检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If the active ECS is faulty and cannot provide services, the virtual IP address will be dynamically switched to the standby ECS to continue providing services. Skip this step if the ECS where the firewall is deployed does not need to work in the active/standby mode.
Can I Change the Security Group of an ECS?
You need to select such an ECS to use an IPv4/IPv6 dual-stack network. On the ECS console, click Buy ECS. On the displayed page, check the ECS flavors. If Yes is shown in the IPv6 column, the ECS with this flavor supports IPv6.
Values: When type is ecs, the value is an ECS ID. When type is eni, the value is an extension NIC ID. When type is vip, the value is a virtual IP address. When type is nat, the value a NAT gateway ID. When type is peering, the value is a VPC peering connection ID.
Add an ECS to a subnet, bind an EIP to the ECS, and change the security group of the ECS. Parent Topic: VPC
and the ECS with the supplementary network interface attached.
Configuring a Virtual IP Address for an ECS After you bind one or more virtual IP addresses to an ECS on the console, you must log in to the ECS to manually configure these virtual IP address. The following OSs are used as examples here.
The ECS (ECS-A01) on Subnet-A01 needs to access the public network, and the ECS (ECS-A02) on Subnet-A02 needs to provide web services for the public network. Two EIPs (EIP-A01 and EIP-A02) are required, with each bound to an ECS.
Table 1 Domain name effective policies ECS Effective Policy New ECSs in the subnet ECSs newly added to a subnet will use the new domain names automatically. No additional configuration is required.
Different from a static IP address, when an ECS or its AZ is unavailable, its EIP can quickly redirect to the Internet IP address of any ECS in your account.
Different from a static IP address, when an ECS or its AZ is unavailable, its EIP can quickly redirect to the Internet IP address of any ECS in your account.
NOTE: We recommend that you select an ECS in the running state. If an ECS in the stopped state is selected, restart the ECS after creating the VPC flow log for accurately recording the information about the traffic of the ECS's network interface.
Extension NIC Traffic intended for the destination is forwarded to the extended network interface of an ECS in the VPC. Supplementary network interface Traffic intended for the destination is forwarded to the supplementary network interface of an ECS in the VPC.
Managing Instances Added to a Security Group Adding an Instance to or Removing an Instance from a Security Group Changing the Security Group of an ECS Parent Topic: Security Group
Usage When creating an instance, for example, an ECS, you must select a security group. If no security group is selected, the ECS will be associated with the default security group.
If an existing ECS in this subnet needs to use the new domain names, restart the ECS or run a command to restart the DHCP Client service or network service. NOTE: The command for updating the DHCP configuration depends on the ECS OS.
Security Group Migration Examples Migrating an ECS from a Shared Security Group to a Dedicated Security Group Migrating Security Groups Across Regions or Accounts Parent Topic: Security Group
Routing How Do I Configure Policy-Based Routes for an ECS with Multiple Network Interfaces? Can a Route Table Span Multiple VPCs? Are There Any Restrictions on Using a Route Table?
Values: When type is ecs, the value is an ECS ID. When type is eni, the value is an extension NIC ID. When type is vip, the value is a virtual IP address. When type is nat, the value a NAT gateway ID. When type is peering, the value is a VPC peering connection ID.
Values: When type is ecs, the value is an ECS ID. When type is eni, the value is an extension NIC ID. When type is vip, the value is a virtual IP address. When type is nat, the value a NAT gateway ID. When type is peering, the value is a VPC peering connection ID.
