- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Billing
- Getting Started
- User Guide
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
API
- Lifecycle Management
- Connection Management
- Tag Management
- Name Management
- File System Management
-
Storage Interworking Management
- Adding a Backend Target
- Querying Backend Targets
- Obtaining Details About a Backend Target
- Deleting a Backend Target
- Updating the Properties of a Storage Backend
- Updating the Auto Synchronization Policy of a Storage Backend
- Creating an Import or Export Task
- Querying Details About an Import or Export Task
- Listing Import and Export Tasks
- Deleting an Import or Export Task
- Updating a File System
- Directory Management
-
Permissions Management
- Creating a Permission Rule
- Querying Permission Rules of a File System
- Querying a Permission Rule of a File System
- Modifying a Permission Rule
- Deleting a Permissions Rule
- Creating and Binding the LDAP Configuration
- Querying the LDAP Configuration
- Modifying the LDAP Configuration
- Deleting the LDAP Configuration
- Task Management
- Permissions Policies and Supported Actions
- Common Parameters
- Appendix
- SDK Reference
-
FAQs
- SFS Turbo Concepts
- SFS Turbo Specifications
- SFS Turbo Billing
-
SFS Turbo Mount
- What Can I Do If Data of My SFS Turbo File System Is Not the Same When Accessed from Two Client Servers?
- Can I Mount an SFS Turbo File System Across Regions?
- Can I Mount an SFS Turbo File System Across Accounts?
- How Many Cloud Servers Can I Mount an SFS Turbo File System To?
- How Do I Mount a File System to a Linux ECS as a Non-root User
- What Can I Do If Mounting a Subdirectory of a File System Failed?
- SFS Turbo Access
- SFS Turbo Capacity Expansion
- SFS Turbo Deletion
- SFS Turbo Migration
- SFS Turbo Performance
-
Others
- Does the Security Group of a VPC Affect the Use of SFS Turbo?
- What Resources Does SFS Turbo Occupy?
- How Do I Check Whether an SFS Turbo File System Is Available on a Linux Server?
- Can I Upgrade an SFS Turbo File System from the Standard Type to the Performance Type?
- Does SFS Turbo File Systems Support Multi-AZ Deployment?
-
Troubleshooting
- Mounting a File System Timed Out
- Mounting a File System Failed
- File System Performance Was Poor
- Creating an SFS Turbo File System Failed
- File System Automatically Unmounted
- A Client Server Failed to Access a File System
- Abnormal File System Status
- Data Fails to Be Written into a File System Mounted to ECSs Running Different Types of Operating Systems
- Writing to a File System Failed
- Error Message "wrong fs type, bad option" Was Displayed During File System Mounting
- General Reference
Show all
Copied.
Does the Security Group of a VPC Affect the Use of SFS Turbo?
A security group is a collection of access control rules for cloud servers that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the cloud servers that are added to this security group. The default security group rule allows all outgoing data packets. Cloud servers in a security group can access each other without the need to add rules. The system creates a security group for each cloud account by default. You can also create custom security groups by yourself.
For an SFS Turbo file system, the system automatically enables the security group ports required by NFS after the file system is created. This ensures that the SFS Turbo file system can be successfully mounted to your servers. The inbound ports required by NFS are ports 111, 2049, 2051, 2052, and 20048. If you need to change the enabled ports, go to the VPC console, choose Access Control > Security Groups, locate the target security group, and change the ports. You are advised to use an independent security group for an SFS Turbo file system to isolate it from service nodes.
Example Configuration
- Inbound rule
Direction
Protocol
Port Range
Source IP Address
Description
Inbound
TCP and UDP
111
IP Address
0.0.0.0/0 (All IP addresses are allowed. It can be modified.)
One port corresponds to one access rule. You need to add rules for the ports one by one.
- Outbound rule
Direction
Protocol
Port Range
Source IP Address
Description
Outbound
TCP and UDP
111
IP Address
0.0.0.0/0 (All IP addresses are allowed. It can be modified.)
One port corresponds to one access rule. You need to add rules for the ports one by one.
NOTE:
Enter an IP address range using a mask. For example, enter 192.168.1.0/24, and do not enter 192.168.1.0-192.168.1.255. If the source IP address is 0.0.0.0/0, all IP addresses are allowed. For more information, see Security Groups and Security Group Rules.
A bidirectional access rule must be configured for port 111. You can configure the frontend service IP address range of SFS Turbo as the inbound rule. Run ping <File system domain name or IP address> or dig <File system domain name or IP address> to obtain the IP address range.
For ports 2049, 2051, 2052, and 20048, outbound rules need to be added, which are the same as the outbound rule of port 111.
If NFS is used, add inbound rules for the following ports: 111 (TCP and UDP), 2049 (TCP and UDP), 2051 (TCP), 2052 (TCP), 20048 (UDP and TCP). If UDP is not enabled on port 2049 and 20048, mounting the file system may take a long time. You can use the -o tcp option in the mount command to avoid this issue.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot