- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- VPC and Subnet
- Route Table and Route
- Virtual IP Address
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing the Basic Information About a Network Interface
- Attaching a Network Interface to a Cloud Server
- Binding an EIP to a Network Interface
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing the Basic Information About a Supplementary Network Interface
- Binding or Unbinding an EIP to or from a Supplementary Network Interface
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Network Interface Configuration Examples
- Binding an EIP to the Extended Network Interface of an ECS to Enable Internet Access
-
Configuring Policy-based Routes for an ECS with Multiple Network Interfaces
- Overview
- Collecting ECS Network Information
- Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (CentOS)
- Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (Ubuntu)
- Configuring IPv4 and IPv6 Policy-based Routes for a Windows ECS with Multiple Network Interfaces
-
Elastic Network Interface
-
Access Control
- Access Control Overview
-
Security Group
- Security Group and Security Group Rule Overview
- Default Security Groups
- Security Group Examples
- Common ECS Ports
- Managing a Security Group
-
Managing Security Group Rules
- Adding a Security Group Rule
- Fast-Adding Security Group Rules
- Allowing Common Ports with a Few Clicks
- Modifying a Security Group Rule
- Replicating a Security Group Rule
- Enabling or Disabling One or More Security Group Rules
- Importing and Exporting Security Group Rules
- Deleting One or More Security Group Rules
- Querying Security Group Rule Changes
- Managing Instances Added to a Security Group
- Network ACL
- IP Address Group
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage
- Creating a VPC Peering Connection to Connect Two VPCs in the Same Account
- Creating a VPC Peering Connection to Connect Two VPCs in Different Accounts
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Sharing
-
Edge Gateway
- Edge Gateway Overview
- Buying an Edge Gateway
- Associating VPCs with or Disassociating VPCs from an Edge Gateway
- Managing Edge Gateways
- Managing the Tags of an Edge Gateway
- Creating an Edge Connection
- Binding or Unbinding a Global Connection Bandwidth to and from an Edge Connection
- Managing Edge Connections
- IPv4/IPv6 Dual-Stack Network
- VPC Flow Log
-
Traffic Mirroring
- Traffic Mirroring
- Mirror Filters
-
Mirror Sessions
- Creating a Mirror Session
- Enabling or Disabling a Mirror Session
- Associating Mirror Sources with a Mirror Session
- Disassociating Mirror Sources from a Mirror Session
- Changing the Mirror Filter for a Mirror Session
- Changing the Mirror Target of a Mirror Session
- Modifying the Basic Information About a Mirror Session
- Viewing the Details About a Mirror Session
- Deleting a Mirror Session
- Traffic Mirroring Example Scenarios
- Monitoring and Auditing
- Managing Quotas
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
-
API V3
- VPC
- Security Group
- Security Group Rule
- IP Address Group
-
Supplementary Network Interface
- Creating a Supplementary Network Interface
- Creating Supplementary Network Interfaces in Batches
- Querying Supplementary Network Interfaces
- Querying the Details of a Supplementary Network Interface
- Querying the Number of Supplementary Network Interfaces
- Updating a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Traffic Mirror Sessions
- Querying Traffic Mirror Sessions
- Querying Details About a Traffic Mirror Session
- Creating a Traffic Mirror Session
- Updating a Traffic Mirror Session
- Deleting a Traffic Mirror Session
- Disassociating a Traffic Mirror Source from a Traffic Mirror Session
- Associating a Traffic Mirror Source with a Traffic Mirror Session
- Traffic Mirror Filters
- Traffic Mirror Filter Rules
- Network ACL
- Network ACL Tag Management
- Port
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
- Application Examples
-
Permissions and Supported Actions
- Introduction
- VPC
- Subnet
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tag
- Subnet Tag
- VPC Flow Log
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- VPC (V3)
- Security Group (V3)
- Security Group Rule (V3)
- IP Address Group (V3)
- Supplementary Network Interface (V3)
- Mirror Session (V3)
- Mirror Filter (V3)
- Mirror Filter Rule (V3)
- Network ACL (V3)
- Network ACL Tag (V3)
- Port (V3)
- Precautions for API Permissions
- FAQs
- Out-of-Date APIs
- Appendix
- SDK Reference
-
FAQs
-
Billing and Payments
- Will I Be Billed for Using the VPC Service?
