From 0d97d058365a4b221921c975fa3a9f9d1f4dfb88 Mon Sep 17 00:00:00 2001 From: OpenTelekomCloud Proposal Bot Date: Thu, 7 Dec 2023 03:16:40 +0000 Subject: [PATCH] Update content --- .../images/en-us_image_0000001646961692.png | Bin 0 -> 128 bytes .../_static/images/en-us_image_0129473334.png | Bin 10485 -> 0 bytes .../firewall/adding_a_firewall_rule.rst | 90 ++++--- .../associating_subnets_with_a_firewall.rst | 9 +- ...isassociating_subnets_from_a_firewall.rst} | 8 +- umn/source/access_control/firewall/index.rst | 4 +- .../firewall/modifying_a_firewall_rule.rst | 90 ++++--- .../adding_a_security_group_rule.rst | 4 - ...llowing_common_ports_with_a_few_clicks.rst | 69 +++++ .../cloning_a_security_group.rst | 4 - .../default_security_group_and_its_rules.rst | 2 +- ...ing_and_exporting_security_group_rules.rst | 2 - .../access_control/security_group/index.rst | 2 + ...curity_groups_and_security_group_rules.rst | 4 +- umn/source/change_history.rst | 10 + umn/source/elastic_ip/managing_eip_tags.rst | 2 +- ...rity_group_for_multi-channel_protocols.rst | 6 - .../why_cant_i_delete_my_vpcs_and_subnets.rst | 70 ++--- .../step_5_add_a_security_group_rule.rst | 4 - .../step_4_add_a_security_group_rule.rst | 4 - .../vpc_custom_policies.rst | 2 +- .../route_tables/route_tables_and_routes.rst | 2 +- .../basic_concepts/route_table.rst | 2 +- .../basic_concepts/security_group.rst | 2 +- .../basic_concepts/vpc_peering_connection.rst | 2 +- ..._a_virtual_ip_address_to_an_eip_or_ecs.rst | 248 ++++++++++++++---- .../vpc_and_subnet/vpc/managing_vpc_tags.rst | 2 +- .../enabling_or_disabling_vpc_flow_log.rst | 8 +- ...nnection_with_a_vpc_in_another_account.rst | 11 +- ...ction_with_another_vpc_in_your_account.rst | 8 +- .../vpc_peering_connection_overview.rst | 2 +- 31 files changed, 444 insertions(+), 229 deletions(-) create mode 100644 umn/source/_static/images/en-us_image_0000001646961692.png delete mode 100644 umn/source/_static/images/en-us_image_0129473334.png rename umn/source/access_control/firewall/{disassociating_a_subnet_from_a_firewall.rst => disassociating_subnets_from_a_firewall.rst} (82%) create mode 100644 umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst diff --git a/umn/source/_static/images/en-us_image_0000001646961692.png b/umn/source/_static/images/en-us_image_0000001646961692.png new file mode 100644 index 0000000000000000000000000000000000000000..d8f9804a86ba17c29671c2e708ea7d8a55e9e102 GIT binary patch literal 128 zcmeAS@N?(olHy`uVBq!ia0vp^l0YoR!3HEv_nU76QtqBEjv*eM$$$R;|6k80#jF+; z?O^U55wJ5{BC7O~q*zc+j>O?r+CO>N0_0+A4p~TjRK7gvqKc1@gq@&$jgF-6A(h65 b!XFtDtmNgH8Ra{GMlyK1`njxgN@xNAeY7O< literal 0 HcmV?d00001 diff --git a/umn/source/_static/images/en-us_image_0129473334.png b/umn/source/_static/images/en-us_image_0129473334.png deleted file mode 100644 index 9083ba2c1cab6f26f25ee4e4123f543e49a5be60..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10485 zcmc(FX*iVc8}>AfJ%pm{QORBkg&4_FBH6d0$iDBpu@p&`60$2>ma*@{jHR+=X9i=2 z?2MhU5AXQDAAaTA`|17i9QPc@Gv|Gu*S$RFd0lsehPpB>H7hj$0HA%M@>ml9INwBS zyHb*qo~bgm-T(kM;K^foZSQj{SU+bSLgVfRJr4!h1#aq(8mkwla}4Dfz7hTmEcs~M zH?eh~r=0zrbXVWy3VT={-GQ=4<%g{4ckxy|GF6XnnH21t`-!4sd7<#Qxl8Nb#nsQ0 z->f5yA8B=N5n)|8yS3%(etdp>Mw=$j+I#AcP)^95V^|de?`6QTvs@^9<0j~0dja_5 z8)D3eXrMcI{SN8(vmnvQA9RvVU{`aV?1DtbCfr4KD_v-&z|Nq`^N*e8vr%2Q6o;c1O8yoxZNfuvJ;jX^R zsTodp)uFBPufhM1MmBFO0kD^n%zF9q<$Ps&8q2$1Z0+FzhdcQxG$BcU$KaG$dpQ_& zesa1k+JgP4epg#VBXhbf#_A!U*xU6JCj=WirlA%v<${&@{&n`Za;68!vr$HQR~FuQ z+!OX}&^%_MU@kz>Yl+^?vhbk#a=qU(Vs^!Ywl1iT4b5h9_joKbu$y7MtLqa7p@zeC zp2>F`)l6W?zH5ciK%*~9Q|Po3=HD+E zByI4Ecg_bpRRpmdb@uFbP0#zS8Ozlfy2Uwu4oI2c^HJu`AX7gC)bbyF7S~&CF`uRs zy|R&@H(|>nM`I@5(ZQmElPVjNwvA5_v+_9rW;rG2Ueon+Z<4q=6CfIS&%-OpSXf72 zFn*7iaxoRmTV+6V)8=^*xuDpD1uy?XbnfL`t}d8foK9|Oh)^B-57aanFfSgQe-rmW zdsi2(GF(CyoxsE|dsExxf!ey+5W>k)S?L^i(|~eZO%35RLgV6koB}rH&i`Ekwab-T$Ao3^cU}~3P=h@?+(K^;3cJZ|Eq^oHi7R-=*Cq%m=PRxM zZ8xxtuq%F&3k_knW+^+~UAqHc4|Fd-Jf=l;$H={6>05n_FA*eTsXdQPv#LP|Pc(vS zWNdU^IF>U_HujR+jP4ru%I3(undPAjq|i6a?+nfWobWmy(A+bgYuQCSRb9@_H~m%A zpl`rBMb@#gDgl=*71KLt{7^4(eGRSZrJR%==wnrDzT#ayZu_CtyjcTga4|j7c(i5` zja}dDJcbnnN(7d%ak7n*d3;%`JKyE*rthi`n(famMo?ZbQ zW*>%)|J3DoG@ibS<88Z!SGs|B-B@tMYtD9_G*Eps56xkrNzax)g{1KHT&2FB7z)LY$YsldnCYcIFqiwG!2xG8E^nB5(ZW!{!pCmNk3 z53?IN=oBSYk#$roPx%wNa1lM&y%)8jhv{=})kh+QmkXhcy@Ft| zP;eL7@?7s=ajK7`;-H`#m86E&%p{oLNn88U`TdQL1|~in1$XrJ@U-;=7aH|x3#^=% zBFam&ZGx3;umxUMh?SZwE{8<9JsRD$t1>r&2k^V5SC9opeTLeY~?s*9Jc6 zg{Dlat-PD1^rs;k3t+NFXRpj*Zd!M!a@i)5)rER;^l{PvSEB>JoTp)09b#dots2=4 z@*I8plhXm6JQ}w=bE0x~q_rQ;dwFYkW* z@-p3rV-9Ge-HD@}m_b3yo{*g$ zzlrBy^DHW-*}UXqE#-j%1A;$*LdHyL)cWc>p`2&0L0-%8Ap zTI~?<`*QI%O`F5=9jR3W<1_$_y=*8_4ek*1=%%n5lu0bU>$~a(5HjxZy^96 zOf+^2;e?ko(3;6kDWW1egd*xcju}6{#=KYW)s@R zp~pItZ&5%#oA~T2MIm^iR>~Wm_Qd!Z^oVv`>(dOrYna@$SQe14u$Celv}5SNmRL zqi|Q`R(Y8SV^?71QLc={z0b^B4B*Ut;HpxBq`I;z^l-Q}1VmW!si zk@7vmhDVd`OxyrE+5UcBJ{5_kzE8pZ#|h1k?9!{n8oC|3bxaH#ye6GoS9*>DwKsy5 z#t&9k1N>u)xXA*q#hwp7m_R~AcKCaaQbDvz>xVAWoV9wZdR+D>@Fa@qnd2^V_zi|T1`4?(CWM>NGI?22$kKDPEX?y zb*q-~4K0}J7{yty_jj}UuS9t;2pJRqG_wMn`sCmx(%e&@r{`BGy?$ZiAikm$|U)ADhKJ*aoMQ!%Y?ILonTaM2+u3i}oN4pA89|6N z;JsivxthsLZ4M6N17nFFA=8QWr6FX;7tq=>mb-h@DdSDo-3s|e+u<7w;x?3afhF0t`1zj?=w#7MT;A+X6 zJ&Ib~ps!`vYQ`Vhgir+!>SVU22Mp(x@6RFbmzwe_eX!R3lp^6Uu>V#K%j%>%U}HaH z+mQar@~1MwgUv^wAKu13dVBLv8Bf#?{hTzKZPBH|#^H=AH!_?o&_NLV!2ZX?@H#^K zM;(lThxuA;G@vcX{j)wr@DXDsmHVDgZQJ9KwEeCKR|SSZ-c!+{Jv*2W)ffF#mGf|`mMPkp5iBbCN&x)r{%e13j~r;nVZzsCS+5T3qA!9{35p#p^m z9@lzk^9nb@{;v=R1Q$_hV3Wn4GCulOa<^NZ15WxMySKCbtK6wcrzlN3Gb))UHq`z47v%Al?N!D~)ua159hoI7)ia+JJ;i+a*Zy@*Gx<$PKFOm0lJ&Xe>_6`dE7;R8@?`J(YVKh|C+)GA z({hbv$uEn~`uAkT)@}4_s&l59t^6tF5iZLkcUG`)J>?kA?pve95O{$pGH?k6Gg88o ziT%y8G6ak@X(UcX9&DK+K6CBlj#=@gc`ed=9Il`Xpn2L|N#S4&_3MWKT)9OgH4V*h zmU7GooPnBJR6${(j;7|Pe$S#0f6vMT=I@0Ah0o*jkGA48+Z+Yzmu(?lgj@03a>{8! z?8lZ)IT8(U^|e4_7_VczY)-Q0t{SWQ#nfr~u$jA;+kLrS>TRXitmDNX8XDYseyPO# zrxseuwzdX3vD>yp*BO*}423BD$nm@N`qggLc^aJ=mgcm6<(v zca+0D^ekFE>NTST(xJ`tfpEHE!io6v3dfAhPd$EBtMNI8_1l*l>)=@;jXnu;L^OeQ zOh;5 z@CCAhPG-BG*-w(S>oj^L=fj?b9h!T9E~+q>P9IENPJTUG>iTEvm^N=lXOE4voUEOI z8O1204E^0-(E-{A(>AR5F$pfi5{r|@$AvgdQFn@*_C8*9d!h?fn0unHcIc9S;Ql!