Updated on 2023-06-26 GMT+08:00

IP Address Group Overview

IP Address Group Overview

An IP address group is a collection of IP addresses. It can be associated with security groups and network ACLs to simplify IP address configuration and management.

You can add IP address ranges and IP addresses that need to be managed in a unified manner to an IP address group. An IP address group can work together with different cloud resources. Table 1 lists the resources that can be associated with an IP address group.
Table 1 Resources that can be associated with an IP address group

Resource

Description

Example

Security group

The Source or Destination of a security group rule can be set to IP address group.

As shown in Figure 1, the inbound rule of security group sg-A uses IP address group ipGroup-A as the source.

Network ACL

The Source or Destination of a network ACL is set to IP address group.

As shown in Figure 1, the inbound rule of network ACL fw-A uses IP address group ipGroup-A as the source.

Figure 1 Using IP address group

Notes and Constraints

  • Security group rules that are associated with an IP address group do not take effect for certain ECSs.
    • General computing (S1, C1, and C2 ECSs)
    • Memory-optimized (M1 ECSs)
    • High-performance computing (H1 ECSs)
    • Disk-intensive (D1 ECSs)
    • GPU-accelerated (G1 and G2 ECSs)
    • Large-memory (E1, E2, and ET2 ECSs)
  • If a network ACL rule uses an IP address group:
    • Either the source or the destination of an inbound rule can use the IP address group.
    • Either the source or the destination of an outbound rule can use the IP address group.

    For example, if the source of an inbound rule network ACL is set to an IP address group, the rule destination can only be an IP address.