- Why Is My VPC Still Being Billed After It Was Deleted?
- How Do I View My VPC Bills?
- How Is an EIP Charged?
- How Do I Change My EIP Billing Mode Between Pay-per-Use and Yearly/Monthly?
- How Do I Change the Billing Option of a Pay-per-Use EIP Between By Bandwidth and By Traffic?
-
VPCs and Subnets
- What Is Virtual Private Cloud?
- Which CIDR Blocks Are Available for the VPC Service?
- How Many VPCs Can I Create?
- Can Subnets Communicate with Each Other?
- What Subnet CIDR Blocks Are Available?
- Can I Change the CIDR Block of a Subnet?
- How Many Subnets Can I Create?
- How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?
- How Can I Make a Domain Name in a Subnet Take Effect Immediately After Being Changed?
- Why Can't I Delete My VPCs and Subnets?
- Can I Change the VPC of an ECS?
- Why Is the ECS IP Address Released After the System Time Is Changed?
- How Do I Change the DNS Server Address of an ECS?
-
EIPs
- How Do I Assign or Retrieve a Specific EIP?
- What Are the Differences Between EIPs, Private IP Addresses, and Virtual IP Addresses?
- Can I Change the Dedicated Bandwidth Used by an EIP to a Shared Bandwidth?
- How Many ECSs Can I Bind an EIP To?
- How Do I Access an ECS with an EIP Bound from the Internet?
- What Is the EIP Assignment Policy?
- Can I Bind an EIP of an ECS to Another ECS?
- Can I Buy a Specific EIP?
- How Do I Query the Region of My EIPs?
- How Can I Unbind an Existing EIP from an Instance and Bind Another EIP to the Instance?
- Can I Bind an EIP to a Cloud Resource in Another Region?
- Can I Change the Region of an EIP?
- VPC Peering Connections
- Virtual IP Addresses
-
Bandwidth
- What Are Inbound Bandwidth and Outbound Bandwidth?
- What Are the Differences Between Static BGP, Dynamic BGP, and Premium BGP?
- How Do I Know If My EIP Bandwidth Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?
- How Many EIPs Can I Add to Each Shared Bandwidth?
- Can I Increase a Yearly/Monthly Bandwidth and Decrease It Later?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Cannot I Access Public Websites Through Domain Names or Access Internal Domain Names on the Cloud When My ECS Has Multiple Network Interfaces?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Are There Intermittent Interruptions When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't My ECS Use Cloud-init?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Is My ECS Unable to Communicate at a Layer 2 or Layer 3 Network?
- How Do I Handle a BMS Network Failure?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle a VPN or Direct Connect Connection Network Failure?
- Why Can My Server Be Accessed from the Internet But Cannot Access the Internet?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
- Why Does My ECS Fail to Communicate with Other After It Has Firewall Installed?
- Routing
-
Security
- Does a New Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Why Is Outbound Access on TCP Port 25 Blocked?
- How Do I Know the Instances Associated with a Security Group?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Why Are Some Ports of ECSs Inaccessible?
- Why Is Access from a Specific IP Address Still Allowed After a Network ACL Rule That Denies the Access from the IP Address Has Been Added?
- Why Are My Security Group Rules Not Working?