} za5F&{I)*FtM(&IBsh^*`#MQNKlPvpWth(f>j)j)ESRHxKFy-~`LIFRG!Z0<)sA?^5 zvBIlBodSKG{3ki|--i&9f}IgTDZ%YGDJ!347Cb5x;LG0*)>IpyesRI*R|kruQ*M=J zl`ElP((Fe=3qKV;&W1-X6_1qj`u4*x8nh*aL~MX&0WsXNNcvk%=xbKB2?r+ClTyx! zX{Q-m=sZ_~>;vy-=m2fD4vnMP+!(n5^o~{UM>IY+Q*EpGJ#9hdm)b2ar6mfvD>>(M z@qU$?YA|Btkj0rPMv~xmGTe>;?WHz zB|Gn0gm^%p^DqbtZ3}XyLo!$=H7(6o^+CL25`XzIteYjHYMy0iT(@x>miR+Co`2y?f+VZ+lYC)Wt8Q=;(fP@K$2 z`~9l(^`kqwKYdY2zH{}C^{7u?&1)Z$qj$XCZ$q3L4>Jz-Z#0*y_6+S{0|9|6vsi+L z*P>a?T37GWjTbsL69^^=WTHsJ-nWrW-m110556=x_cy;{xJqaaYZb+%4x*5qiY%tq zMk;(eD}@uVF4MOs4AxAf!z&hR>pc&<)&HiSd5Vq;Ms*`zqQURVxe{HUS|R-j$aUHj zSz*qL;fw2R!IspuDMGqLyF{!+6jGsr5fR$`>~r@;F!%X$UPWF%`vl+WUa%U5Urm-b zD|%0&eotgFWQ5y$I2~$TM^>?$0OD05EEQzvYa}0Q7tT`TWEjn3uKiI;I99+uU#im% z@DnEHl?e8&h&*y|Js!N^MwxBNfUCc!Sb+Q7ed-zKjq~5iapb>!lF^h+#wOk^IMOQa`zV6BxIiPm`wF7o zSn%mhYXkiSNNEw-*h2BgmMahVg^wR|^PaPNQ99yS{@ZZQ)Efi2aw5HOz^(4rMF0No z)7W?hFt^sZ68gXnp`Vdo;aBT5XkZG*l@u-INj3#VF(kGi;CU(hJVmq(LR`Ufa3&Zl z&S$MsJ3S%?6W&1n2-P#f)wod<$`W)P4v-3bRgk<&|E*Uf!4u%v0R1j6uTskn zGS-ikmYW%`qY$4gRZ>CQkULO}EE&F{9J>Ca@*6ZQk5i;ufr9Y1 zaF0sxO@mJK_qh*SI<6i2OCF1`19VqUw39yJtvw5~|8AepMqR_B%x+dqx#ngg_eFIp}QVoewRj>Cc$LQ|ihdC1*m& zQi&amSxN^v;q0*MS9?If+n-y%=CD7brN+s*Mp0CsbpVh0Ih>EqsTW{98q>`PELSX^ zb)OF;GMZZ^US|S2+yZk=l5Y@ievhYNF|3t-Mr?sYrn$cF?qxHwQH(v*jhL*Ff5v?8 z<|I}-DSMG$q`0xU^b`4OJ0boAQZ8-_M4Gcft;!3V6s-mB5VPdOdq$@!01+ff?RI}5 zzFTVBtI+@>f09*0IOK57y@`3(6Z4kn;m}twf0Qs_vy_(8(I~AS<$66}w8;=PKE}2( z%Jxc1YRMgjtJ&t;wHMeUc*#wbcQwxSm^%3@l;|p^vovhE-jax$k4YUZDjTP^=U^~i-0LgF5;-Q{ht-%qj28oK4_ntRF=d3$~3L#J9!MCp@ z;6vNr0Dun|DGw(nK9*l14}G;^zskNCCj?wk=DzZ|lW=Z_Q~7n4EIr2+y2l;~b0h7) zUDe{So85Urx2t8F(xh*0)2KI5hs<5YA2p$dm+R$A%oa;3=zhGCGsmCzFCmZ}SCKHd z-nu`+z_^@8DE7zFIf!lCqvna4>MT*{UD4`!_Ov78S<%lnD>!b-)qwPaS{Jw!LFofVaIf+v_h7o>;>m*`|ERm&pI55g1QdJJ%1l=%w7rSQNBF zG>oU8m+^V&tM=LGMqFAL{#VjT{;DYAyWGjFst&aDY1eYz@z9fb$bkYj@UUu$OJ+F# zSn9WY<_f6XQPp>fhhwtp&zrB2zSKaH)T=h9A zgj*x+rNgh)%l9)C+K%S>((1Q0|HRS|8vB{I1l(NDb6t4=O%Ug|1|tm1HY-qvNNGF zXL{z2)jDSz}kH>9F5;y|9_&*;I2%-^NI3(vAuesztMJ)C-{ zo_a4jI&FC62q7R+XPEU=RC`T*CFPyhgfEaI8jVWtoLf~NLfM`i6Qz8&t(7`FSH^S# zsA)WQMy;$WIRyWX3^qmH_MF)}8AA47h2PG#P`+Z;^^W z-n+#Rfl6>S$wghYsL0J#8Xg{Iz31(G)CDe!%oNr_`YNGW=IAaauu(UWSW7DXZqH9fS(`1RSogFlm z6$C}RV=0TEn$0oUR~7KG;}RJrel*jQxhu1FziXy4XK0=s+SsTyc%SP={MOt`Z_oRL zwH#uWPu23x9N1LS!OC5&OX+jT<<>D1oVdF{8!B&fROBVOI6h9RPlN46MLB+{R6C#4 zO~%VI%__a3NU3XkF8Fcw{DgC}lQID@Wr@ABubEb8xPn_(hG9MQJs`bW8#(5LK|dv% ztouhb*AU%_dAkUnD_Ks&A- zr-ZQCEmH%pUDMXcb{xGhGyU9lG^CO{;Q&fhba20(V&C zHOy8?^0)q`+w)u`k|1glw{_(Z1F7xN^M}sT+bn!rEIZ1sk(1ktB3}tS@SN^;%&Y@o zYf8;O%pU8hnmgsXMC#x4A?<<);IT&*hl<(!1_fX75V2!^%{ePKTKbP~^O}2CBhuH` z$H3@STS&hrMy9nvMO*-if5=g(+Y5PLLLV|A<#00XR5?TNBAf^a>eOvG5GSmlS#l0? z%8Ad8BLelu6{UPM)*1=X4&86StDsY126P{}q?UBcp#*1X;U88^CFw zlhA^)ET+zHUO4`=Vnt8&vezl8sAHTXLYVGv6s5I+689Bl zyzb2+Ij!_F8S3NJg8DFca`58h68~+QU=*`T!xg8M#tJzQVg-o%3E8+0xf}y!!VMrA zH^?LZgai_Gb#7h-04PgO?*a(lGOlPAF|JvxSot%)zI&U%Apk3KUJ>5OKb|8FO#o-a z*;<&o?;|C45&f@#QAeIEIjA>d!=2fw1EZ!;q{Lwo7yrIcHLM<&(qGE6*6j^bX01_4 zx@O4}6vQ-ABRR1BfO`>*#EDzIi#IS(%^MHr&r4$Qx+_%MpI~5;UC(i-v*IZ^;+T0E zbO_5Ic41-iI*tx|ekF@)g5z~#po5gFcKG-j5Z<#B1}s1Yb9gw?F##WtJ{fcdjdOO* z*ptbgfTNZl5c}(>3$^eyg)FbFR`@ za($B3MXE18lKbG@HD8r%HRzdg?IicUG1_DcE}~9N8XiK3M>q_BTg*Xa@w>PZ(~g3R zj^<1v$I}Ara>ahz(MhNyX-mkBONH>^i;jqJ$u*|9DN)dv$xA#Bv8WPPGj5y2(|sEw zn>YgqK4K`9ZA5M!%nwTy9h-Od*IcV4D5ZTcSOR3cmHh@@@g%F-(wr+h zxXDKN<@w+H&uP{tEVgC((3blFFQ-{T1GWBmpEr{XdovvI;~itl1#)7rd1R>N;6}GO z<_1!Q9Ws`N%pDV0^>Tmgg=G6dM9qw?QH&oEeGVr~R;P9Gm82|pFuZ1p3OlUW1_9uZM!GjRV0ZNu75A*Rv9(t_VoIvwM=~wj9 zhSxmbiyYOfr%`>}9j27K%GJBc)O-?F(L%J2PwS2m{dF7Y#m}Q}wG7e{Tn=3&08yj3uJQI^vD2CPd; zEwjyBP---;Y;VD~2iq(MlzqiFwkeEciM(%=-uSbSLVL3v2x4V+=4~;In;kJ%3K4Jo zXp*vAf#*y!3-E*Obe8PfcuNY&1A@sxzmD7ehI&;$TD?)E__b*pswWch5Y_%G0HwOq zH0jJOAo&T8QbfkcnF+npwmI=HcYU(1awG9=6%x(EMvICnPTqgbi+o(r! zF2efXBp1ZGA{)bH^_F;`Dpv8xYI)P2I20$$h>-h`+$IaBk1+Hz+d>Y6p*v^k*#kZn zFEbf6(SXWHInESt-u%L4Pk7T4|Dngem~v)d5>>787olpfXMJ&mC&r`qDB$KI_2>b= zi8*hRQl1&w>CUG9+XXQb(q$(p;HryR@rAKWO;q>Kly6wd2IX1d0b>6Kukrqc$UK_N z$UGx_ruQHB*#R!SmSpLA8JV&F7SE~l*dBYB#f*^?|`?v6>vW4Bscd4us?P86A?LXtYDab770 z0!0^b^`ct5Uy1Zvw$?e>8sx9dDaY@lwDpHPqfP>%A9aX{WCFxvodfUZZ|NKZ6naJ1 z7-eW`^LieZq)2hf6jzAe`iwW>p^1?cg{nhwwrL^KJ1CtAq|%?J{y@W{7_cXq6nhEm zVSM*>xzPrL|Eg|36O9Lo97g}C@@y(k7Si_ONe0*B2PbqWAMG4<#Un=vB4PZnw_FAl z2rG!082&|@qV4g$hg8%Os5_S1o_=wx6}mMKiH#dn3u2udTw$6e{$(p-DS-3Q^$K_E zk6v`0Y$JBq3kKjN@Qj12_z{Po;)XvH?yWf>B*EiLoWp71YYkVWO1gTbBQI|m#bRq~ zs||s`). | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+ + | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | + | | | | + | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | + | | | | + | | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | + | | | | + | | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 7. Click **OK**. diff --git a/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst b/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst index 9b7409a..b6cd722 100644 --- a/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst +++ b/umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst @@ -8,12 +8,13 @@ Associating Subnets with a Firewall Scenarios --------- -You can associate a firewall with a subnet to protect resources in the subnet. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic. +You can associate a firewall with a subnet to protect resources in the subnet. Notes and Constraints --------------------- -You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time. +- After a firewall is associated with a subnet, the default firewall rules deny all traffic to and from the subnet until you add custom rules to allow traffic. For details, see :ref:`Adding a Firewall Rule `. Procedure --------- @@ -32,13 +33,13 @@ Procedure 6. On the displayed page, click the **Associated Subnets** tab. -7. On the **Associated Subnets** page, click **Associate**. +7. On the **Associated Subnets** tab, click **Associate**. 8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**. .. note:: - Subnets with firewalls associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall. + A subnet with a firewall associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall. .. |image1| image:: /_static/images/en-us_image_0141273034.png .. |image2| image:: /_static/images/en-us_image_0000001626734158.png diff --git a/umn/source/access_control/firewall/disassociating_a_subnet_from_a_firewall.rst b/umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst similarity index 82% rename from umn/source/access_control/firewall/disassociating_a_subnet_from_a_firewall.rst rename to umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst index 808b884..b850868 100644 --- a/umn/source/access_control/firewall/disassociating_a_subnet_from_a_firewall.rst +++ b/umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst @@ -2,13 +2,13 @@ .. _vpc_acl_0003: -Disassociating a Subnet from a Firewall -======================================= +Disassociating Subnets from a Firewall +====================================== Scenarios --------- -Disassociate a subnet from a firewall when necessary. +You can disassociate a subnet from its firewall based on your network requirements. Procedure --------- @@ -33,7 +33,7 @@ Procedure **Disassociating subnets from a firewall** -Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from a firewall at a time. +Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the firewall at a time. .. |image1| image:: /_static/images/en-us_image_0141273034.png .. |image2| image:: /_static/images/en-us_image_0000001675413845.png diff --git a/umn/source/access_control/firewall/index.rst b/umn/source/access_control/firewall/index.rst index 7350f36..2f4cc01 100644 --- a/umn/source/access_control/firewall/index.rst +++ b/umn/source/access_control/firewall/index.rst @@ -10,7 +10,7 @@ Firewall - :ref:`Creating a Firewall ` - :ref:`Adding a Firewall Rule ` - :ref:`Associating Subnets with a Firewall ` -- :ref:`Disassociating a Subnet from a Firewall ` +- :ref:`Disassociating Subnets from a Firewall ` - :ref:`Changing the Sequence of a Firewall Rule ` - :ref:`Modifying a Firewall Rule ` - :ref:`Enabling or Disabling a Firewall Rule ` @@ -29,7 +29,7 @@ Firewall creating_a_firewall adding_a_firewall_rule associating_subnets_with_a_firewall - disassociating_a_subnet_from_a_firewall + disassociating_subnets_from_a_firewall changing_the_sequence_of_a_firewall_rule modifying_a_firewall_rule enabling_or_disabling_a_firewall_rule diff --git a/umn/source/access_control/firewall/modifying_a_firewall_rule.rst b/umn/source/access_control/firewall/modifying_a_firewall_rule.rst index df4f444..9a4daaa 100644 --- a/umn/source/access_control/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/access_control/firewall/modifying_a_firewall_rule.rst @@ -37,49 +37,53 @@ Procedure .. table:: **Table 1** Parameter descriptions - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +========================+========================================================================================================================================================================================+=======================+ - | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | - | | | | - | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | - | | | | - | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+ + | Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP | + | | | | + | | You can select **TCP**, **UDP**, **ICMP**, or **All**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | + | | | | + | | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | + | | | | + | | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | + | | | | + | | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the firewall rule. This parameter is optional. | N/A | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 7. Click **Confirm**. diff --git a/umn/source/access_control/security_group/adding_a_security_group_rule.rst b/umn/source/access_control/security_group/adding_a_security_group_rule.rst index adc8d75..decc29f 100644 --- a/umn/source/access_control/security_group/adding_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/adding_a_security_group_rule.rst @@ -93,8 +93,6 @@ Procedure | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | | | | | - | | - Security group: sg-A | | - | | | | | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | @@ -143,8 +141,6 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | | | | | diff --git a/umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst b/umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst new file mode 100644 index 0000000..99017c9 --- /dev/null +++ b/umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst @@ -0,0 +1,69 @@ +:original_name: SecurityGroup_0005.html + +.. _SecurityGroup_0005: + +Allowing Common Ports with A Few Clicks +======================================= + +Scenarios +--------- + +You can configure a security group to allow common ports with a few clicks. This function is suitable for the following scenarios: + +- Remotely log in to ECSs. +- Use the ping command to test ECS connectivity. +- ECSs functioning as web servers provide website access services. + +:ref:`Table 1 ` describes the common ports that can be opened with a few clicks. + +.. _securitygroup_0005__table117828131111: + +.. table:: **Table 1** Common ports + + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | Direction | Protocol & Port & Type | Source/Destination | Description | + +===========+========================+====================+===================================================================================================================================+ + | Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | | TCP: 20-21 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | + +-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+ + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + + The **Virtual Private Cloud** page is displayed. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + + The security group list is displayed. + +#. In the security group list, click the name of the security group. + + The security group details page is displayed. + +#. Click the **Inbound Rules** or **Outbound Rules** tab, and then click **Allow Common Ports**. + + The **Allow Common Ports** page is displayed. + +#. Click **OK**. + + After the operation is complete, you can view the added rules in the security group rule list. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001646961692.png diff --git a/umn/source/access_control/security_group/cloning_a_security_group.rst b/umn/source/access_control/security_group/cloning_a_security_group.rst index 5248029..6d6690a 100644 --- a/umn/source/access_control/security_group/cloning_a_security_group.rst +++ b/umn/source/access_control/security_group/cloning_a_security_group.rst @@ -16,10 +16,6 @@ You can clone a security group in the following scenarios: - If you need new security group rules, you can clone the original security group as a backup. - Before you modify security group rules used by a service, you can clone the security group and modify the security group rules in the test environment to ensure that the modified rules work. - .. note:: - - Security group cloning is not supported now. - Notes and Constraints --------------------- diff --git a/umn/source/access_control/security_group/default_security_group_and_its_rules.rst b/umn/source/access_control/security_group/default_security_group_and_its_rules.rst index dc6f8da..dfc0a07 100644 --- a/umn/source/access_control/security_group/default_security_group_and_its_rules.rst +++ b/umn/source/access_control/security_group/default_security_group_and_its_rules.rst @@ -5,7 +5,7 @@ Default Security Group and Its Rules ==================================== -If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules: +If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules: - Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied. - Outbound rules allow all outbound traffic and response traffic to the outbound requests. diff --git a/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst b/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst index 3a8afd2..bf72c50 100644 --- a/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst +++ b/umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst @@ -72,8 +72,6 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ diff --git a/umn/source/access_control/security_group/index.rst b/umn/source/access_control/security_group/index.rst index d3a2872..65b3757 100644 --- a/umn/source/access_control/security_group/index.rst +++ b/umn/source/access_control/security_group/index.rst @@ -14,6 +14,7 @@ Security Group - :ref:`Deleting a Security Group ` - :ref:`Adding a Security Group Rule ` - :ref:`Fast-Adding Security Group Rules ` +- :ref:`Allowing Common Ports with A Few Clicks ` - :ref:`Modifying a Security Group Rule ` - :ref:`Replicating a Security Group Rule ` - :ref:`Importing and Exporting Security Group Rules ` @@ -35,6 +36,7 @@ Security Group deleting_a_security_group adding_a_security_group_rule fast-adding_security_group_rules + allowing_common_ports_with_a_few_clicks modifying_a_security_group_rule replicating_a_security_group_rule importing_and_exporting_security_group_rules diff --git a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst index 1879e47..93248b8 100644 --- a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst +++ b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst @@ -8,9 +8,9 @@ Security Groups and Security Group Rules Security Groups --------------- -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group. -If you have not created any security group yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules `. +If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules `. Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules. diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index de4e8b9..3896966 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -8,6 +8,16 @@ Change History +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Released On | Description | +===================================+====================================================================================================================================================================================================================================================================================================================================+ +| 2023-11-30 | This release incorporates the following changes: | +| | | +| | - Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-11-14 | This release incorporates the following changes: | +| | | +| | Added the following content: | +| | | +| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2023-10-10 | This release incorporates the following changes: | | | | | | - Added the figure for configuring route tables in :ref:`Route Table `. | diff --git a/umn/source/elastic_ip/managing_eip_tags.rst b/umn/source/elastic_ip/managing_eip_tags.rst index 5a9873e..e62d3a3 100644 --- a/umn/source/elastic_ip/managing_eip_tags.rst +++ b/umn/source/elastic_ip/managing_eip_tags.rst @@ -49,7 +49,7 @@ Procedure #. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**. -#. Click the search box and then click **Tag** in the drop-down list. +#. Click the search box above the EIP list. #. Select the tag key and value of the EIP. diff --git a/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst b/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst index c6737e6..4462c55 100644 --- a/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst +++ b/umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst @@ -16,9 +16,3 @@ Security Group Configuration You can configure port 69 and configure data channel ports used by TFTP for the security group. In RFC1350, the TFTP protocol specifies that ports available to data channels range from 0 to 65535. However, not all these ports are used by the TFTP daemon processes of different applications. You can configure a smaller range of ports for the TFTP daemon. The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100. - - -.. figure:: /_static/images/en-us_image_0129473334.png - :alt: **Figure 1** Security group rules - - **Figure 1** Security group rules diff --git a/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst index 97a7da5..4f71fbb 100644 --- a/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst +++ b/umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst @@ -75,37 +75,39 @@ Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You .. table:: **Table 2** Deleting VPCs - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Prompts | Cause | Solution | - +===========================================================================================================================+=========================================================================================================================+===============================================================================================================+ - | You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | - | | | | - | | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | - | | | | - | | | The route table list is displayed. | - | | | | - | | | #. :ref:`Deleting a Route ` | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | - | | | | - | | - Subnet | - :ref:`Table 1 ` | - | | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection ` | - | | - Custom route table | - :ref:`Deleting a Route Table ` | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | - | | | | - | | .. important:: | :ref:`Deleting a Security Group ` | - | | | | - | | NOTICE: | | - | | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | - | | | | - | | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` | - +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Prompts | Cause | Solution | | + +===========================================================================================================================+=========================================================================================================================+===============================================================================================================+===========================================================+ + | You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | | + | | | | | + | | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | | + | | | | | + | | | The route table list is displayed. | | + | | | | | + | | | #. :ref:`Deleting a Route ` | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | | + | | | | | + | | - Subnet | - :ref:`Table 1 ` | | + | | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection ` | | + | | - Custom route table | - :ref:`Deleting a Route Table ` | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Delete the VPN gateway that is using the VPC and then delete the VPC. | Delete the VPN gateway that is using the VPC and then delete the VPC. | The VPC is being used by a VPN gateway. | On the VPN console, locate the VPN gateway and delete it. | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | | + | | | | | + | | .. important:: | :ref:`Deleting a Security Group ` | | + | | | | | + | | NOTICE: | | | + | | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ + | Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | | + | | | | | + | | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP ` | | + +---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index b984ecf..3afbf8e 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -87,8 +87,6 @@ Procedure | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | | | | | - | | - Security group: sg-A | | - | | | | | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | @@ -137,8 +135,6 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | | | | | diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 2b023a7..a001e86 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -87,8 +87,6 @@ Procedure | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | | | | | - | | - Security group: sg-A | | - | | | | | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | @@ -137,8 +135,6 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - Security group: sg-A | | +-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | | | | | diff --git a/umn/source/permissions_management/vpc_custom_policies.rst b/umn/source/permissions_management/vpc_custom_policies.rst index 242655d..b34ca41 100644 --- a/umn/source/permissions_management/vpc_custom_policies.rst +++ b/umn/source/permissions_management/vpc_custom_policies.rst @@ -12,7 +12,7 @@ You can create custom policies in either of the following ways: - Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax. - JSON: Edit JSON policies from scratch or based on an existing policy. -For operation details, see `Creating a Custom Policy `__. The following section contains examples of common VPC custom policies. +For operation details, see `Creating a Custom Policy `__. The following section contains examples of common VPC custom policies. Example Custom Policies ----------------------- diff --git a/umn/source/route_tables/route_tables_and_routes.rst b/umn/source/route_tables/route_tables_and_routes.rst index 66519e9..901508d 100644 --- a/umn/source/route_tables/route_tables_and_routes.rst +++ b/umn/source/route_tables/route_tables_and_routes.rst @@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network - Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required. - The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic. + The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic. Route ----- diff --git a/umn/source/service_overview/basic_concepts/route_table.rst b/umn/source/service_overview/basic_concepts/route_table.rst index 02588c9..46e785e 100644 --- a/umn/source/service_overview/basic_concepts/route_table.rst +++ b/umn/source/service_overview/basic_concepts/route_table.rst @@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network - Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required. - The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic. + The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic. Route ----- diff --git a/umn/source/service_overview/basic_concepts/security_group.rst b/umn/source/service_overview/basic_concepts/security_group.rst index aa59a7c..6955fd8 100644 --- a/umn/source/service_overview/basic_concepts/security_group.rst +++ b/umn/source/service_overview/basic_concepts/security_group.rst @@ -5,7 +5,7 @@ Security Group ============== -A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group. +A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group. Like whitelists, security group rules work as follows: diff --git a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst index af08b72..6abc9dc 100644 --- a/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst +++ b/umn/source/service_overview/basic_concepts/vpc_peering_connection.rst @@ -5,7 +5,7 @@ VPC Peering Connection ====================== -A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. +A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. - You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples `. diff --git a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst index e67f597..2a394b3 100644 --- a/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst +++ b/umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst @@ -8,15 +8,17 @@ Binding a Virtual IP Address to an EIP or ECS Scenarios --------- -You can bind a virtual IP address to an EIP so that you can access the ECSs bound with the same virtual IP address from the Internet. These ECSs can work in the active/standby mode to improve fault tolerance. +You can use a virtual IP address and an EIP together. + +If you bind a virtual IP address to ECSs that work in active/standby pairs and bind an EIP to the virtual IP address, you can access the ECSs over the Internet. Notes and Constraints --------------------- - Each virtual IP address can be bound to only one EIP. -Procedure ---------- +Binding a Virtual IP Address to an EIP or ECS on the Console +------------------------------------------------------------ #. Log in to the management console. @@ -28,7 +30,11 @@ Procedure #. In the navigation pane on the left, choose **Virtual Private Cloud** > **Subnets**. -#. In the subnet list, click the name of the subnet that the virtual IP address belongs to. + The **Subnets** page is displayed. + +#. Click the name with a hyperlink of the subnet that the virtual IP address belongs to. + + The subnet details page is displayed. #. Click the **IP Addresses** tab. @@ -39,106 +45,236 @@ Procedure .. note:: - - If the ECS has multiple NICs, bind the virtual IP address to the primary NIC. - - Multiple virtual IP addresses can be bound to an ECS NIC. + - If an ECS has multiple NICs, bind the virtual IP address to the primary NIC. + - An ECS NIC can have multiple virtual IP addresses bound. #. Click **OK**. -9. Manually configure the virtual IP address bound to an ECS. + .. important:: - After a virtual IP address is bound to an ECS NIC, you need to manually configure the virtual IP address on the ECS. + After a virtual IP address is bound to an ECS NIC, you need to manually configure the virtual IP address on the ECS. For details, see :ref:`Configuring a Virtual IP Address for an ECS `. - **Linux OS** (CentOS 7.2 64bit is used as an example.) +.. _en-us_topic_0067802474__section480517024620: - a. .. _en-us_topic_0067802474__li528316578916: +Configuring a Virtual IP Address for an ECS +------------------------------------------- - Run the following command to obtain the NIC to which the virtual IP address is to be bound and the connection of the NIC: +Manually configure the virtual IP address bound to an ECS. - **nmcli connection** +This following OSs are used as examples here. For other OSs, see the help documents on their official websites. - Information similar to the following is displayed: +- Linux: CentOS 7.2 64bit and Ubuntu 22.04 server 64bit +- Windows: Windows Server - |image3| +**Linux (CentOS 7.2 64bit is used as an example.)** - The command output in this example is described as follows: +#. .. _en-us_topic_0067802474__li528316578916: - - **eth0** in the **DEVICE** column indicates the NIC to which the virtual IP address is to be bound. - - **Wired connection 1** in the **NAME** column indicates the connection of the NIC. + Obtain the NIC that the virtual IP address is to be bound and the connection of the NIC: - b. Run the following command to add the virtual IP address for the target connection: + **nmcli connection** - **nmcli connection modify "**\ *CONNECTION*\ **" ipv4.addresses** *VIP* + Information similar to the following is displayed: - Configure the parameters as follows: + |image3| - - CONNECTION: connection of the NIC obtained in :ref:`9.a `. - - VIP: virtual IP address to be added. + The command output in this example is described as follows: - - If you add multiple virtual IP addresses at a time, separate them with commas (,). - - If a virtual IP address