Help Center/ Enterprise Router/ User Guide/ Flow Logs/ Example of Configuring Flow Logs: Checking the Traffic Between VPCs Connected By an Enterprise Router
Updated on 2025-07-31 GMT+08:00
View PDF
Share

Example of Configuring Flow Logs: Checking the Traffic Between VPCs Connected By an Enterprise Router

Solution Architecture

In this example, enterprise router ER-X is used to connect two VPCs (VPC-A and VPC-B). To view the traffic between the two VPCs and locate issues, you need to create a flow log for the enterprise router to collect the logs of VPC-A attachment.

Figure 1 Viewing the traffic between ECSs in different VPCs

Constraints

For details about the constraints on flow logs, see Enterprise Router Flow Log Constraints.

Resource Planning

In this example, the VPCs, subnets, ECSs, enterprise router, and flow log must be in the same region but can be in different AZs.

The following resource details are only for your reference. You can modify them if needed.

Table 1 Resource planning

Resource

Quantity

Description

VPC and subnet

VPC: 2

Subnet: 2
  • Name: Set it as needed. In this example, VPC-A and VPC-B are used.
  • IPv4 CIDR Block (VPC): Set it as needed. In this example, 192.168.0.0/16 is used for VPC-A, and 172.16.0.0/16 is used for VPC-B.
  • Subnet Name: Set it as needed. In this example, Subnet-A01 and Subnet-B01 are used.
  • IPv4 CIDR Block (Subnet): Set it as needed. In this example, the CIDR block of Subnet-A01 is 192.168.0.0/24 and that of Subnet-B01 is 172.16.0.0/24.
  • Route table: A VPC comes with a default route table. In this example, the default route table of VPC-A is rtb-VPC-A, and that of VPC-B is rtb-VPC-B.

ECS

2
Configure the two ECSs as follows:
  • ECS Name: Set it as needed. In this example, the ECSs are named ECS-01 and ECS-02.
  • ECS flavor: Set it as need. Ensure that the flavor can meet service requirements.
  • Image: Set it as needed. In this example, public image Huawei Cloud EulerOS 2.0 Standard 64 bit is used.
  • System Disk: In this example, a general-purpose SSD disk of 40 GiB is used.
  • Data Disk: Set it as needed. In this example, no data disk is used.
  • Network
    • VPC: Select your required VPC. In this example, select VPC-A for ECS-01 and VPC-B for ECS-02.
    • Subnet: Select your required subnet. In this example, select Subnet-A01 for ECS-01 and Subnet-B01 for ECS-02.
  • Security Group: In this example, the two ECSs are associated with the same security group (Sg-X). Ensure that all rules in Table 2 are added.

    If the ECSs are associated with different security groups, you also need to add additional rules.

    For example, if ECS-01 is associated with Sg-X and ECS-02 is associated with Sg-A, add the rules in Table 3 to Sg-X and Sg-A to allow the two ECSs to communicate with each other.

  • EIP: Select Not required.
  • Private IP address: In this example, use 192.168.0.66 for ECS-01 and 172.16.0.31 for ECS-02.

Enterprise router

1
  • Name: Set it as needed. In this example, ER-X is used.
  • ASN: Set it as needed. In this example, 64513 is used.
  • Default Route Table Association: Enable this option.
  • Default Route Table Propagation: Enable this option.
  • Auto Accept Shared Attachments: Set it as needed. In this example, enable this option.
  • In this example, you need to add two VPC attachments to the enterprise router.
    • VPC-A attachment: er-attach-vpc-A
    • VPC-B attachment: er-attach-vpc-B

Enterprise router flow log

1
  • Name: Set it as needed. In this example, name it flowlog-ER.
  • Resource Type: In this example, set it to VPC.
  • Resource: Select a resource as needed. In this example, select the er-attach-vpc-A attachment corresponding to VPC-A.
  • Log Group: Select an existing or create a log group. The log group of this example is as follows:
    • Log Group Name: Set it as needed. In this example, lts-group-ER is used.
    • Log Retention (Days): Set it as needed. In this example, 30 is used.
  • Log Stream: Select an existing or create a log stream. The log stream of this example is as follows:
    • Log Group Name: In this example, the log group name is lts-group-ER.
    • Log Stream Name: Set it as needed. In this example, lts-topic-ER is used.
    • Log Storage: You are advised to enable this function for log search and analysis.
    • Log Retention (Days): Set it as needed. In this example, 30 is used.
Table 2 Security group Sg-X rules

Direction

Action

Type

Protocol & Port

Source/Destination

Description

Inbound

Allow

IPv4

TCP: 22

Source: 0.0.0.0/0

Allows remote logins to Linux ECSs over SSH port 22.

Inbound

Allow

IPv4

TCP: 3389

Source: 0.0.0.0/0

Allows remote logins to Windows ECSs over RDP port 3389.

Inbound

Allow

IPv4

All

Source: current security group (Sg-X)

Allows the ECSs in Sg-X to communicate with each other using IPv4 addresses.

Inbound

Allow

IPv6

All

Source: current security group (Sg-X)

Allows the ECSs in Sg-X to communicate with each other using IPv6 addresses.

Outbound

Allow

IPv4

All

Destination: 0.0.0.0/0

Allows ECSs in Sg-X to access the external networks using IPv4 addresses.

Outbound

Allow

IPv6

All

Destination: ::/0

Allows ECSs in Sg-X to access the external networks using IPv6 addresses.

If the source of an inbound rule is set to 0.0.0.0/0, all external IP addresses are allowed to remotely log in to your instances. Exposing port 22 or 3389 to the public network will leave your instances vulnerable to network risks. To address this issue, set the source to a trusted IP address, for example, the IP address of your local PC.