-
Billing and Payments
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing Basic Information About a Network Interface
- Attaching a Network Interface to an Instance
- Binding a Network Interface to an EIP
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing Basic Information About a Supplementary Network Interface
- Binding or Unbinding a Supplementary Network Interface to or from an EIP
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Elastic Network Interface
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Monitoring
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
-
Routing
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
- Security
- Change History
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- VPC APIs (V1/V2)
-
VPC APIs (V3)
- VPC
- Security Group
- Security Group Rule
- IP Address Group
-
Supplementary Network Interface
- Creating a Supplementary Network Interface
- Creating Supplementary Network Interfaces in Batches
- Querying Supplementary Network Interfaces
- Querying the Details of a Supplementary Network Interface
- Querying the Number of Supplementary Network Interfaces
- Updating a Supplementary Network Interface
- Deleting a Supplementary Network Interface
- Network ACL
- Network ACL Tag Management
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions and Supported Actions
- Introduction
- VPC
- Subnet
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tag
- Subnet Tag
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- VPC (V3)
- Security Group (V3)
- Security Group Rule (V3)
- IP Address Group (V3)
- Supplementary Network Interface (V3)
- Network ACL (V3)
- Network ACL Tag (V3)
- Precautions for API Permissions
- Out-of-Date APIs
- Appendix
- Change History
-
User Guide (Paris Regions)
- Service Overview
- Getting Started
- VPC and Subnet
-
Access Control
- Differences Between Security Groups and Network ACLs
- Security Group
- Network ACL
- Elastic IP
- Shared Bandwidth
- Route Tables
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
- Interconnecting with CTS
- Monitoring
-
FAQ
- General Questions
- Billing and Payments
- VPCs and Subnets
-
EIPs
- What Are the Differences Between EIP, Private IP Address, and Virtual IP Address?
- How Do I Access the Internet Using an EIP Bound to an Extension NIC?
- What Are the Differences Between the Primary and Extension NICs of ECSs?
- Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
- Can I Bind an EIP to Multiple ECSs?
- How Do I Access an ECS with an EIP Bound from the Internet?
- Can I Bind an EIP of an ECS to Another ECS?
- How Do I Unbind an EIP from an Instance and Bind a New EIP to the Instance?
- Can I Bind an EIP to a Cloud Resource in Another Region?
- Can I Change the Region of My EIP?
- VPC Peering Connections
- Virtual IP Addresses
-
Bandwidth
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- What Is the Bandwidth Size Range?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Are There Intermittent Interruptions When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't My ECS Use Cloud-init?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle a VPN or Direct Connect Connection Network Failure?
- Why Can My Server Be Accessed from the Internet But Cannot Access the Internet?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
- Why Does My ECS Fail to Communicate with Other After It Has Firewall Installed?
-
Routing
- How Do I Configure Policy-Based Routes for an ECS with Multiple NICs?
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
-
Security
- Are the Security Group Rules Considered the Same If All Parameters Except Their Description Are the Same?
- How Do I Know the Instances Associated with a Security Group?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Does a Modified Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict?
- Why Is Access from a Specific IP Address Still Allowed After a Network ACL Rule That Denies the Access from the IP Address Has Been Added?
- Why Do My Security Group Rules Not Take Effect?
- Change History
-
API Reference (Paris Regions)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs
- Virtual Private Cloud
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- Quota
- Private IP Address
- Security Group
- VPC Peering Connection
- VPC Route
- Route Table
- VPC Tag Management
- Subnet Tag Management
- EIP Tag Management
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Binding an ECS to a Virtual IP Address
- Accessing a Virtual IP Address Using an EIP
- Using a VPN to Access the Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
- API V3
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
- Floating IP Address
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
- Application Examples
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- EIP V3
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- VPC Flow Log
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Floating IP Address (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
- Virtual IP Address
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Interconnecting with CTS
- Monitoring
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
- Connectivity
-
Routing
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
- Security
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- Port
- VPC Peering Connection
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tags
- Subnet Tags
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Out-of-Date APIs
- Appendix
- Change History
-
User Guide (Ankara Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing Basic Information About a Network Interface
- Attaching a Network Interface to an Instance
- Binding a Network Interface to an EIP
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing Basic Information About a Supplementary Network Interface
- Binding or Unbinding a Supplementary Network Interface to or from an EIP
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Elastic Network Interface
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Monitoring
- Permissions Management
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
- Connectivity
- Routing
-
Security
- Does a Modified Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict?