already exists and you need to add a new one, the command must contain both the new and original virtual IP addresses. + - **eth0** in the **DEVICE** column indicates the NIC that the virtual IP address is to be bound. + - **Wired connection 1** in the **NAME** column indicates the connection of the NIC. - Example commands: +#. .. _en-us_topic_0067802474__li20283257695: - - Adding a single virtual IP address: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125** - - Adding multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" ipv4.addresses** **172.16.0.125,172.16.0.126** + Add the virtual IP address for the connection: - c. Run the following command to make the configuration take effect: + **nmcli connection modify "**\ *Connection name of the NIC*\ **"** **+ipv4.addresses** *Virtual IP address* - **nmcli connection up "**\ *CONNECTION*\ **"** + Configure the parameters as follows: - In this example, run the following command: + - *Connection name of the NIC*: The connection name of the NIC obtained in :ref:`1 `. In this example, the connection name is **Wired connection 1**. + - *Virtual IP address*: Enter the virtual IP address to be added. If you add multiple virtual IP addresses at a time, separate every two with a comma (,). - **nmcli connection up "Wired connection 1"** + Example commands: - Information similar to the following is displayed: + - Adding a single virtual IP address: **nmcli connection modify "Wired connection 1" +ipv4.addresses** **172.16.0.125** + - Adding multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" +ipv4.addresses** **172.16.0.125,172.16.0.126** - |image4| +#. .. _en-us_topic_0067802474__li11209933188: - d. Run the following command to check whether the virtual IP address has been bound: + Make the configuration in :ref:`2 ` take effect: - **ip a** + **nmcli connection up "**\ *Connection name of the NIC*\ **"** - Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. + In this example, run the following command: - |image5| + **nmcli connection up "Wired connection 1"** - **Windows OS** (Windows Server is used as an example here.) + Information similar to the following is displayed: - a. In **Control Panel**, click **Network and Sharing Center**, and click the corresponding local connection. + |image4| - b. On the displayed page, click **Properties**. +#. Check whether the virtual IP address has been bound: - c. On the **Network** tab page, select **Internet Protocol Version 4 (TCP/IPv4)**. + **ip a** - d. Click **Properties**. + Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.125 is bound to NIC eth0. - e. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. + |image5| + + .. note:: + + To delete an added virtual IP address, perform the following steps: + + a. Delete the virtual IP address from the connection of the NIC: + + **nmcli connection modify "**\ *Connection name of the NIC*\ **"** **-ipv4.addresses** *Virtual IP address* + + To delete multiple virtual IP addresses at a time, separate every two with a comma (,). Example commands are as follows: + + - Deleting a single virtual IP address: **nmcli connection modify "Wired connection 1" -ipv4.addresses** **172.16.0.125** + - Deleting multiple virtual IP addresses: **nmcli connection modify "Wired connection 1" -ipv4.addresses** **172.16.0.125,172.16.0.126** + + b. Make the deletion take effect by referring to :ref:`3 `. + +**Linux (Ubuntu 22.04 server 64bit is used as an example.)** + +If an ECS runs Ubuntu 22 or Ubuntu 20, perform the following operations: + +#. Obtain the NIC that the virtual IP address is to be bound: + + **ifconfig** + + Information similar to the following is displayed. In this example, the NIC bound to the virtual IP address is **eth0**. + + .. code-block:: + + root@ecs-X-ubantu:~# ifconfig + eth0: flags=4163 mtu 1500 + inet 172.16.0.210 netmask 255.255.255.0 broadcast 172.16.0.255 + inet6 fe80::f816:3eff:fe01:f1c3 prefixlen 64 scopeid 0x20 + ether fa:16:3e:01:f1:c3 txqueuelen 1000 (Ethernet) + RX packets 43915 bytes 63606486 (63.6 MB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 3364 bytes 455617 (455.6 KB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + ... + +#. Switch to the **/etc/netplan** directory: + + **cd /etc/netplan** + +#. .. _en-us_topic_0067802474__li1244016171484: + + Add a virtual IP address to the NIC. + + a. Open the configuration file **01-netcfg.yaml**: + + **vim 01-netcfg.yaml** + + b. Press **i** to enter the editing mode. + + c. In the NIC configuration area, add a virtual IP address. + + In this example, add a virtual IP address for **eth0**: + + **addresses:** + + **- 172.16.0.26/32** + + The file content is as follows: + + .. code-block:: + + network: + version: 2 + renderer: NetworkManager + ethernets: + eth0: + dhcp4: true + addresses: + - 172.16.0.26/32 + eth1: + dhcp4: true + eth2: + dhcp4: true + eth3: + dhcp4: true + eth4: + dhcp4: true + + d. Press **Esc**, enter **:wq!**, save the configuration, and exit. + +#. .. _en-us_topic_0067802474__li1071922334218: + + Make the configuration in :ref:`3 ` take effect: + + **netplan apply** + +#. Check whether the virtual IP address has been bound: + + **ip a** + + Information similar to the following is displayed. In the command output, the virtual IP address 172.16.0.26 is bound to NIC eth0. + + .. code-block:: + + root@ecs-X-ubantu:/etc/netplan# ip a + ... + 2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether fa:16:3e:01:f1:c3 brd ff:ff:ff:ff:ff:ff + altname enp0s3 + altname ens3 + inet 172.16.0.26/32 scope global noprefixroute eth0 + valid_lft forever preferred_lft forever + inet 172.16.0.210/24 brd 172.16.0.255 scope global dynamic noprefixroute eth0 + valid_lft 107999971sec preferred_lft 107999971sec + inet6 fe80::f816:3eff:fe01:f1c3/64 scope link + valid_lft forever preferred_lft forever + + .. note:: + + To delete an added virtual IP address, perform the following steps: + + a. Open the configuration file **01-netcfg.yaml** and delete the virtual IP address of the corresponding NIC by referring to :ref:`3 `. + b. Make the deletion take effect by referring to :ref:`4 `. + +**Windows OS** **(Windows Server is used as an example here.)