Table 3 Rules of security groups Sg-X and Sg-A

Security Group

Direction

Action

Type

Protocol & Port

Source

Description

Sg-X

Inbound

Allow

IPv4

All

Security group Sg-A

Allows IPv4 traffic from ECSs in Sg-A to reach ECSs in Sg-X.

Sg-A

Inbound

Allow

IPv4

All

Security group Sg-X

Allows IPv4 traffic from ECSs in Sg-X to reach ECSs in Sg-A.

Procedure

Figure 2 shows the process for viewing the traffic between ECSs in different VPCs.

Figure 2 Process for viewing traffic between VPCs connected by an enterprise router

Step 1: Create Cloud Resources

  1. Create two VPCs, each with a subnet.

    For details, see Creating a VPC and Subnet.

  2. Create two ECSs.

    For details, see Purchasing a Custom ECS.

  3. Create an enterprise router.

    For details, see Creating an Enterprise Router.

  4. Attach the two VPCs to the enterprise router.

    If you enable Auto Add Routes when creating a VPC attachment, you do not need to manually add static routes to the VPC route table. After the VPC attachments are added, the two VPCs can communicate with each other.

    For details, see Creating VPC Attachments for the Enterprise Router.

    For details about network planning using an enterprise router, see Using an Enterprise Router to Enable Communications Between VPCs in the Same Region.

Step 2: Create an Enterprise Router Flow Log

  1. Create a log group and log stream on the LTS console.

    For details about how to create a log group, see Creating a Log Group.

    For details about how to create a log stream, see Creating a Log Stream.

  2. Create an enterprise router flow log.

    For details, see Creating a Flow Log.

Step 3: View the Flow Log

The flow log collects the information of traffic flowing through attachment er-attach-vpc-A corresponding to VPC-A.

  1. Remotely log in to ECS-01 in VPC-A.

    For details, see How Do I Log In to My ECS?

  2. Ping ECS-02 in VPC-B from ECS-01 in VPC-A and collect logs:

    ping <private-IP-address-of-ECS-02>

    Example command:

    ping 172.16.0.31

    Information similar to the following is displayed. You can view the flow log records in about 10 minutes. Do not stop the ping command during flow log collection. 
    [root@ecs-01 ~]# ping 172.16.0.31
PING 172.16.0.31 (172.16.0.31) 56(84) bytes of data.
64 bytes from 172.16.0.31: icmp_seq=1 ttl=63 time=0.510 ms
64 bytes from 172.16.0.31: icmp_seq=2 ttl=63 time=0.392 ms
64 bytes from 172.16.0.31: icmp_seq=3 ttl=63 time=0.332 ms
...
  3. Wait for about 10 minutes and view the flow log information by referring to Viewing Details About a Flow Log.

    You can enter the IP address (172.16.0.31) of ECS-02 in the search box to quickly filter the logs of the communication between ECS-01 and ECS-02.

    Figure 3 Viewing logs
    Flow log format: 
    <version> <project_id> <resource_id> <instance_id> <srcaddr> <dstaddr> <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> <direct>
    • Example log: 1 f0512a6441dc47189f5e03a428f48267 37befd9d-58a8-4a5f-9cb1-13a3fe563c20 bdc50d41-a33a-4bf5-9391-4957369d17b6 192.168.0.66 172.16.0.31 8 0 1 586 57428 1742872080 1742872680 ingress
    • Log description: The enterprise router log version is 1. Within the 10 minutes from 11:08:00 to 11:18:00 on March 25, 2025, the traffic from VPC-A attachment (ID: 37befd9d-58a8-4a5f-9cb1-13a3fe563c20) flowing to (ingress) the enterprise router (bdc50d41-a33a-4bf5-9391-4957369d17b6) was recorded. The log shows that 586 echo request (type=8,code=0) packets were sent from the source 192.168.0.66 to the destination 172.16.0.31 through ICMP (protocol=1). The size of all packets is 57,428 bytes.

Step 4: Configure Cloud Structuring Parsing and Analyze Visualized Logs for the Enterprise Router Flow Log

LTS allows you to search for and analyze collected logs and displays log analysis results in a visualized manner.
  1. Configure cloud structuring parsing.

    Table 4 shows the parameter settings in this example. For details, see Cloud Structuring Parsing.

    Figure 4 Configuring cloud structuring parsing
    Table 4 Parameters for configuring cloud structuring parsing

    Step

    Operation

    1

    Select Structuring Template to structure logs.

    2

    In the system template list, select ER Enterprise Router.
  2. Analyze the logs based on the cloud structuring parsing.
    The following shows two visualized log analysis methods:
    • Visualize logs in statistical charts. Statistical charts, such as tables, bar charts, and line charts, are rendered by LTS based on SQL query syntax.
      1. On the Log Analysis tab, enter the required statement in the search box by referring to Using SQL Analysis Syntax to obtain the required logs.

        The following takes the traffic of ECS-01 every hour as an example.

        SELECT TIME_FORMAT(TIME_CEIL(__time, 'PT1H'), 'yyyy-MM-dd HH:mm:ss') as "time", count(1) as pv group by "time"
      2. On the right of the page, configure the time and other information.

        In this example, you can view the hourly traffic data within a day. For more information about the statistical charts, see Statistical Charts.

        Figure 5 Traffic bar chart
    • Visualize logs in dashboards. The dashboard is a real-time data visualization tool provided by LTS.
      1. After an enterprise router flow log is created, choose Dashboards > ER dashboard templates > Enterprise Router Flow Log Center on the LTS console.

        On the enterprise router dashboard details page, wait for several minutes and view the flow log data. In this example, select the instance and the attachment to view flow log information. For more dashboard information, see ER Dashboard Template.

        Figure 6 Enterprise router flow log dashboard
Parent topic: Flow Logs