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs
- API V3
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
- Floating IP Address
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- Introduction
- VPC
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- EIP V3
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Floating IP Address (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Creating a VPC and Subnet
Scenarios
Virtual Private Cloud (VPC) allows you to provision logically isolated virtual private networks for cloud resources, such as cloud servers, containers, and databases.
You can create a VPC, specify a CIDR block, and create one or more subnets for the VPC. A VPC comes with a default route table that enables subnets in the VPC to communicate with each other.
Procedure
- Go to the Create VPC page.
- On the Create VPC page, set parameters for the VPC and subnets as prompted.
You can click
to create more subnets. A maximum of three subnets can be created at a time.
Figure 1 Creating a VPC and subnetTable 1 VPC parameter descriptions Parameter
Description
Example Value
Region
The region where the VPC belongs. Select the region nearest to you to ensure the lowest latency possible.
CN-Hong Kong
Name
The VPC name. The name:- Can contain 1 to 64 characters.
- Can contain letters, digits, underscores (_), hyphens (-), and periods (.).
vpc-test
IPv4 CIDR Block
The IPv4 CIDR block of the VPC. Consider the following when specifying a CIDR block:- Number of IP addresses: Reserve sufficient IP addresses for subsequent business growth.
- IP address ranges: Avoid IP address conflicts if you need to connect a VPC to an on-premises data center or connect two VPCs.
When you create a VPC, we recommend that you use the private IPv4 address ranges specified in RFC 1918 as the CIDR block:- 10.0.0.0/8-24: The IP address ranges from 10.0.0.0 to 10.255.255.255, and the mask ranges from 8 to 24.
- 172.16.0.0/12-24: The IP address ranges from 172.16.0.0 to 172.31.255.255, and the mask ranges from 12 to 24.
- 192.168.0.0/16-24: The IP address ranges from 192.168.0.0 to 192.168.255.255, and the mask ranges from 16 to 24.
In addition to the preceding addresses, you can create a VPC with a publicly routable CIDR block that falls outside of the private IPv4 address ranges specified in RFC 1918. However, the following system and public reserved addresses must be excluded:- Reserved system CIDR blocks
- 100.64.0.0/10
- 214.0.0.0/7
- 198.18.0.0/15
- 169.254.0.0/16
- Reserved public CIDR blocks
- 0.0.0.0/8
- 127.0.0.0/8
- 240.0.0.0/4
- 255.255.255.255/32
For details about VPC planning, see VPC and Subnet Planning.
10.0.0.0/8
Enterprise Project
The enterprise project to which the VPC belongs.
An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is default.
For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
default
Advanced Settings (Optional) > Tag
The VPC tag. Click
to expand the configuration area and set this parameter.
Add tags to help you quickly identify, classify, and search for your VPCs.
For details, see Managing VPC Tags.
NOTE:
If your organization has configured tag policies for VPCs, you need to add tags to your VPCs based on the policies. If you add a tag that does not comply with the tag policies, VPCs may fail to be created. Contact your administrator to learn more about tag policies.
- Key: vpc_key1
- Value: vpc-01
Advanced Settings (Optional) > Description
Supplementary information about the VPC. Click
to expand the configuration area and set this parameter.
Enter the description about the VPC in the text box as required.
The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
N/A
Table 2 Subnet parameter descriptions Parameter
Description
Example Value
Subnet Name
The subnet name. The name:- Can contain 1 to 64 characters.
- Can contain letters, digits, underscores (_), hyphens (-), and periods (.).
subnet-01
AZ
An AZ is a geographic location with independent power supply and network facilities in a region. AZs are physically isolated, and AZs in the same VPC are interconnected through an internal network.
Each region contains multiple AZs. If one AZ is unavailable, other AZs in the same region continue to provide services.
If Edge is displayed, select an edge AZ based on your service requirements. If Edge is not displayed, you do not need to set the subnet AZ, which does not affect your service running.
- By default, all instances in different subnets of the same VPC can communicate with each other and the subnets can be in different AZs. For example, if you have a VPC with two subnets, A01 in AZ 1 and A02 in AZ 2. Subnet A01 and A02 can communicate with each other by default.
