global_connection_bandwidth.rst new file mode 100644 index 0000000..0d736b4 --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/modifying_a_global_connection_bandwidth.rst @@ -0,0 +1,27 @@ +:original_name: cc_03_1105.html + +.. _cc_03_1105: + +Modifying a Global Connection Bandwidth +======================================= + +Scenarios +--------- + +This section describes how to modify a global connection bandwidth. + +You can only modify the bandwidth name and bandwidth. If you modify the bandwidth, the new bandwidth takes effect immediately. + + +Modifying a Global Connection Bandwidth +--------------------------------------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner to select a region and a project. +#. In the service list, choose **Network** > **Cloud Connect**. +#. In the navigation pane on the left, choose **Intra-Cloud** > **Global Connection Bandwidths**. +#. Locate the global connection bandwidth and click **Modify Bandwidth** in the **Operation** column. +#. On the **Modify Global Connection Bandwidth** page, modify the bandwidth name and bandwidth and click **Next**. +#. Confirm the information and click **Submit**. + +.. |image1| image:: /_static/images/en-us_image_0000002089264612.png diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/overview.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/overview.rst new file mode 100644 index 0000000..5e436fa --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/overview.rst @@ -0,0 +1,46 @@ +:original_name: cc_03_1101.html + +.. _cc_03_1101: + +Overview +======== + +Global Connection Bandwidth +--------------------------- + +A global connection bandwidth is used by instances to allow communication over the backbone network. + +.. table:: **Table 1** Global connection bandwidth types + + +-------------------+-----------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + | Bandwidth Type | Instance Type | Description | Scenario | + +===================+=================+=====================================================================================+================================================================================+ + | Geographic-region | Central network | Select this type of bandwidth if you need communication within a geographic region. | Enterprise routers on a central network must be in the same geographic region. | + +-------------------+-----------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + +Constraints on Global Connection Bandwidths +------------------------------------------- + +- Instances that can be added to a global connection bandwidth must be in the same region as the bandwidth. +- A global connection bandwidth can only be used by instances of the same type. If you want another type of instances to use a global connection bandwidth that already has instances, you need to remove the instances first. +- To use a global connection bandwidth on a central network, you need to configure cross-site connections by referring to the following: + + - :ref:`Central Networks ` + - :ref:`Policies ` + +- Before an instance is removed from a global connection bandwidth, ensure the instance is not used to run workloads or establish network connectivity, or the workloads will be unavailable or the network will be interrupted. +- If a global connection bandwidth has been used to assign cross-site connection bandwidths for a central network, the global connection bandwidth cannot be unbound from the central network. You need to delete the cross-site connection bandwidths first. +- If a global connection bandwidth is in use by instances, it cannot be deleted. + +Geographic-Region Bandwidth Application Scenario (Central Network) +------------------------------------------------------------------ + +In this example, enterprise routers are connected over a central network. + +Enterprise router ER-A in Germany and enterprise router ER-B in Netherlands are from the same geographic region, so a geographic-region bandwidth can be used for communication between the two enterprise routers. + + +.. figure:: /_static/images/en-us_image_0000002482863093.png + :alt: **Figure 1** Cross-region communication between enterprise routers + + **Figure 1** Cross-region communication between enterprise routers diff --git a/umn/source/central_network_operation_guide/global_connection_bandwidths/removing_instances_from_a_global_connection_bandwidth.rst b/umn/source/central_network_operation_guide/global_connection_bandwidths/removing_instances_from_a_global_connection_bandwidth.rst new file mode 100644 index 0000000..38f52fa --- /dev/null +++ b/umn/source/central_network_operation_guide/global_connection_bandwidths/removing_instances_from_a_global_connection_bandwidth.rst @@ -0,0 +1,32 @@ +:original_name: cc_03_1104.html + +.. _cc_03_1104: + +Removing Instances from a Global Connection Bandwidth +===================================================== + +Scenarios +--------- + +You can unbind a global connection bandwidth from a central network. + +Constraints +----------- + +- Before an instance is removed from a global connection bandwidth, the instance is not used to run workloads or establish network connectivity, or the workloads will be unavailable or the network will be interrupted. +- A global connection bandwidth can only be used by one type of instances. If you want to change the instance type, remove all the instances from the global connection bandwidth and then add instances of another type by referring to :ref:`Adding Instances to a Global Connection Bandwidth `. +- If a global connection bandwidth has been used to assign cross-site connection bandwidths for a central network, the global connection bandwidth cannot be unbound from the central network. You need to delete the cross-site connection bandwidths first. + +Deleting Cross-Site Connection Bandwidth +---------------------------------------- + +#. Log in to the management console. +#. Click |image1| in the upper left corner to select a region and a project. +#. In the service list, choose **Network** > **Cloud Connect**. +#. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. +#. In the central network list, click the name of the target central network. +#. Click the **Cross-Site Connection Bandwidths** tab. +#. Locate the cross-site connection and click **Delete Bandwidth** in the **Operation** column. +#. In the displayed dialog box, click **OK**. + +.. |image1| image:: /_static/images/en-us_image_0000002089104748.png diff --git a/umn/source/central_network_operation_guide/index.rst b/umn/source/central_network_operation_guide/index.rst new file mode 100644 index 0000000..c587d0c --- /dev/null +++ b/umn/source/central_network_operation_guide/index.rst @@ -0,0 +1,20 @@ +:original_name: en-us_topic_0000002078053242.html + +.. _en-us_topic_0000002078053242: + +Central Network Operation Guide +=============================== + +- :ref:`Permissions Management ` +- :ref:`Central Networks ` +- :ref:`Global Connection Bandwidths ` +- :ref:`Monitoring and Auditing ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + permissions_management/index + central_networks/index + global_connection_bandwidths/index + monitoring_and_auditing/index diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/index.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/index.rst new file mode 100644 index 0000000..bcbb407 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/index.rst @@ -0,0 +1,16 @@ +:original_name: cc_03_0881.html + +.. _cc_03_0881: + +Monitoring and Auditing +======================= + +- :ref:`Using Cloud Eye to Monitor Central Network Metrics ` +- :ref:`Using CTS to Record Key Operations on Central Networks ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + using_cloud_eye_to_monitor_central_network_metrics/index + using_cts_to_record_key_operations_on_central_networks/index diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/central_network_metrics.