** + +#. In **Control Panel**, click **Network and Sharing Center**, and click the corresponding local connection. + +#. On the displayed page, click **Properties**. + +#. On the **Network** tab page, select **Internet Protocol Version 4 (TCP/IPv4)**. + +#. Click **Properties**. + +#. Select **Use the following IP address** and set **IP address** to the private IP address of the ECS, for example, 10.0.0.101. - .. figure:: /_static/images/en-us_image_0000001179761510.png - :alt: **Figure 1** Configuring private IP address + .. figure:: /_static/images/en-us_image_0000001179761510.png + :alt: **Figure 1** Configuring private IP address - **Figure 1** Configuring private IP address + **Figure 1** Configuring private IP address - f. Click **Advanced**. +#. Click **Advanced**. - g. On the **IP Settings** tab, click **Add** in the **IP addresses** area. +#. On the **IP Settings** tab, click **Add** in the **IP addresses** area. - Add the virtual IP address. For example, 10.0.0.154. + Add the virtual IP address, for example, 10.0.0.154. - .. figure:: /_static/images/en-us_image_0000001225081545.png - :alt: **Figure 2** Configuring virtual IP address + .. figure:: /_static/images/en-us_image_0000001225081545.png + :alt: **Figure 2** Configuring virtual IP address - **Figure 2** Configuring virtual IP address + **Figure 2** Configuring virtual IP address - h. Click **OK**. +#. Click **OK**. - i. In the **Start** menu, open the Windows command line window and run the following command to check whether the virtual IP address has been configured: +#. In the **Start** menu, open the Windows command line window and run the following command to check whether the virtual IP address has been configured: - **ipconfig /all** + **ipconfig /all** - In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. + In the command output, **IPv4 Address** is the virtual IP address 10.0.0.154, indicating that the virtual IP address of the ECS NIC has been correctly configured. .. |image1| image:: /_static/images/en-us_image_0141273034.png .. |image2| image:: /_static/images/en-us_image_0000001626738526.png diff --git a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst index de98619..7cc5f02 100644 --- a/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst +++ b/umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst @@ -53,7 +53,7 @@ Procedure The **Virtual Private Cloud** page is displayed. -#. In the search box above the subnet list, click the search box. +#. In the search box above the VPC list, click anywhere in the search box. Click the tag key and then the value as required. The system filters resources based on the tag you select. diff --git a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst index ba414d1..1a80a56 100644 --- a/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst +++ b/umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst @@ -8,7 +8,13 @@ Enabling or Disabling VPC Flow Log Scenarios --------- -After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again. +After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record flow log data, you can disable the corresponding VPC flow log. A disabled VPC flow log can be enabled again. + +Notes and Constraints +--------------------- + +- After a VPC flow log is enabled, the system starts to collect flow logs in the next log collection period. +- After a VPC flow log is disabled, the system stops collecting flow logs in the next log collection period. Generated flow logs will still be reported. Procedure --------- diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst index 4e3428b..d127300 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst @@ -14,10 +14,13 @@ This following describes how to create a VPC peering connection between VPC-A in Procedure: -#. :ref:`Step 1: Create a VPC Peering Connection ` -#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request ` -#. :ref:`Step 3: Add Routes for the VPC Peering Connection ` -#. :ref:`Step 4: Verify Network Connectivity ` +:ref:`Step 1: Create a VPC Peering Connection ` + +:ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request ` + +:ref:`Step 3: Add Routes for the VPC Peering Connection ` + +:ref:`Step 4: Verify Network Connectivity ` .. figure:: /_static/images/en-us_image_0000001464757610.png diff --git a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst index ce77edf..b5edd78 100644 --- a/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst +++ b/umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst @@ -14,9 +14,11 @@ This following describes how to create a VPC peering connection between VPC-A an Procedure: -#. :ref:`Step 1: Create a VPC Peering Connection ` -#. :ref:`Step 2: Add Routes for the VPC Peering Connection ` -#. :ref:`Step 3: Verify Network Connectivity ` +:ref:`Step 1: Create a VPC Peering Connection ` + +:ref:`Step 2: Add Routes for the VPC Peering Connection ` + +:ref:`Step 3: Verify Network Connectivity ` .. figure:: /_static/images/en-us_image_0000001512876289.png diff --git a/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst index 41b0c55..dd832e5 100644 --- a/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst +++ b/umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst @@ -8,7 +8,7 @@ VPC Peering Connection Overview What Is a VPC Peering Connection? --------------------------------- -A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. +A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region. - You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples `.