检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Security Group Security Group and Security Group Rule Overview Default Security Groups Security Group Examples Common ECS Ports Managing a Security Group Managing Security Group Rules Managing Instances Added to a Security Group Security Group Migration Examples Parent Topic: Access
In this cluster, ECS-HA1 works as the active ECS and provides services accessible from the Internet using EIP-A. ECS-HA2 works as the standby ECS, with no services deployed on it. If ECS-HA1 goes down, ECS-HA2 takes over services, ensuring service continuity.
Method: Log in to an ECS and ping an IP address in your on-premises data center. Parent topic: Connectivity
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
This route forwards ECS traffic to the NAT gateway and then the ECSs can access the Internet using the EIP.
Scenario 1: Unbinding an EIP from an ECS and Binding a New EIP to the ECS Unbind an EIP. Go to the EIP list page. On the displayed page, locate the row that contains the target EIP, and click Unbind. Click Yes. Assign an EIP.
Values: When type is ecs, the value is an ECS ID. When type is eni, the value is an extension NIC ID. When type is vip, the value is a virtual IP address. When type is nat, the value a NAT gateway ID. When type is peering, the value is a VPC peering connection ID.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Can I Change the Security Group of an ECS? How Do I Configure a Security Group for Multi-Channel Protocols? Why Are Some Ports of ECSs Inaccessible?
ECS 2 Configure the two ECSs as follows: ECS Name: Set it as needed. In this example, the ECSs are named ECS-01 and ECS-02. ECS flavor: In this example, flow logs of the network interface attached to ECS-01 are collected. Select the ECS flavor that supports flow logs.
Configuring Policy-based Routes for an ECS with Multiple Network Interfaces If an ECS has multiple network interfaces, the primary network interface can communicate with external networks by default, but the extended network interfaces cannot.
Table 3 Common resources in subnets Product Category Service Compute Elastic Cloud Server (ECS) Bare Metal Server (BMS) Cloud Container Engine (CCE) Cloud Container Instance (CCI) Containers Application Service Mesh (ASM) Networking Elastic Load Balance (ELB) NAT Gateway VPC Endpoint
ECS Configuration The TFTP daemon determines whether a configuration file specifies the port range. If you use a TFTP configuration file that allows the data channel ports to be configurable, it is a good practice to configure a small range of ports that are not listened on.
For example, compute:aa-bb-cc indicates that the IP address is used by an ECS in the AZ aa-bb-cc.): IP address of an ECS NIC neutron:VIP_PORT: Virtual IP address compute:subeni: IP address of a supplementary network interface neutron:LOADBALANCERV2: IP address of a shared load balancer
For details about x86 ECSs, see ECS Specifications (x86). For details about Kunpeng ECSs, see ECS Specifications (Kunpeng).
If the active ECS goes down, the standby ECS becomes the active ECS and continues to provide services. Generally, ECSs use private IP addresses for internal network communication. A virtual IP address has the same network access capabilities as a private IP address.
Figure 8 Connecting a VPC to an on-premises data center Helpful Link You can create a VPC and an ECS to set up an IPv4 private network on the cloud and then bind an EIP to the ECS to allow the ECS to access the Internet. For details, see Setting Up an IPv4 Network in a VPC.
in to the ECS and check whether the ECS port is opened.
Application Scenarios The number of elastic network interfaces that can be attached to each ECS is limited. If this limit cannot meet your requirements, you can attach supplementary network interfaces to elastic network interfaces.
An ECS (ECS-A) is running in Subnet-A and associated with security group Sg-A. Security group Sg-A has a custom inbound rule to allow ICMP traffic to ECS-A from your PC over all ports.