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/central_network_metrics.rst new file mode 100644 index 0000000..e967c33 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/central_network_metrics.rst @@ -0,0 +1,52 @@ +:original_name: cc_03_0884.html + +.. _cc_03_0884: + +Central Network Metrics +======================= + +Description +----------- + +By setting up a central network, you can enable communication between enterprise routers, as well as between enterprise routers and your on-premises data center, in the same region or across regions. When a central network is used, attachments on the enterprise routers used in the central network policy will be monitored. + +This section describes metrics reported by enterprise routers in the central network policy to Cloud Eye as well as their namespaces and dimensions. You can view the metrics on the Cloud Eye console. + +Namespace +--------- + +SYS.ER + +Metrics +------- + +.. table:: **Table 1** Monitoring metrics of an attachment + + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | ID | Name | Description | Value Range | Unit | Conversion Rule | Monitored Object (Dimension) | Monitoring Interval (Raw Data) | + +===================================+=========================================+=========================================================================================+=============+=======+=================+=================================+================================+ + | attachment_bytes_in | Inbound Traffic | Network traffic going into the attachment | >= 0 | Byte | 1024 (IEC) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_bytes_out | Outbound Traffic | Network traffic going out of the attachment | >= 0 | Byte | 1024 (IEC) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_bits_rate_in | Inbound Bandwidth | Network traffic per second going into the attachment | >= 0 | bit/s | 1000 (SI) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_bits_rate_out | Outbound Bandwidth | Network traffic per second going out of the attachment | >= 0 | bit/s | 1000 (SI) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_packets_in | Inbound PPS | Packets per second going into the attachment | >= 0 | PPS | 1000 (SI) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_packets_out | Outbound PPS | Packets per second going out of the attachment | >= 0 | PPS | 1000 (SI) | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_packets_drop_blackhole | Packets Dropped by Black Hole Route | The number of packets dropped because they matched a black hole route on the attachment | >= 0 | Count | N/A | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + | attachment_packets_drop_noroute | Packets Dropped Due to No Route Matched | The number of packets dropped because they did not match a route on the attachment | >= 0 | Count | N/A | er_instance_id,er_attachment_id | 1 minute | + +-----------------------------------+-----------------------------------------+-----------------------------------------------------------------------------------------+-------------+-------+-----------------+---------------------------------+--------------------------------+ + +Dimensions +---------- + +================ ============================ +Key Value +================ ============================ +er_attachment_id Enterprise router attachment +================ ============================ diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/creating_an_alarm_rule.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/creating_an_alarm_rule.rst new file mode 100644 index 0000000..8cfcc02 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/creating_an_alarm_rule.rst @@ -0,0 +1,51 @@ +:original_name: cc_03_0886.html + +.. _cc_03_0886: + +Creating an Alarm Rule +====================== + +Scenarios +--------- + +This section describes how to create alarm rules and notifications for enterprise router attachments. + +The alarm function provides the alarm service for monitoring data. By creating alarm rules, you define how the alarm system checks monitoring data and sends alarm notifications when monitoring data meets alarm policies. + +After creating alarm rules for important metrics, you can timely know metric data exceptions and quickly rectify the faults. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click **Service List**. Under **Management & Deployment**, click **Cloud Eye**. + + The **Cloud Eye** console is displayed. + +#. In the navigation pane on the left, choose **Cloud Service Monitoring** > **Enterprise Router**. + + The enterprise router list is displayed. + +#. Create an alarm rule and notification for an enterprise router attachment. + + a. In the enterprise router list, locate the enterprise router, click |image2| to view its attachments, locate the attachment, and click **Create Alarm Rule** in the **Operation** column. + + The **Create Alarm Rule** page is displayed. + + b. On the **Create Alarm Rule** page, configure the parameters as prompted. + + .. note:: + + For details about the parameters on the **Create Alarm Rule** page, see the Cloud Eye User Guide. + +#. Click **Create**. + + .. note:: + + After the alarm rule is configured, if you have enabled alarm notifications and configured related parameters, you will receive notifications once an alarm is triggered. + +.. |image1| image:: /_static/images/en-us_image_0000001190483836.png +.. |image2| image:: /_static/images/en-us_image_0000002082224192.png diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/index.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/index.rst new file mode 100644 index 0000000..c42277a --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/index.rst @@ -0,0 +1,18 @@ +:original_name: cc_03_0882.html + +.. _cc_03_0882: + +Using Cloud Eye to Monitor Central Network Metrics +================================================== + +- :ref:`Central Network Metrics ` +- :ref:`Viewing Central Network Metrics ` +- :ref:`Creating an Alarm Rule ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + central_network_metrics + viewing_central_network_metrics + creating_an_alarm_rule diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/viewing_central_network_metrics.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/viewing_central_network_metrics.rst new file mode 100644 index 0000000..5be985b --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cloud_eye_to_monitor_central_network_metrics/viewing_central_network_metrics.rst @@ -0,0 +1,37 @@ +:original_name: cc_03_0885.html + +.. _cc_03_0885: + +Viewing Central Network Metrics +=============================== + +Scenarios +--------- + +You can view the metrics of attachments on the enterprise routers in a central network policy on the Cloud Eye console. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click **Service List**. Under **Management & Deployment**, click **Cloud Eye**. + + The **Cloud Eye** console is displayed. + +#. In the navigation pane on the left, choose **Cloud Service Monitoring** > **Enterprise Router**. + + The enterprise router list is displayed. + +#. View the real-time metrics of enterprise router attachments. + + a. In the enterprise router list, locate the enterprise router, click |image2| to view its attachments, locate the attachment, and click **View Metric** in the **Operation** column. + + The metrics are displayed. + + b. View metrics of the attachment. + +.. |image1| image:: /_static/images/en-us_image_0000001190483836.png +.. |image2| image:: /_static/images/en-us_image_0000002082069408.png diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/index.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/index.rst new file mode 100644 index 0000000..d6b9ce3 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/index.rst @@ -0,0 +1,16 @@ +:original_name: cc_03_0887.html + +.. _cc_03_0887: + +Using CTS to Record Key Operations on Central Networks +====================================================== + +- :ref:`Key Central Network Operations ` +- :ref:`Viewing Central Network Audit Logs ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + key_central_network_operations + viewing_central_network_audit_logs diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/key_central_network_operations.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/key_central_network_operations.rst new file mode 100644 index 0000000..5e1a931 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/key_central_network_operations.rst @@ -0,0 +1,55 @@ +:original_name: gcn_sj_0001.html + +.. _gcn_sj_0001: + +Key Central Network Operations +============================== + +Scenarios +--------- + +With CTS, you can record operations associated with central networks and global connection bandwidths for later query, audit, and backtracking. + +Prerequisites +------------- + +You have enabled CTS. + +Key Operations Recorded by CTS +------------------------------ + +.. table:: **Table 1** Central network operations that can be recorded by CTS + + +---------------------------------------+--------------------------+--------------------------------+ + | Operation | Resource | Trace | + +=======================================+==========================+================================+ + | Creating a central network | centralNetwork | createCentralNetwork | + +---------------------------------------+--------------------------+--------------------------------+ + | Updating a central network | centralNetwork | updateCentralNetwork | + +---------------------------------------+--------------------------+--------------------------------+ + | Deleting a central network | centralNetwork | deleteCentralNetwork | + +---------------------------------------+--------------------------+--------------------------------+ + | Adding a central network policy | centralNetworkPolicy | createCentralNetworkPolicy | + +---------------------------------------+--------------------------+--------------------------------+ + | Applying a central network policy | centralNetworkPolicy | applyCentralNetworkPolicy | + +---------------------------------------+--------------------------+--------------------------------+ + | Deleting a central network policy | centralNetworkPolicy | deleteCentralNetworkPolicy | + +---------------------------------------+--------------------------+--------------------------------+ + | Updating a central network connection | centralNetworkConnection | updateCentralNetworkConnection | + +---------------------------------------+--------------------------+--------------------------------+ + +.. table:: **Table 2** Global connection bandwidth operations recorded by CTS + + +----------------------------------------------------------+---------------------------+-------------------+ + | Operation | Resource | Trace | + +==========================================================+===========================+===================+ + | Creating a global connection bandwidth | globalConnectionBandwidth | createGcBandwidth | + +----------------------------------------------------------+---------------------------+-------------------+ + | Updating a global connection bandwidth | globalConnectionBandwidth | updateGcBandwidth | + +----------------------------------------------------------+---------------------------+-------------------+ + | Deleting a global connection bandwidth | globalConnectionBandwidth | deleteGcBandwidth | + +----------------------------------------------------------+---------------------------+-------------------+ + | Binding a global connection bandwidth to an instance | globalConnectionBandwidth | bindGcBandwidth | + +----------------------------------------------------------+---------------------------+-------------------+ + | Unbinding a global connection bandwidth from an instance | globalConnectionBandwidth | unbindGcBandwidth | + +----------------------------------------------------------+---------------------------+-------------------+ diff --git a/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/viewing_central_network_audit_logs.rst b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/viewing_central_network_audit_logs.rst new file mode 100644 index 0000000..541c615 --- /dev/null +++ b/umn/source/central_network_operation_guide/monitoring_and_auditing/using_cts_to_record_key_operations_on_central_networks/viewing_central_network_audit_logs.rst @@ -0,0 +1,55 @@ +:original_name: cc_03_0889.html + +.. _cc_03_0889: + +Viewing Central Network Audit Logs +================================== + +Scenarios +--------- + +After CTS is enabled, it starts recording operations on cloud resources. You can view the operation records of the last seven days on the CTS console. + +This section describes how you can query or export the operation records of the last seven days on the CTS console. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner to select a region and a project. + +#. In the upper left corner of the page, click |image2| to go to the service list. Under **Management & Deployment**, click **Cloud Trace Service**. + +#. In the navigation pane on the left, choose **Trace List** + +#. Specify filters as needed. The following filters are available: + + + .. figure:: /_static/images/en-us_image_0000002122008564.png + :alt: **Figure 1** Filters + + **Figure 1** Filters + + - **Trace Source**, **Resource Type**, and **Search By** + + Select filters from the drop-down list. + + After you select **Trace name** for **Search By**, you also need to select a trace name. + + After you select **Resource ID** for **Search By**, you also need to select or enter a resource ID. + + After you select **Resource name** for **Search By**, you also need to select or enter a resource name. + + - **Operator**: Select a specific operator (at the user level rather than the tenant level). + + - **Trace Status**: Select **All trace statuses**, **Normal**, **Warning**, or **Incident**. + + - Search time range: In the upper right corner, choose **Last 1 hour**, **Last 1 day**, or **Last 1 week**, or specify a custom time range. + +#. Click the arrow on the left of the required trace to expand its details. + +#. Click **View Trace** in the **Operation** column to view trace details. + +.. |image1| image:: /_static/images/en-us_image_0000002157370221.png +.. |image2| image:: /_static/images/en-us_image_0000002121850428.png diff --git a/umn/source/central_network_operation_guide/permissions_management/central_network_custom_policies.rst b/umn/source/central_network_operation_guide/permissions_management/central_network_custom_policies.rst new file mode 100644 index 0000000..6e79ad0 --- /dev/null +++ b/umn/source/central_network_operation_guide/permissions_management/central_network_custom_policies.rst @@ -0,0 +1,84 @@ +:original_name: cc_03_0992.html + +.. _cc_03_0992: + +Central Network Custom Policies +=============================== + +Custom policies can be created to supplement the system-defined policies. + +You can create custom policies in either of the following ways: + +- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax. +- JSON: Create a JSON policy or edit an existing one. + +For details, see `Creating a Custom Policy `__. The following section contains examples of common custom policies. + +Example Custom Policies +----------------------- + +- Example 1: Allowing users to delete central networks + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "cc:centralNetwork:delete" + ] + } + ] + } + +- Example 2: Denying the deletion of central network policies + + A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions. + + The following method can be used if you need to assign permissions of the **CC FullAccess** policy to a user but also forbid the user from deleting central network policies. Create a custom policy and assign both policies to the group that the user belongs to. Then the user can perform all operations on Cloud Connect resources except deleting central network policies. The following is an example of a deny policy: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Deny", + "Action": [ + "cc:centralNetwork:deletePolicy" + ] + } + ] + } + +- Example 3: Create a custom policy containing multiple actions. + + A custom policy can contain the actions of multiple services that are of the global or project-level type. The following is an example policy containing actions of multiple services: + + .. code-block:: + + { + "Version": "1.1", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "cc:centralNetwork:create", + "cc:centralNetwork:update", + "cc:centralNetwork:delete", + "cc:centralNetwork:get" + ] + }, + { + "Effect": "Allow", + "Action": [ + "er:instances:create", + "er:instances:update", + "er:instances:delete", + "er:instances:get" + ] + } + ] + } diff --git a/umn/source/central_network_operation_guide/permissions_management/creating_a_user_and_granting_central_network_permissions.rst b/umn/source/central_network_operation_guide/permissions_management/creating_a_user_and_granting_central_network_permissions.rst new file mode 100644 index 0000000..cb15968 --- /dev/null +++ b/umn/source/central_network_operation_guide/permissions_management/creating_a_user_and_granting_central_network_permissions.rst @@ -0,0 +1,46 @@ +:original_name: cc_03_0991.html + +.. _cc_03_0991: + +Creating a User and Granting Central Network Permissions +======================================================== + +Use IAM to implement fine-grained permissions control for your Cloud Connect resources. With IAM, you can: + +- Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing Cloud Connect resources. +- Grant users only the permissions required to perform a given task based on their job responsibilities. +- Entrust an account or cloud service to perform efficient O&M on your Cloud Connect resources. + +Skip this part if you do not require individual IAM users for refined permissions management. + +:ref:`Figure 1 ` shows the process of granting permissions. + +Prerequisites +------------- + +Before you assign permissions to a user group, you need to know the permissions that you can assign to the user group and select permissions based on service requirements. For details about the system permissions, see :ref:`Permissions `. For the system policies of other services, see `System Permissions `__. + +Process Flow +------------ + +.. _cc_03_0991__en-us_topic_0285331217_en-us_topic_0173533526_en-us_topic_0173481716_en-us_topic_0172268189_fig12481104618719: + +.. figure:: /_static/images/en-us_image_0000002090740630.png + :alt: **Figure 1** Process of granting permissions + + **Figure 1** Process of granting permissions + +#. .. _cc_03_0991__en-us_topic_0285331217_en-us_topic_0173533526_en-us_topic_0173481716_en-us_topic_0172268189_li10269636890: + + `Create a user group and assign permissions `__ (the **Cross Connect Administrator** policy used as an example). + +#. `Create an IAM user and add it to a group `__. + + On the IAM console, create a user and add it to the user group created in :ref:`1 `. + +#. `Log in `__ and verify permissions. + + After logging in to the Cloud Connect console using the user's credentials, verify that the user has all permissions for Cloud Connect resources. + + - In the service list, choose **Network** > **Cloud Connect**. In the navigation pane on the left, choose **Cloud Connect** > **Central Networks**. Click **Create Central Network** in the upper right corner. If the creation is successful, the **Cross Connect Administrator** policy has taken effect. + - Choose any other service in the service list. A message will appear indicating that you have sufficient permissions to access the service. diff --git a/umn/source/central_network_operation_guide/permissions_management/index.rst b/umn/source/central_network_operation_guide/permissions_management/index.rst new file mode 100644 index 0000000..83d5d3a --- /dev/null +++ b/umn/source/central_network_operation_guide/permissions_management/index.rst @@ -0,0 +1,16 @@ +:original_name: cc_03_0990.html + +.. _cc_03_0990: + +Permissions Management +====================== + +- :ref:`Creating a User and Granting Central Network Permissions ` +- :ref:`Central Network Custom Policies ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_user_and_granting_central_network_permissions + central_network_custom_policies diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst new file mode 100644 index 0000000..f1ec58d --- /dev/null +++ b/umn/source/change_history.rst @@ -0,0 +1,16 @@ +:original_name: cc_00_0001.html + +.. _cc_00_0001: + +Change History +============== + ++-----------------------------------+--------------------------------------------+ +| Release Date | Description | ++===================================+============================================+ +| 2025-09-04 | This issue is the second official release. | +| | | +| | Added :ref:`Getting Started `. | ++-----------------------------------+--------------------------------------------+ +| 2024-11-26 | This issue is the first official release. | ++-----------------------------------+--------------------------------------------+ diff --git a/umn/source/conf.py b/umn/source/conf.py old mode 100755 new mode 100644 diff --git a/umn/source/docutils.conf b/umn/source/docutils.conf new file mode 100644 index 0000000..7cbe4c1 --- /dev/null +++ b/umn/source/docutils.conf @@ -0,0 +1,2 @@ +[html writers] +table-style: table, caption-top \ No newline at end of file diff --git a/umn/source/getting_started/index.rst b/umn/source/getting_started/index.rst new file mode 100644 index 0000000..a9e599b --- /dev/null +++ b/umn/source/getting_started/index.rst @@ -0,0 +1,14 @@ +:original_name: cc_02_0000.html + +.. _cc_02_0000: + +Getting Started +=============== + +- :ref:`Using a Central Network and Enterprise Routers to Connect VPCs in the Same Account But Different Regions ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + using_a_central_network_and_enterprise_routers_to_connect_vpcs_in_the_same_account_but_different_regions diff --git a/umn/source/getting_started/using_a_central_network_and_enterprise_routers_to_connect_vpcs_in_the_same_account_but_different_regions.rst b/umn/source/getting_started/using_a_central_network_and_enterprise_routers_to_connect_vpcs_in_the_same_account_but_different_regions.rst new file mode 100644 index 0000000..e300e31 --- /dev/null +++ b/umn/source/getting_started/using_a_central_network_and_enterprise_routers_to_connect_vpcs_in_the_same_account_but_different_regions.rst @@ -0,0 +1,427 @@ +:original_name: cc_02_0203.html + +.. _cc_02_0203: + +Using a Central Network and Enterprise Routers to Connect VPCs in the Same Account But Different Regions +======================================================================================================== + +Relying on the backbone network, you can set up a central network to manage global network resources on premises and on the cloud easily and securely. After attaching the VPCs to enterprise routers in each region, you can add the enterprise routers to a central network, so that all the VPCs attached to the enterprise routers can communicate with each other across regions. + +In this topic, a central network and enterprise routers are used to connect the VPCs in the same account but different regions. + +Architecture +------------ + +For nearby access, an enterprise runs workloads in regions A, B, and C. The VPCs in each region need to communicate with each other. To achieve this, you can: + +#. Create an enterprise router in each region: ER-A in region A, ER-B in region B, and ER-C in region C. +#. Create a central network and add ER-A, ER-B, and ER-C to the central network as attachments so that the three enterprise routers can communicate with each other. +#. In region A, attach VPC-A01 and VPC-A02 to ER-A so that the two VPCs can communicate with each other. Perform the same operations in regions B and C. In this way, the VPCs in the three regions can communicate with each other over the central network. + + +.. figure:: /_static/images/en-us_image_0000002461680909.png + :alt: **Figure 1** Communication between VPCs in different regions + + **Figure 1** Communication between VPCs in different regions + +Network and Resource Planning +----------------------------- + +To use a central network and enterprise routers to connect VPCs across regions, you need to: + +- Plan the central network, VPCs and their subnets, VPC route tables, and enterprise router route tables. +- Plan the quantities, names, and main parameters of cloud resources, including central network, enterprise router, VPC, and ECS. + +**Network Planning** + +:ref:`Figure 2 ` shows the network planning for communication between VPCs across regions. For details about the network planning, see :ref:`Table 2 `. + +.. note:: + + In this example, one VPC is created and attached to an enterprise router in each region. Make the plan based on your service requirements. + +.. _cc_02_0203__en-us_topic_0000002121850204_en-us_topic_0000001210369161_en-us_topic_0000001135431190_fig121911186551: + +.. figure:: /_static/images/en-us_image_0000002178551392.png + :alt: **Figure 2** Cross-region VPC network planning + + **Figure 2** Cross-region VPC network planning + +.. table:: **Table 1** Network traffic flows + + +---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Traffic Flow | What to Do | + +=======================================+========================================================================================================================================================================================================================+ + | Request traffic: from VPC-A to VPC-B | #. In the route table of VPC-A, there are routes with the next hop set to enterprise router ER-A to forward traffic from VPC-A to ER-A. | + | | #. In the route table of enterprise router ER-A, there is a route with the next hop set to the peering connection attachment and destination to 192.168.0.0/16 to forward traffic from ER-A to enterprise router ER-B. | + | | #. In the route table of enterprise router ER-B, there is a route with the next hop set to the VPC-B attachment to forward traffic from ER-B to VPC-B. | + +---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Response traffic: from VPC-B to VPC-A | #. In the route table of VPC-B, there are routes with the next hop set to enterprise router ER-B to forward traffic from VPC-B to ER-B. | + | | #. In the route table of enterprise router ER-B, there is a route with the next hop set to the peering connection attachment and destination to 172.16.0.0/16 to forward traffic from ER-B to enterprise router ER-A. | + | | #. In the route table of enterprise router ER-A, there is a route with the next hop set to the VPC-A attachment to forward traffic from ER-A to VPC-A. | + +---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _cc_02_0203__en-us_topic_0000002121850204_en-us_topic_0000001210369161_en-us_topic_0000001135431190_table350914311846: + +.. table:: **Table 2** Description for cross-region VPC communication + + +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Resource | Description | + +===================================+=======================================================================================================================================================================================================================================================================================================================================================+ + | VPC | - The CIDR blocks of the VPCs to be connected cannot overlap with each other. | + | | | + | | In this example, the CIDR blocks of the VPCs are propagated to the enterprise router route table as the destination in routes. The CIDR blocks cannot be modified and overlapping CIDR blocks may cause route conflicts. | + | | | + | | If your existing VPCs have overlapping CIDR blocks, do not use propagated routes. Instead, you need to manually add static routes to the route table of the enterprise router. The destination can be a subnet CIDR block or a smaller CIDR block. | + | | | + | | - Each VPC has a default route table. | + | | | + | | - Routes in the default route table can be: | + | | | + | | - Local: a system route for communications between subnets in a VPC. | + | | - Enterprise router: automatically added routes with 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations for routing traffic from a VPC subnet to the enterprise router. See :ref:`Table 3 ` for details. | + +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Central network | - Enterprise routers in different regions are added to the central network as attachments. | + | | - Global connection bandwidths are required for assigning cross-site connection bandwidths to for communication across regions. | + +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Enterprise router | The network configuration for the enterprise router in the three regions is the same. :ref:`Table 4 ` lists all routes required by the enterprise router. | + | | | + | | When a central network is set up to connect the enterprise routers, you must enable **Default Route Table Association** and **Default Route Table Propagation** for the enterprise routers. In this way, when an instance is added to an enterprise router, a route pointing to the attachment will be automatically added for the enterprise router. | + +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ECS | An ECS is created in each VPC. If the ECSs are in different security groups, add rules to the security groups to allow access to each other. | + +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _cc_02_0203__en-us_topic_0000002121850204_en-us_topic_0000001210369161_en-us_topic_0000001135431190_table5325182820514: + +.. table:: **Table 3** VPC route tables + + ============== ================= ===================== + Destination Next Hop Route Type + ============== ================= ===================== + 10.0.0.0/8 Enterprise router Static route (custom) + 172.16.0.0/12 Enterprise router Static route (custom) + 192.168.0.0/16 Enterprise router Static route (custom) + ============== ================= ===================== + +.. note:: + + - If you enable **Auto Add Routes** when creating a VPC attachment, you do not need to manually add static routes to the VPC route table. Instead, the system automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC. + - If an existing route in the VPC route tables has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the routes will fail to be added. In this case, do not enable **Auto Add Routes**. After the attachment is created, manually add routes. + - Do not set the destination of a route (with an enterprise router as the next hop) to 0.0.0.0/0 in the VPC route table. If an ECS in the VPC has an EIP bound, the VPC route table will have a policy-based route with 0.0.0.0/0 as the destination, which has a higher priority than the route with the enterprise router as the next hop. In this case, traffic is forwarded to the EIP and cannot reach the enterprise router. + +.. _cc_02_0203__en-us_topic_0000002121850204_en-us_topic_0000001210369161_table4211920161010: + +.. table:: **Table 4** Enterprise router route tables + + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | Enterprise router | Destination | Next Hop | Route Type | + +===================+==================================+==================================================+==================+ + | Region A: ER-A | VPC-A CIDR block: 172.16.0.0/16 | VPC-A attachment: er-attach-VPC-A | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-B CIDR block: 192.168.0.0/16 | Peering connection attachment: region-A-region-B | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-C CIDR block: 10.0.0.0/16 | Peering connection attachment: region-A-region-C | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | Region B: ER-B | VPC-B CIDR block: 192.168.0.0/16 | VPC-B attachment: er-attach-VPC-B | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-A CIDR block: 172.16.0.0/16 | Peering connection attachment: region-B-region-A | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-C CIDR block: 10.0.0.0/16 | Peering connection attachment: region-B-region-C | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | Region C: ER-C | VPC-C CIDR block: 10.0.0.0/16 | VPC-C attachment: er-attach-VPC-C | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-A CIDR block: 172.16.0.0/16 | Peering connection attachment: region-C-region-A | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + | | VPC-B CIDR block: 192.168.0.0/16 | Peering connection attachment: region-C-region-B | Propagated route | + +-------------------+----------------------------------+--------------------------------------------------+------------------+ + +**Resource Planning** + +The enterprise router, VPCs, and ECSs must be in the same region, but they can be in different AZs. + +.. note:: + + The following resource planning is only for your reference. + +.. _cc_02_0203__en-us_topic_0000002121850204_en-us_topic_0000001210369161_table14233740534: + +.. table:: **Table 5** Resource planning for cross-region VPC communications + + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Resource | Quantity | Description | + +=============================+=======================+==================================================================================================================================================================================================================+ + | VPC | 3 | A service VPC is required in each region for running workloads. Each VPC needs to be attached to an enterprise router in the same region. | + | | | | + | | | - **Name**: Set it based on site requirements. In this example, the names are as follows: | + | | | | + | | | - Region A: VPC-A | + | | | - Region B: VPC-B | + | | | - Region C: VPC-C | + | | | | + | | | - **IPv4 CIDR Block**: The CIDR blocks of VPCs must be unique. Plan the CIDR blocks based on site requirements. In this example, the CIDR blocks are as follows: | + | | | | + | | | - VPC-A: 172.16.0.0/16 | + | | | - VPC-B: 192.168.0.0/16 | + | | | - VPC-C: 10.0.0.0/16 | + | | | | + | | | - Subnet name and IPv4 CIDR block: The subnet CIDR blocks that need to communicate with each other must be unique. Plan the subnets based on site requirements. In this example, the subnets are as follows: | + | | | | + | | | - Subnet-A01: 172.16.0.0/24 | + | | | - Subnet-B01: 192.168.0.0/24 | + | | | - Subnet-C01: 10.0.0.0/24 | + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Enterprise router | 3 | An enterprise router is required in each region. The VPC in each region is attached to the corresponding enterprise router, and a peering connection attachment is created between every two enterprise routers. | + | | | | + | | | - **Name**: Set it based on site requirements. In this example, the names are as follows: | + | | | | + | | | - Region A: ER-A | + | | | - Region B: ER-B | + | | | - Region C: ER-C | + | | | | + | | | - **ASN**: Set different ASNs for enterprise routers. In this example, the ASNs are as follows: | + | | | | + | | | - ER-A: 64512 | + | | | - ER-B: 64513 | + | | | - ER-C: 64514 | + | | | | + | | | - **Default Route Table Association**: Enable this option. | + | | | | + | | | - **Default Route Table Propagation**: Enable this option. | + | | | | + | | | - **Auto Accept Shared Attachments**: Set it based on site requirements. In this example, this option is enabled. | + | | | | + | | | - **Attachment**: Three attachments are required for each enterprise router. In this example, the attachments are as follows: | + | | | | + | | | ER-A | + | | | | + | | | - VPC attachment er-attach-VPC-A: connects the network between VPC-A and ER-A. | + | | | - Peering connection attachment region-A-region-B: connects the network between ER-A and ER-B. | + | | | - Peering connection attachment region-A-region-C: connects the network between ER-A and ER-C. | + | | | | + | | | ER-B | + | | | | + | | | - VPC attachment er-attach-VPC-B: connects the network between VPC-B and ER-B. | + | | | - Peering connection attachment region-B-region-A: connects the network between ER-B and ER-A. | + | | | - Peering connection attachment region-B-region-C: connects the network between ER-B and ER-C. | + | | | | + | | | ER-C | + | | | | + | | | - VPC attachment er-attach-VPC-C: connects the network between VPC-C and ER-C. | + | | | - Peering connection attachment region-C-region-A: connects the network between ER-C and ER-A. | + | | | - Peering connection attachment region-C-region-B: connects the network between ER-C and ER-B. | + | | | | + | | | .. important:: | + | | | | + | | | NOTICE: | + | | | When a central network is set up to connect the enterprise routers, you must enable **Default Route Table Association** and **Default Route Table Propagation** for the enterprise routers. | + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Central network | 1 | A central network is required, and all enterprise routers are added to it as attachments. | + | | | | + | | | - **Name**: Set it based on site requirements. In this example, the name is gcn-A-B-C. | + | | | - Policy | + | | | | + | | | - Region A: enterprise router ER-A | + | | | - Region B: enterprise router ER-B | + | | | - Region C: enterprise router ER-C | + | | | | + | | | - Cross-site connection bandwidths: | + | | | | + | | | - Region A-Region B: 10 Mbit/s | + | | | - Region A-Region C: 5 Mbit/s | + | | | - Region B-Region C: 20 Mbit/s | + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Global connection bandwidth | 3 | Three global connection bandwidths are required to connect the cloud backbone networks in different regions. | + | | | | + | | | - **Name**: Set it