- A cloud resource and its subnet can be in different AZs. For example, a cloud server in AZ 1 can use a subnet in AZ 3. If AZ 3 becomes faulty, cloud servers in AZ 1 can still use the subnet in AZ 3, and your services are not interrupted.
- Select Central if you want to provision cloud resources on the cloud and run your workloads on the cloud.
- Select Edge if you want to provision cloud resources to an edge site and run workloads at the edge site. For details about edge sites, see CloudPond.
For details, see Region and AZ.
You can select an AZ for a subnet only in certain regions. See the available regions on the management console.
AZ1
CIDR Block
The CIDR block of the subnet. This parameter is displayed only in regions where IPv4/IPv6 dual stack is not supported.
Set the IPv4 CIDR block of the subnet. For details, see section "IPv4 CIDR Block".
10.0.0.0/24
IPv4 CIDR Block
The IPv4 CIDR block of the subnet. This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.
A subnet is a unique CIDR block with a range of IP addresses in a VPC. Comply with the following principles when planning subnets:
- Planning CIDR block size: After a subnet is created, the CIDR block cannot be changed. You need to properly plan the CIDR block in advance based on the number of IP addresses required by your service.
- The subnet CIDR block size cannot be too small. Ensure that the number of available IP addresses in the subnet meets service requirements. Remember that the first and last three addresses in a subnet CIDR block are reserved for system use. For example, in subnet 10.0.0.0/24, 10.0.0.1 is the gateway address, 10.0.0.253 is the system interface address, 10.0.0.254 is used by DHCP, and 10.0.0.255 is the broadcast address.
- The subnet CIDR block cannot be too large, either. If you use a CIDR block that is too large, you may not have enough CIDR blocks available for new subnets, which can be a problem when you want to scale out services.
- Avoiding subnet CIDR block conflicts: Avoid CIDR block conflicts if you need to connect two VPCs or connect a VPC to an on-premises data center.
If the subnet CIDR blocks at both ends of the network conflict, create a subnet.
A subnet mask can be between the netmask of its VPC CIDR block and /28 netmask. If a VPC CIDR block is 10.0.0.0/16, its subnet mask can between 16 to 28.
For details about subnet planning, see VPC and Subnet Planning.
10.0.0.0/24
IPv6 CIDR Block (Optional)
The IPv6 CIDR block of the subnet. This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.
After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created.
For details, see IPv4 and IPv6 Dual-Stack Network.
-
Associated Route Table
The default route table with which the subnet will be associated. A route table contains a set of routes that are used to control the traffic routing for your subnets in a VPC. Each VPC comes with a default route table that will be automatically associated with subnets. This allows subnets in a VPC to communicate with each other.
If the default route table cannot meet your requirements, you can create a custom route table and associate subnets with it. Then, the default route table controls inbound traffic to the subnets, while the custom route table controls outbound traffic from the subnets. For details, see Creating a Custom Route Table.
-
Advanced Settings (Optional) > Gateway
The gateway address of the subnet. Click
to expand the configuration area and set this parameter.
Retain the default value unless there are special requirements.
10.0.0.1
Advanced Settings (Optional) > DNS Server Address
The DNS server addresses. Click
to expand the configuration area and set this parameter.
Huawei Cloud private DNS server addresses are entered by default. This allows ECSs in a VPC to communicate with each other and also access other cloud services using private domain names without exposing their IP addresses to the Internet.
You can change the default DNS server addresses if needed. This may interrupt your access to cloud services.
You can also click Reset on the right to restore the DNS server addresses to the default value.
A maximum of two DNS server IP addresses can be configured. Multiple IP addresses must be separated using commas (,).
100.125.x.x
Advanced Settings (Optional) > Domain Name
The domain name. Click
to expand the configuration area and set this parameter.
Enter domain names (), separated with spaces. A maximum of 254 characters are allowed. A domain name can consist of multiple labels (max. 63 characters each).
To access a domain name, you only need to enter the domain name prefix. ECSs in the subnet automatically match the configured domain name suffix.