based on site requirements. In this example, the names are as follows: | + | | | | + | | | - Global connection bandwidth for communication between region A and region B: bandwidth-A-B | + | | | - Global connection bandwidth for communication between region A and region C: bandwidth-A-C | + | | | - Global connection bandwidth for communication between region B and region C: bandwidth-B-C | + | | | | + | | | - **Bandwidth Type**: Set it based on site requirements. In this example, select **Geographic-region** because the three regions are in the same geographic region. | + | | | - **Connect Regions**: Select the regions based on site requirements. | + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ECS | 3 | Create an ECS in each VPC to verify network connectivity. | + | | | | + | | | - **ECS Name**: Set it based on site requirements. In this example, the names are as follows: | + | | | | + | | | - Region A: ECS-A | + | | | - Region B: ECS-B | + | | | - Region C: ECS-C | + | | | | + | | | - **Network**: Select the VPC and subnet based on site requirements. In this example, the VPCs and subnets are as follows: | + | | | | + | | | - ECS-A: VPC-A, Subnet-A01 | + | | | - ECS-B: VPC-B, Subnet-B01 | + | | | - ECS-C: VPC-C, Subnet-C01 | + | | | | + | | | - **Security Group**: Select a security group based on site requirements. In this example, the security group **sg-demo** uses a general-purpose web server template. | + | | | - Private IP addresses: | + | | | | + | | | - ECS-A: 172.16.0.91 | + | | | - ECS-B: 192.168.0.5 | + | | | - ECS-C: 10.0.0.29 | + +-----------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Process +------- + +.. table:: **Table 6** Steps for connecting VPCs across regions + + +------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ + | Step | What to Do | + +================================================================================================================================================+====================================================================================================================================================+ + | :ref:`Step 1: Create Cloud Resources ` | #. Create three enterprise routers with one in each region. | + | | #. Create a service VPC and its subnet in each region. | + | | #. Create three ECSs with one in the subnet of each service VPC. | + | | #. Create a central network. When creating the central network, create a policy and add the enterprise routers in different regions to the policy. | + | | #. Purchase three global connection bandwidths to connect networks in different regions. | + +------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ + | :ref:`Step 2: Create a VPC Attachment for Each Enterprise Router ` | Create a VPC attachment to each enterprise router. | + +------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ + | :ref:`Step 3: Assign Cross-Site Connection Bandwidths for the Central Network ` | Assign cross-site connection bandwidths on the central network based on service requirements. | + +------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ + | :ref:`Step 4: Verify Network Connectivity ` | Log in to an ECS and run the **ping** command to verify the network connectivity. | + +------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _cc_02_0203__en-us_topic_0000002121850204_section17541934143216: + +Step 1: Create Cloud Resources +------------------------------ + +In this example, you need to create a central network, three enterprise routers, three VPCs, and three ECSs based on :ref:`Table 5 `. + +#. Create an enterprise router in each of the three regions. + + For details, see section "Creating an Enterprise Router" in the *Enterprise Router User Guide*. + + .. note:: + + Specify a unique ASN for each enterprise router. + +#. Create a VPC in each of the three regions. + +#. Create an ECS in each of the three regions. + +#. Create a central network and add the enterprise routers to the central network as attachments. + + a. Create a central network and add the enterprise routers to the central network as attachments. + + b. On the Enterprise Router console, view the peering connection attachments. + + For details, see section "Viewing Details About an Attachment" in the *Enterprise Router User Guide*. + + If the status of the peering connection attachments is **Normal**, the attachments are available. + + **Default Route Table Association** and **Default Route Table Propagation** are enabled when you create enterprise routers. After peering connection attachments are created for the enterprise routers, Enterprise Router will automatically: + + - Associate the peering connection attachment with the default route table of each enterprise router. + - Propagate the peering connection attachment to the default route table of each enterprise router. The route tables automatically learn routes from each other. + +#. Purchase three global connection bandwidths to connect networks in different regions. + +.. _cc_02_0203__en-us_topic_0000002121850204_section985981717415: + +Step 2: Create a VPC Attachment for Each Enterprise Router +---------------------------------------------------------- + +Create a VPC attachment for each enterprise router. For details about resource planning, see :ref:`Table 5 `. + +#. .. _cc_02_0203__en-us_topic_0000002121850204_li536642644112: + + In region A, attach VPC-A to enterprise router ER-A. + + a. Attach the VPC to the enterprise router. + + In this example, enable **Auto Add Routes** to save you from manually configuring routes in the VPC route table. + + For details, see section "Creating VPC Attachments for an Enterprise Router" in the *Enterprise Router User Guide*. + + **Default Route Table Association** and **Default Route Table Propagation** are enabled when you create the enterprise router. After VPCs are attached to the enterprise routers, Enterprise Router will automatically: + + - Associate the VPC attachments with the default route table of the enterprise router. + - Propagate the VPC attachments to the default route table of the enterprise router. The route table automatically learns the VPC CIDR blocks as the destination of routes. + + b. (Optional) Add routes to the VPC route table for traffic to route through the enterprise router. + + Skip this step if you have enabled **Auto Add Routes** in the previous step. For details about routes, see :ref:`Table 3 `. + + For details, see "Adding Routes to VPC Route Tables" in the *Enterprise Router User Guide*. + +#. In region B, attach VPC-B to enterprise router ER-B by referring to :ref:`1 `. + +#. In region C, attach VPC-C to enterprise router ER-C by referring to :ref:`1 `. + +.. _cc_02_0203__en-us_topic_0000002121850204_section9523177164318: + +Step 3: Assign Cross-Site Connection Bandwidths for the Central Network +----------------------------------------------------------------------- + +To allow cross-region VPC communications, you need to assign cross-region connection bandwidths on the central network based on service requirements by referring to :ref:`Table 5 `. + +.. note:: + + By default, Cloud Connect allocates 10 kbit/s of bandwidth for testing connectivity between regions. After the peering connection attachments are created, you can verify the network connectivity between VPCs. For details, see :ref:`Step 4: Verify Network Connectivity `. + + To ensure your workloads run normally, you need to purchase global connection bandwidths and assign cross-site connection bandwidths. + +#. Assign a cross-site connection bandwidth from the purchased global connection bandwidth for the communication between region A and region B. +#. Assign a cross-site connection bandwidth from the purchased global connection bandwidth for the communication between region A and region C. +#. Assign a cross-site connection bandwidth from the purchased global connection bandwidth for the communication between region B and region C + +.. _cc_02_0203__en-us_topic_0000002121850204_section15420121110446: + +Step 4: Verify Network Connectivity +----------------------------------- + +#. .. _cc_02_0203__en-us_topic_0000002121850204_li1413514142499: + + Log in to an ECS. + +#. .. _cc_02_0203__en-us_topic_0000002121850204_li21351014174911: + + In the remote login window of the ECSs, use ping to verify the network connectivity: + + a. Verify the network connectivity between two VPCs. + + **ping** ** + + Log in to ECS-A to verify the network connectivity between VPC-A and VPC-B: + + **ping 192.168.0.5** + + If information similar to the following is displayed, VPC-A and VPC-B can communicate with each other normally: + + .. code-block:: console + + [root@ECS-A ~]# ping 192.168.0.5 + PING 192.168.0.5 (192.168.0.5) 56(84) bytes of data. + 64 bytes from 192.168.0.5: icmp_seq=1 ttl=62 time=30.6 ms + 64 bytes from 192.168.0.5: icmp_seq=2 ttl=62 time=30.2 ms + 64 bytes from 192.168.0.5: icmp_seq=3 ttl=62 time=30.1 ms + 64 bytes from 192.168.0.5: icmp_seq=4 ttl=62 time=30.1 ms + ... + --- 192.168.0.5 ping statistics --- + + b. Verify the network connectivity between another two VPCs. + + **ping** ** + + Log in to ECS-A to verify the network connectivity between VPC-A and VPC-C: + + **ping 10.0.0.29** + + If information similar to the following is displayed, VPC-A and VPC-C can communicate with each other normally: + + .. code-block:: console + + [root@ECS-A ~]# ping 10.0.0.29 + PING 10.0.0.29 (10.0.0.29) 56(84) bytes of data. + 64 bytes from 10.0.0.29: icmp_seq=1 ttl=62 time=27.4 ms + 64 bytes from 10.0.0.29: icmp_seq=2 ttl=62 time=27.0 ms + 64 bytes from 10.0.0.29: icmp_seq=3 ttl=62 time=26.10 ms + 64 bytes from 10.0.0.29: icmp_seq=4 ttl=62 time=26.9 ms + ... + --- 10.0.0.29 ping statistics --- + +#. Repeat :ref:`1 ` and :ref:`2 ` to verify the network connectivity between VPC-B and VPC-C. diff --git a/umn/source/index.rst b/umn/source/index.rst index e12e193..cd38064 100644 --- a/umn/source/index.rst +++ b/umn/source/index.rst @@ -1,3 +1,11 @@ -============================================= -Welcome to the documentation of cloud-connect -============================================= +========================== +Cloud Connect - User Guide +========================== + +.. toctree:: + :maxdepth: 1 + + service_overview/index + getting_started/index + central_network_operation_guide/index + change_history diff --git a/umn/source/service_overview/advantages.rst b/umn/source/service_overview/advantages.rst new file mode 100644 index 0000000..aa4669e --- /dev/null +++ b/umn/source/service_overview/advantages.rst @@ -0,0 +1,24 @@ +:original_name: cc_01_0010.html + +.. _cc_01_0010: + +Advantages +========== + +Cloud Connect has the following advantages: + +- **Full connectivity** + + Any two network nodes can be connected, and data packets can be transmitted between them without passing through any other nodes. + +- **Ease of use** + + In just several simple steps, you can connect VPCs in different regions by attaching them to enterprise routers in the corresponding regions. + +- **High performance** + + Cloud Connect leverages the global network infrastructure to provide low-latency and high-quality connectivity. You can flexibly adjust bandwidth to meet your business requirements. + +- **Global compliance** + + Cloud Connect complies with laws and regulations worldwide, allowing you to focus on business innovation and build business success. diff --git a/umn/source/service_overview/application_scenarios.rst b/umn/source/service_overview/application_scenarios.rst new file mode 100644 index 0000000..e518f16 --- /dev/null +++ b/umn/source/service_overview/application_scenarios.rst @@ -0,0 +1,20 @@ +:original_name: cc_01_0009.html + +.. _cc_01_0009: + +Application Scenarios +===================== + +A central network enables enterprise routers to communicate with each other, no matter whether they are in the same region or different regions. + +- Connecting VPCs in different regions by attaching them to enterprise routers in the corresponding regions + + Enterprise routers in different regions are added to a central network as attachments so that resources in these regions can communicate with each other over one network. + + + .. figure:: /_static/images/en-us_image_0000002445430860.png + :alt: **Figure 1** Cross-region communication between enterprise routers + + **Figure 1** Cross-region communication between enterprise routers + +- By flexibly changing the central network policies, you can set up a global network more conveniently. diff --git a/umn/source/service_overview/index.rst b/umn/source/service_overview/index.rst new file mode 100644 index 0000000..52b15e4 --- /dev/null +++ b/umn/source/service_overview/index.rst @@ -0,0 +1,22 @@ +:original_name: cc_01_0000.html + +.. _cc_01_0000: + +Service Overview +================ + +- :ref:`What Is Cloud Connect? ` +- :ref:`Advantages ` +- :ref:`Application Scenarios ` +- :ref:`Permissions ` +- :ref:`Interaction with Other Services ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + what_is_cloud_connect + advantages + application_scenarios + permissions + interaction_with_other_services diff --git a/umn/source/service_overview/interaction_with_other_services.rst b/umn/source/service_overview/interaction_with_other_services.rst new file mode 100644 index 0000000..daa6119 --- /dev/null +++ b/umn/source/service_overview/interaction_with_other_services.rst @@ -0,0 +1,30 @@ +:original_name: cc_01_0002.html + +.. _cc_01_0002: + +Interaction with Other Services +=============================== + +Interaction Between Central Networks and Other Services +------------------------------------------------------- + +.. table:: **Table 1** Interaction between central networks and other cloud services or resources + + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Cloud Service/Resource | Interaction | + +===================================+=================================================================================================================================================================================================================================+ + | VPC | VPCs in different regions can be connected through enterprise routers for communications over a private network. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Enterprise Router | An enterprise router enables the VPCs in the same region to communicate with each other. Enterprise routers in different regions can be connected using a central network to allow for cross-region communication between VPCs. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Global connection bandwidth | A global connection bandwidth can be bound to a central network to allow the resources to communicate with each other over the backbone network, regardless of whether: | + | | | + | | - The resources are in the same geographic region. | + | | - The resources are in different geographic region. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Cloud Eye | Cloud Eye monitors central networks and allows you to view graphs of metrics. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | IAM | IAM allows you to control access to central networks and related resources. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | CTS | CTS records resource operations on Cloud Connect. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/umn/source/service_overview/permissions.rst b/umn/source/service_overview/permissions.rst new file mode 100644 index 0000000..afae20a --- /dev/null +++ b/umn/source/service_overview/permissions.rst @@ -0,0 +1,104 @@ +:original_name: cc_01_0008.html + +.. _cc_01_0008: + +Permissions +=========== + +If you need to assign different permissions to employees in your enterprise, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM allows you to control access to your Cloud Connect resources. + +With IAM, you can create IAM users for certain employees in your enterprise and assign permissions to control their access to Cloud Connect resources. For example, you can assign permissions to software developers so that they use Cloud Connect but cannot delete Cloud Connect resources or perform any other high-risk operations. + +Skip this part if you do not require individual IAM users for refined permissions management. + +IAM is a free service. For more information about IAM, see the `What Is IAM? `__ + +Cloud Connect Permissions +------------------------- + +By default, new IAM users do not have permissions assigned. To assign permissions to these new users, add them to one or more groups and attach permissions policies or roles to these groups. + +Cloud Connect is a global service for access from any region. You can assign IAM permissions to users in the global service project. In this way, users do not need to switch regions when they access IAM. + +You can grant permissions by using roles or policies. + +- Roles: A type of coarse-grained authorization mechanism that defines permissions based on user responsibility. This mechanism provides only a limited number of service-level roles. When using roles to grant permissions, you may need to also assign other dependency roles. Roles are not an ideal choice for fine-grained authorization. +- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, the administrator can grant Cloud Connect users only the permissions for managing cloud connections. + +:ref:`Table 1 ` lists the system-defined roles or policies supported by Cloud Connect. + +.. _cc_01_0008__en-us_topic_0173524723_en-us_topic_0173475706_en-us_topic_0170232209_table481412518317: + +.. table:: **Table 1** Cloud Connect system-defined roles or policies + + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+---------------------------------------------------------------------------------------------+ + | System Role/Policy Name | Description | Type | Dependency | + +===============================+================================================================================================================================================================================================================================+=======================+=============================================================================================+ + | Cross Connect Administrator | Administrator permissions for Cloud Connect. Users with this role must also have the **Tenant Guest** and **VPC Administrator** permissions. | System-defined role | **Tenant Guest** and **VPC Administrator** | + | | | | | + | | .. note:: | | - **VPC Administrator**: project-level policy, which must be assigned for the same project | + | | | | - **Tenant Guest**: project-level policy, which must be assigned for the same project | + | | Users who have these permissions can only view Cloud Connect resources. You are advised to use the **CC FullAccess** policy. | | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+---------------------------------------------------------------------------------------------+ + | CC FullAccess | All permissions on Cloud Connect. | System-defined policy | CC Network Depend QueryAccess | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+---------------------------------------------------------------------------------------------+ + | CC ReadOnlyAccess | Read-only permissions for Cloud Connect. Users who have these permissions can only view Cloud Connect resources. | System-defined policy | ``-`` | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+---------------------------------------------------------------------------------------------+ + | CC Network Depend QueryAccess | Read-only permissions required to access dependency resources when using Cloud Connect. | System-defined policy | ``-`` | + | | | | | + | | Users who have these permissions can view VPCs. | | | + | | | | | + | | .. note:: | | | + | | | | | + | | If you only have the **CC FullAccess** permission, you cannot select **Enterprise Router** on the console. In this case, you need the **CC Network Depend QueryAccess**, **Tenant Guest**, or **ER FullAccess** permission. | | | + +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+---------------------------------------------------------------------------------------------+ + +:ref:`Table 2 ` lists common operations supported by each system-defined role. + +.. note:: + + When you configure system policies **CC FullAccess** and **CC ReadOnlyAccess**, select **Global services** for **Scope**. In this case, the two system policies can take effect for resources such as network instances, inter-domain bandwidths, and routes. + +.. _cc_01_0008__table13641113421711: + +.. table:: **Table 2** Common operations supported by system-defined permissions + + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Operation | Cross Connect Administrator | CC FullAccess | CC ReadOnlyAccess | CC Network Depend QueryAccess | + +========================================+=============================+===============+===================+===============================+ + | Creating a central network | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Updating a central network | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Deleting a central network | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying details of a central network | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying central networks | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Adding a central network policy | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Applying a central network policy | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Deleting a central network policy | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying central network policies | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying policy changes | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying central network connections | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Updating a central network connection | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying quotas | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying the capabilities | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Creating a global connection bandwidth | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Updating a global connection bandwidth | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Querying a global connection bandwidth | Y | Y | Y | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ + | Deleting a global connection bandwidth | x | Y | x | x | + +----------------------------------------+-----------------------------+---------------+-------------------+-------------------------------+ diff --git a/umn/source/service_overview/what_is_cloud_connect.rst b/umn/source/service_overview/what_is_cloud_connect.rst new file mode 100644 index 0000000..c1a89f2 --- /dev/null +++ b/umn/source/service_overview/what_is_cloud_connect.rst @@ -0,0 +1,63 @@ +:original_name: cc_01_0001.html + +.. _cc_01_0001: + +What Is Cloud Connect? +====================== + +Cloud Connect provides central networks that allow you to connect Virtual Private Clouds (VPCs) in different regions, so that these VPCs can communicate over a private network as if they were within the same network. Cloud Connect can also work with Direct Connect to set up a hybrid cloud network that enables on-premises data centers to access the VPCs across regions. + +.. table:: **Table 1** Cloud Connect features + + +----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Feature | Application Scenarios | Bandwidth | Advantages | + +==========================================================+========================================================================================================================================+===============================================================================================================================================================================================+===========================================================+ + | :ref:`Central Network ` | - Connect VPCs in different regions by attaching them to enterprise routers in the corresponding regions. | You need to buy and bind a global connection bandwidth to the central network and assign cross-site connection bandwidths to enable communication between the resources in different regions. | - Flexible networking | + | | - Connect on-premises data centers to VPCs in different regions by attaching them to enterprise routers in the corresponding regions. | | - Dynamic routing | + | | | | - A variety of attachments and network scenarios | + | | | | - Enterprise routers in different regions are connected. | + +----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + +.. _cc_01_0001__section118112332502: + +Central Network +--------------- + +Relying on the cloud backbone network, a central network allows you to easily set up a reliable, intelligent enterprise-grade network and manage global network resources on premises and on the cloud. By setting up a central network, you can enable communication between enterprise routers, in the same region or different regions. + +In :ref:`Figure 1 `, the two VPCs (VPC-A01 and VPC-A02) are attached to an enterprise router (ER-A) in region A, two VPCs (VPC-B01 and VPC-B02) are attached to an enterprise router (ER-B) in region B, and two VPCs (VPC-C01 and VPC-C02) are attached to an enterprise router (ER-C) in region C. + +The three enterprise routers (ER-A, ER-B, and ER-C) are connected over a central network. In this way, the enterprise routers can communicate with each other across regions, and the VPCs in these regions can communicate with each other. + +.. _cc_01_0001__fig8481153843220: + +.. figure:: /_static/images/en-us_image_0000002445232846.png + :alt: **Figure 1** How a central network works + + **Figure 1** How a central network works + +.. table:: **Table 2** Central network concepts + + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Concept | Description | + +===================================+=================================================================================================================================================================================================================================+ + | Enterprise router | An enterprise router enables the VPCs in the same region to communicate with each other. Enterprise routers in different regions can be connected using a central network to allow for cross-region communication between VPCs. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Global connection bandwidth | A global connection bandwidth can be bound to a central network to allow the resources to communicate with each other over the backbone network, regardless of whether: | + | | | + | | - The resources are in the same geographic region. | + | | - The resources are in different geographic regions. | + +-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Accessing Cloud Connect +----------------------- + +You can access Cloud Connect through the management console or by calling HTTPS-based APIs. + +- Using the management console + + The management console is a web-based GUI where you can easily perform various operations. Log in to the management console and choose **Cloud Connect** from the main menu. + +- Using APIs + + If you need to integrate Cloud Connect into a third-party system for secondary development, you can use APIs to access Cloud Connect. For details, see the *Cloud Connect API Reference*.