If the domain names are changed, ECSs newly added to this subnet will use the new domain names.
If an existing ECS in this subnet needs to use the new domain names, restart the ECS or run a command to restart the DHCP Client service or network service.
NOTE:
The command for updating the DHCP configuration depends on the ECS OS. The following commands are for your reference.- Restart the DHCP Client service: service dhcpd restart
- Restart the network service: service network restart
test.com
Advanced Settings (Optional) > IPv4 DHCP Lease Time
The period during which a client can use an IP address automatically assigned by the DHCP server. Click
to expand the configuration area and set this parameter.
This parameter is displayed only in regions where IPv4/IPv6 dual stack is not supported.
The period during which a client can use an IP address automatically assigned by the DHCP server. After the lease time expires, a new IP address will be assigned to the client.- Limited: Set the DHCP lease time. The unit can be day or hour.
- Unlimited: The DHCP lease time does not expire.
After you change the DHCP lease time on the console, the change is applied automatically when the DHCP lease of an instance (such as ECS) is renewed. You can wait for the system to renew the lease or manually renew the lease. Renewing lease will not change the IP address used by the instance. If you want the new lease time to take effect immediately, manually renew the lease or restart the ECS.
For details, see How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?
-
Advanced Settings > IPv4 DHCP Lease Time
The period during which a client can use an IPv4 address automatically assigned by the DHCP server. Click
to expand the configuration area and set this parameter.
This parameter is displayed only in regions where IPv4/IPv6 dual stack is supported.
You can set the DHCP lease time of an IPv4 address.
The period during which a client can use an IP address automatically assigned by the DHCP server. After the lease time expires, a new IP address will be assigned to the client.- Limited: Set the DHCP lease time. The unit can be day or hour.
- Unlimited: The DHCP lease time does not expire.
If the time period is changed, the new lease time takes effect when the instance (such as an ECS) in the subnet is renewed next time. You can wait for the instance to be renewed automatically or manually modify the lease time. If you want the new lease time to take effect immediately, manually renew the lease or restart the ECS.
For details, see How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?
-
Advanced Settings > IPv6 DHCP Lease Time
The period during which a client can use an IPv6 address automatically assigned by the DHCP server. Click
to expand the configuration area and set this parameter.
This parameter is displayed in the region where the IPv4/IPv6 dual stack is supported and when IPv6 is enabled.
You can set the DHCP lease time of an IPv6 address in the same way as how you do with an IPv4 address.
-
Advanced Settings (Optional) > NTP Server Address
The IP address of the NTP server. Click
to expand the configuration area and set this parameter.
If you want to add NTP server addresses for a subnet, you can specify NTP Server Address. The IP addresses are added in addition to the default NTP server addresses.
- If you add or change the NTP server addresses of a subnet, you need to renew the DHCP lease for or restart all the ECSs in the subnet to make the change take effect immediately.
- If the NTP server addresses have been cleared out, restarting the ECSs will not help. You must renew the DHCP lease for all ECSs to make the change take effect immediately.
192.168.2.1
Advanced Settings (Optional) > Tag
The subnet tag. Click
to expand the configuration area and set this parameter.
Add tags to help you quickly identify, classify, and search for your subnets.
For details, see Managing Subnet Tags.
NOTE:
If you have configured tag policies for subnets, you need to add tags to your subnets based on the tag policies. If you add a tag that does not comply with the tag policies, subnets may fail to be created. Contact the administrator to learn more about tag policies.
- Key: subnet_key1
- Value: subnet-01
Advanced Settings (Optional) > Description
Supplementary information about the subnet. Click
to expand the configuration area and set this parameter.
Enter the description about the subnet in the text box as required.
The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
N/A
- Click Create Now.
Return to the VPC list and view the new VPC.
Follow-up Operations
After the VPC and subnets are created, you need to create other cloud resources in the subnets. For details, see Setting Up an IPv4/IPv6 Dual-Stack Network In a VPC and Setting Up an IPv4/IPv6 Dual-Stack Network In a VPC.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot